Jump to content

Windows Defender Wont Turn on + Slow Performance


Recommended Posts

Hi all,

Im having trouble with my computer, it looks like there is some hidden process running in the background causing my GPU to render my graphics at a lower rate. I cant seem to find the malware that has infected my computer. Help would be greatly appreciated. Thanks in advance.!

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malware Removal for Windows Help forum. Being infected is not fun and can be very frustrating to resolve, but don't worry because we have a team of experts here help you!!

Note: Please be patient. When the site is busy it can take up to 48 hours before a malware removal helper can assist you. If no one has replied to your new topic after 48 hours please contact an Administrator to let them know.

First, if you haven't done so, please run a Threat Scan with the latest version of Malwarebytes. This may resolve your malware infection issue without the need for additional support. Click "Reveal Hidden Contents" below for details:

Spoiler

Malwarebytes can detect and remove most malware with no further actions required for free.

If you do not have Malwarebytes, please download it here and install. Be sure to post back the log as shown below.

  1. Open Malwarebytes for Windows
  2. To the left, click Scan > Scan Types.

    auto-reply-scan-types2.jpg.86e24e955a95d
     
  3. Select Threat Scan. Threat Scan is the most thorough and recommended scan method available.

    auto-reply-scan-types1.jpg.f4eee0e0c9375
     
  4. Click Start Scan
     

Next, if you're still experiencing issues after running Malwarebytes, then technical logs will be required to assist you. Click "Reveal Hidden Contents" below and follow the instructions to run the Farbar Recovery Scan Tool:

Spoiler

Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult.

Please download the Farbar Recovery Scan Tool here and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  1. Double-click to run it. When the tool opens click Yes to the disclaimer.
  2. Press the Scan button.

    _frst_scan.jpg.d79beccbb6e66628e557f6c28
     
  3. It will make a log (FRST.txt) in the same directory the tool is run. Please attach or copy and paste it to your reply.
  4. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually.
     

Finally, attach the Malwarebytes Threat Scan, FRST.txt and Additional.txt logs to your reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:   notify me.jpeg
 

Click "Reveal Hidden Contents" below for details on how to add attachments to your post.
Note: If you are unable to attach files, please copy and past the contents of the requested files in your Reply instead. 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

Please Note the Following:

  • One of our expert helpers will give you one-on-one assistance when one becomes available.
  • Refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  • Do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help
  • If you're using Peer 2 Peer software such as uTorrent or similar, please completely disable it from running while being assisted here.

Troubleshooting Tips

 

 

Link to post
Share on other sites

Hello 2Seconds2 and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

Hi Kevin,

Thanks for the quick reply.

Here is my Malwarebytes log weird that there is more stuff that it found even though i ran it yesterday; maybe it was out of date :

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/12/18
Scan Time: 8:33 PM
Log File: 64d26d0c-6ea1-11e8-a397-00ffdb3b5879.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5458
License: Trial

-System Information-
OS: Windows 10 (Build 16299.431)
CPU: x64
File System: NTFS
User: MJZ-PC\MJZ

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 532379
Threats Detected: 47
Threats Quarantined: 47
Time Elapsed: 6 min, 17 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\PepperFlash, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\USERS\MJZ\APPDATA\LOCAL\WMCAGENT, Delete-on-Reboot, [2660], [521697],1.0.5458

File: 45
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\PepperFlash\pepflashplayer.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\ucrtbase.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\vcruntime140.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\d3dcompiler_43.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\d3dcompiler_47.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-file-l1-2-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-file-l2-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-handle-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-heap-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-interlocked-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-libraryloader-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-localization-l1-2-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-memory-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-namedpipe-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-processenvironment-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-processthreads-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-processthreads-l1-1-1.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-rtlsupport-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-string-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-synch-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-synch-l1-2-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-sysinfo-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-timezone-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-util-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-conio-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-convert-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-environment-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-filesystem-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-heap-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-locale-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-math-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-multibyte-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-private-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-process-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-runtime-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-stdio-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-string-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-time-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-utility-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-file-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-profile-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-console-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-datetime-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-debug-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458
Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-errorhandling-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Heres the FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by MJZ (administrator) on MJZ-PC (12-06-2018 20:42:22)
Running from C:\Users\MJZ\Downloads
Loaded Profiles: MJZ (Available Profiles: MJZ & OVRLibraryService & DefaultAppPool)
Platform: Windows 10 Pro Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\wembskcsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Oculus VR) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(f.lux Software LLC) C:\Users\MJZ\AppData\Local\FluxSoftware\Flux\flux.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Pushbullet Inc) C:\Users\MJZ\AppData\Local\Pushbullet\bin\pushbullet_client.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Pushbullet Inc) C:\Users\MJZ\AppData\Local\Temp\pushbullet_watchdog.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
() C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\GROOVE.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Corsair Components, Inc.) C:\Program Files (x86)\corsair\Corsair Utility Engine\CorsairHID.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\MJZ\AppData\Local\cwshvdx\cwshvdx.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
() C:\Users\MJZ\AppData\Local\containersvc\containersvc.exe
() C:\Users\MJZ\AppData\Local\containersvc\fonthtsrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Piotr Pawlowski) C:\Users\MJZ\Desktop\Music Production\foobar2000\foobar2000.exe
() C:\Users\MJZ\AppData\Local\cwshvdx\upebsvh.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\MJZ\AppData\Local\cwshvdx\upebsvh.exe
() C:\Users\MJZ\AppData\Local\cwshvdx\upebsvh.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8466648 2015-05-15] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14862456 2015-09-01] (Logitech Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-06-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455304 2016-10-01] (Power Software Ltd)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2306984 2017-04-11] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [f.lux] => C:\Users\MJZ\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [64000 2014-12-21] (Pushbullet inc)
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-07-06] (Unified Intents AB)
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [Google Update] => C:\Users\MJZ\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-16] (Google Inc.)
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [Amazon Drive] => C:\Users\MJZ\AppData\Local\Amazon Drive\AmazonDrive.exe [4912304 2017-09-14] (Amazon.com Inc.)
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [28169400 2018-05-15] (Microsoft Corporation)
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15893992 2017-11-14] (Plex, Inc.)
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [SideSync] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [12476064 2018-03-07] ()
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\MountPoints2: D - "D:\setup.exe"
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15893992 2017-11-14] (Plex, Inc.)
Startup: C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2018-05-12]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-12-03]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0584413c-2354-4d6d-9f26-bcc8372c8927}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0584413c-2354-4d6d-9f26-bcc8372c8927}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{246ed59b-a0a0-435d-9160-2e58544c5e4b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{256feff6-40f2-46db-bc37-af21ab7b1a75}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{256feff6-40f2-46db-bc37-af21ab7b1a75}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{26d6530b-033b-48a3-a270-7dfaab5fbe0e}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2a58f74a-b345-4c45-ba20-775852645017}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{aaee4c3b-4576-416c-85d4-15d0a28e5682}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{aecb120e-ba1c-47e4-97b9-7e12866d8a37}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b9c2b931-e70c-4530-91a0-b88197d47e71}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{db3b5879-7c8e-4005-b08f-cbd425ece60d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ee0d1704-33f5-41d2-90f2-b2ea435601ea}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{efbf406b-ecd3-4fd0-ad7c-9debdaa771ac}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f05feab6-74ba-4588-99bc-6cfa3c030043}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f76183c5-b42b-11e7-8e9f-806e6f6e6963}: [NameServer] 8.8.8.8

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-05-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-25] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-25] (Oracle Corporation)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2018-05-22] (EJIE Technology)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-25] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-25] (Oracle Corporation)
BHO-x32: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper32.dll [2018-05-22] (EJIE Technology)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: zvd455ud.default-1450755284798-1528730058691
FF ProfilePath: C:\Users\MJZ\AppData\Roaming\Mozilla\Firefox\Profiles\zvd455ud.default-1450755284798-1528730058691 [2018-06-12]
FF Homepage: Mozilla\Firefox\Profiles\zvd455ud.default-1450755284798-1528730058691 -> hxxps://duckduckgo.com/
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\MJZ\AppData\Roaming\Mozilla\Firefox\Profiles\zvd455ud.default-1450755284798-1528730058691\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2018-06-11]
FF Extension: (LastPass: Free Password Manager) - C:\Users\MJZ\AppData\Roaming\Mozilla\Firefox\Profiles\zvd455ud.default-1450755284798-1528730058691\Extensions\support@lastpass.com.xpi [2018-06-11]
FF Extension: (uBlock Origin) - C:\Users\MJZ\AppData\Roaming\Mozilla\Firefox\Profiles\zvd455ud.default-1450755284798-1528730058691\Extensions\uBlock0@raymondhill.net.xpi [2018-06-11]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\MJZ\AppData\Roaming\Mozilla\Firefox\Profiles\zvd455ud.default-1450755284798-1528730058691\features\{bac0c2b4-ebdf-4b25-b757-a51076159eaa}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-11] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-08] ()
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-25] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> G:\SanDiskSecureAccessV2.0\nplastpass64.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-08] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-25] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> G:\SanDiskSecureAccessV2.0\nplastpass64.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-06-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-06-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2017-07-29] ()
FF Plugin HKU\S-1-5-21-517441185-2000574432-2814188571-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\MJZ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-517441185-2000574432-2814188571-1000: @talk.google.com/O1DPlugin -> C:\Users\MJZ\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-517441185-2000574432-2814188571-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MJZ\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-517441185-2000574432-2814188571-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MJZ\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-517441185-2000574432-2814188571-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [No File]
FF Plugin HKU\S-1-5-21-517441185-2000574432-2814188571-1000: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\MJZ\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\MJZ\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-517441185-2000574432-2814188571-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\estvrom <==== ATTENTION (Rootkit!)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6877224 2018-06-11] ()
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe [71000 2018-03-06] (Google Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-03] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-06-04] (Dropbox, Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5278064 2014-09-10] (Binary Fortress Software)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-05-26] (EasyAntiCheat Ltd)
R2 HCloverService; C:\Program Files (x86)\Clover\CloverSvc.dll [735592 2018-05-22] ()
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2018-01-10] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-01] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [111568 2017-04-05] (MSI)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
S3 Origin Client Service; C:\ProgramData\Origin\OriginClientService.exe [2122248 2016-09-03] (Electronic Arts)
S3 OVRLibraryService; C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe [135536 2018-02-01] (Oculus VR, LLC) [File not signed]
R2 OVRService; C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [477552 2018-02-01] (Oculus VR) [File not signed]
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2100200 2017-11-14] (Plex, Inc.)
R2 RemoteServerWin; C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-07-06] (Unified Intents AB)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [331144 2017-04-11] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-04-26] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-04-26] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [442472 2017-11-13] (Windscribe Limited)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-10-20] (Intel(R) Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S4 ESLoadService; "C:\Program Files (x86)\EaseUS\EaseUS MobiMover\bin\ESLoadService.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S4 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2016-12-26] ()
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [38320 2016-12-26] ()
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2011-10-07] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2011-10-07] ()
S3 CMUACWO; C:\WINDOWS\system32\DRIVERS\CMUACWO.sys [574464 2014-04-17] (C-Media Inc.)
R3 CORK70; C:\WINDOWS\system32\drivers\CORK70.sys [25600 2012-10-31] ( )
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
R1 epp; C:\EEK\bin64\epp.sys [142448 2018-06-11] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2018-01-10] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-06-12] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-06-12] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-06-12] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-12] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-06-12] (Malwarebytes)
S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8742976 2018-03-22] (Intel Corporation)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [14288 2017-03-29] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_040c7acb04cee565\nvlddmkm.sys [17195272 2018-06-01] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31200 2018-05-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [68112 2018-04-27] (NVIDIA Corporation)
R3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32856 2018-03-07] (Facebook Inc.)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [898296 2016-01-13] (Realtek )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] ()
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
S4 SMR521; C:\WINDOWS\System32\drivers\SMR521.SYS [119888 2018-05-21] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [43648 2017-01-16] (Samsung Electronics Co., Ltd.)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] ()
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
S3 usbaudio2; C:\WINDOWS\system32\DRIVERS\usbaudio2.sys [239616 2017-09-29] (Microsoft Corporation)
R3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [27064 2016-07-06] (Windows (R) Win 7 DDK provider)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [631200 2017-12-25] (IDRIX)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-04-26] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313888 2018-04-26] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-26] (Microsoft Corporation)
R1 Win10Pcap; C:\WINDOWS\system32\DRIVERS\Win10Pcap.sys [50304 2015-10-07] (Daiyuu Nobori, University of Tsukuba, Japan)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\WinRing0\WinRing0x64.sys [14536 2017-10-13] (OpenLibSys.org)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-06-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-06-11] (Zemana Ltd.)
R3 behlor; system32\drivers\hkoruy.sys [X]
S4 GPU-Z; \??\C:\Users\MJZ\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
S4 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S4 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S4 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-12 20:42 - 2018-06-12 20:42 - 000035484 _____ C:\Users\MJZ\Downloads\FRST.txt
2018-06-12 20:42 - 2018-06-12 20:42 - 000000000 ____D C:\FRST
2018-06-12 20:41 - 2018-06-12 20:41 - 002413056 _____ (Farbar) C:\Users\MJZ\Downloads\FRST64.exe
2018-06-12 20:41 - 2018-06-12 20:41 - 000007399 _____ C:\Users\MJZ\Desktop\Malwarebytes Report.txt
2018-06-12 20:32 - 2018-06-12 20:32 - 077609632 _____ (Malwarebytes ) C:\Users\MJZ\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5448.exe
2018-06-12 20:32 - 2018-06-12 20:32 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-06-12 20:32 - 2018-06-12 20:32 - 000112872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-06-12 20:32 - 2018-06-12 20:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-11 22:41 - 2018-06-11 22:41 - 002870984 _____ (ESET) C:\Users\MJZ\Downloads\esetsmartinstaller_enu.exe
2018-06-11 22:41 - 2018-06-11 22:41 - 000000000 ____D C:\Program Files (x86)\ESET
2018-06-11 22:36 - 2018-06-11 22:36 - 000000000 ____D C:\Users\MJZ\AppData\Local\psdxahe
2018-06-11 22:34 - 2018-06-11 22:34 - 000142672 ____N C:\WINDOWS\system32\Drivers\reiruxae.sys
2018-06-11 22:30 - 2018-06-12 20:42 - 002501493 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-06-11 22:30 - 2018-06-12 20:32 - 000496381 _____ C:\WINDOWS\ZAM.krnl.trace
2018-06-11 22:30 - 2018-06-11 22:30 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-06-11 22:30 - 2018-06-11 22:30 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-06-11 22:30 - 2018-06-11 22:30 - 000001217 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-06-11 22:30 - 2018-06-11 22:30 - 000000000 ____D C:\Users\MJZ\AppData\Local\Zemana
2018-06-11 22:30 - 2018-06-11 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-06-11 22:30 - 2018-06-11 22:30 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-06-11 22:29 - 2018-06-11 22:29 - 006625600 _____ (Zemana Ltd. ) C:\Users\MJZ\Downloads\Zemana.AntiMalware.Setup.exe
2018-06-11 22:22 - 2018-06-11 22:22 - 011609024 _____ (SurfRight B.V.) C:\Users\MJZ\Downloads\hitmanpro_x64(1).exe
2018-06-11 22:20 - 2018-06-11 22:20 - 083351952 _____ (R Core Team ) C:\Users\MJZ\Downloads\R-3.5.0-win.exe
2018-06-11 22:17 - 2018-06-11 22:19 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\RStudio
2018-06-11 22:17 - 2018-06-11 22:17 - 000000000 ____D C:\Users\MJZ\AppData\Local\RStudio-Desktop
2018-06-11 22:16 - 2018-06-11 22:16 - 000000000 ____D C:\Users\MJZ\AppData\Local\timncdr
2018-06-11 21:56 - 2018-06-11 21:56 - 000000000 ____D C:\Users\MJZ\AppData\Local\aungcip
2018-06-11 20:56 - 2018-06-11 20:56 - 000000000 ____D C:\Users\MJZ\AppData\Local\dtiolbs
2018-06-11 18:49 - 2018-06-11 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2018-06-11 18:49 - 2018-06-11 18:49 - 000000000 ____D C:\Program Files\RStudio
2018-06-11 18:48 - 2018-06-11 18:49 - 089992256 _____ (RStudio, Inc.) C:\Users\MJZ\Downloads\RStudio-1.1.453.exe
2018-06-11 17:30 - 2018-06-11 17:30 - 000002619 _____ C:\Users\Public\Desktop\PatchCleaner.lnk
2018-06-11 17:30 - 2018-06-11 17:30 - 000000000 ____D C:\Users\MJZ\AppData\Local\HomeDev
2018-06-11 17:30 - 2018-06-11 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeDev
2018-06-11 17:30 - 2018-06-11 17:30 - 000000000 ____D C:\Program Files (x86)\HomeDev
2018-06-11 17:29 - 2018-06-11 17:29 - 001317684 _____ (Igor Pavlov) C:\Users\MJZ\Downloads\PatchCleaner_1.4.2.0.exe
2018-06-11 17:19 - 2018-06-11 17:19 - 000001533 _____ C:\Users\MJZ\Downloads\iTunes64Setup.exe - Shortcut.lnk
2018-06-11 16:58 - 2018-06-11 16:58 - 003345464 _____ (Antibody Software ) C:\Users\MJZ\Downloads\wiztree_3_23_setup.exe
2018-06-11 16:58 - 2018-06-11 16:58 - 000000849 _____ C:\Users\MJZ\Desktop\WizTree.lnk
2018-06-11 16:58 - 2018-06-11 16:58 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\WizTree3
2018-06-11 16:58 - 2018-06-11 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WizTree
2018-06-11 16:58 - 2018-06-11 16:58 - 000000000 ____D C:\Program Files\WizTree
2018-06-11 12:30 - 2018-06-11 12:30 - 000000000 ____D C:\Users\MJZ\AppData\Local\siobnhm
2018-06-11 11:37 - 2018-06-11 12:14 - 000000000 ____D C:\EEK
2018-06-11 11:35 - 2018-06-11 11:36 - 338518048 _____ C:\Users\MJZ\Downloads\EmsisoftEmergencyKit.exe
2018-06-11 11:14 - 2018-06-11 11:14 - 000000000 ____D C:\Users\MJZ\Desktop\Old Firefox Data
2018-06-11 10:38 - 2018-06-11 10:38 - 000313560 _____ (Mozilla) C:\Users\MJZ\Downloads\Firefox Installer (1).exe
2018-06-11 10:38 - 2018-06-11 10:38 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-11 10:36 - 2018-06-11 10:36 - 000000000 ____D C:\Users\MJZ\AppData\Local\spclrut
2018-06-10 16:43 - 2018-06-10 16:43 - 031748923 _____ C:\Users\MJZ\Downloads\Spirit Island rulebook (from eProof).pdf
2018-06-10 13:23 - 2018-06-10 13:23 - 000000000 ____D C:\Users\MJZ\AppData\Local\spcuoiw
2018-06-10 13:12 - 2018-06-01 04:47 - 000132680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-06-10 13:10 - 2018-06-01 23:04 - 040346536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 035250624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 013727800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 011272944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 004349864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 003760392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 002014144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439811.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 001563224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 001468272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439811.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 001418664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 001216424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 001092360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 000750016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 000627056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 000608520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-06-10 13:10 - 2018-06-01 23:04 - 000518000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-06-10 13:10 - 2018-06-01 23:03 - 031278400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-06-10 13:10 - 2018-06-01 23:03 - 025991456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-06-10 13:10 - 2018-06-01 23:03 - 015195256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-06-10 13:10 - 2018-06-01 23:03 - 001356824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-06-10 13:10 - 2018-06-01 23:03 - 001347696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-06-10 13:10 - 2018-06-01 23:03 - 001069608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-06-10 13:10 - 2018-06-01 23:03 - 001063224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-06-10 13:10 - 2018-06-01 23:03 - 000904720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-06-10 13:10 - 2018-06-01 23:03 - 000814432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-06-10 13:10 - 2018-06-01 23:03 - 000652352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-06-10 13:10 - 2018-06-01 23:03 - 000634792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-06-10 12:26 - 2018-06-10 12:26 - 000000000 ____D C:\Users\MJZ\AppData\Local\tiklnpc
2018-06-10 00:06 - 2018-06-10 00:06 - 000000000 ____D C:\Users\MJZ\AppData\Local\mbbdrzg
2018-06-09 23:42 - 2018-06-09 23:42 - 000000000 ____D C:\Users\MJZ\AppData\Local\cohvnkl
2018-06-09 23:38 - 2018-06-09 23:38 - 000000000 ____D C:\Users\MJZ\AppData\Local\CrashReportClient
2018-06-09 21:47 - 2018-06-09 21:47 - 000000000 ____D C:\Users\MJZ\AppData\Local\mbrctwa
2018-06-09 02:09 - 2018-06-09 02:10 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\MJZ\Downloads\flashplayer30ppau_ha_install.exe
2018-06-09 02:09 - 2018-06-09 02:09 - 000000000 ____D C:\Users\MJZ\AppData\Local\conltbi
2018-06-08 20:08 - 2018-06-08 20:08 - 000000000 ____D C:\Users\MJZ\AppData\Local\containersvc
2018-06-08 20:05 - 2018-06-08 20:05 - 000000000 ____D C:\Users\MJZ\AppData\Local\tiiadzn
2018-06-07 20:42 - 2018-06-07 20:42 - 000000000 ____D C:\Users\MJZ\AppData\Local\msmwuze
2018-06-07 20:18 - 2018-06-07 20:18 - 000000000 ____D C:\Users\MJZ\AppData\Local\iahokxe
2018-06-07 20:15 - 2018-06-07 20:15 - 000019380 _____ C:\WINDOWS\system32\.crusader
2018-06-07 19:47 - 2018-06-11 22:24 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-06-07 19:46 - 2018-06-07 19:47 - 011609024 _____ (SurfRight B.V.) C:\Users\MJZ\Downloads\hitmanpro_x64.exe
2018-06-07 19:44 - 2018-06-07 19:44 - 000000000 ____D C:\Users\MJZ\AppData\Local\rtsuxbh
2018-06-07 19:41 - 2018-06-07 19:41 - 007372496 _____ (Malwarebytes) C:\Users\MJZ\Downloads\adwcleaner_7.2.0.exe
2018-06-07 19:40 - 2018-06-07 19:40 - 000000000 ____D C:\Users\MJZ\AppData\Local\nvaclxt
2018-06-06 23:44 - 2018-06-06 23:44 - 000000000 ____D C:\Users\MJZ\AppData\Local\mbilvkc
2018-06-06 16:30 - 2018-06-06 16:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-06-06 16:20 - 2018-06-06 16:20 - 000000000 ____D C:\Users\MJZ\AppData\Local\svnladw
2018-06-05 11:28 - 2018-06-05 11:28 - 000000000 ____D C:\Users\MJZ\AppData\Local\wmdkpvo
2018-06-04 06:18 - 2018-06-04 06:18 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-06-04 06:18 - 2018-06-04 06:18 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-06-04 06:18 - 2018-06-04 06:18 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-06-04 06:18 - 2018-06-04 06:18 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-06-02 11:40 - 2018-06-02 11:40 - 000000000 ____D C:\Users\MJZ\AppData\Local\sihkanc
2018-06-02 10:20 - 2018-06-02 10:20 - 000000000 ____D C:\Users\MJZ\AppData\Local\cwmnzkp
2018-06-01 14:00 - 2018-06-01 14:00 - 000000000 ____D C:\Users\MJZ\AppData\Local\dwealgb
2018-05-31 12:18 - 2018-05-31 12:18 - 000888999 _____ C:\Users\MJZ\Downloads\FloorPlan_SinglePage-english.v1-170330.pdf
2018-05-30 13:25 - 2018-06-10 13:12 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-30 13:24 - 2018-06-01 23:03 - 017784624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-05-30 13:24 - 2018-06-01 23:03 - 004125056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-05-30 13:24 - 2018-06-01 23:03 - 001157216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-05-30 13:24 - 2018-05-23 14:21 - 002013784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439793.dll
2018-05-30 13:24 - 2018-05-23 14:21 - 001467808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439793.dll
2018-05-30 13:24 - 2018-05-22 18:00 - 000047648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-05-30 12:54 - 2018-05-30 12:54 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-30 12:54 - 2018-05-30 12:54 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-30 12:54 - 2018-05-30 12:54 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-30 12:54 - 2018-05-30 12:54 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-30 12:54 - 2018-05-30 12:54 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-30 12:54 - 2018-05-20 13:36 - 002496480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-05-30 12:54 - 2018-05-20 13:36 - 002164192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-05-30 12:54 - 2018-05-20 13:36 - 001312224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-05-29 10:53 - 2018-05-29 10:53 - 000000000 ____D C:\Users\MJZ\AppData\Local\usekdpx
2018-05-28 10:53 - 2018-05-28 10:53 - 000000000 ____D C:\Users\MJZ\AppData\Local\excnipg
2018-05-27 23:15 - 2018-05-27 23:15 - 000000000 ____D C:\Users\MJZ\AppData\Local\cokradz
2018-05-27 12:03 - 2018-05-27 12:03 - 000000000 ____D C:\Users\MJZ\AppData\Local\siahlcz
2018-05-26 14:30 - 2018-05-26 14:30 - 000000000 ____D C:\Users\MJZ\AppData\Local\cgkuwzr
2018-05-26 13:44 - 2018-05-26 13:44 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-05-26 13:44 - 2018-05-25 13:42 - 000000228 ___SH C:\Users\Public\Libraries.ini
2018-05-26 13:40 - 2018-05-26 13:40 - 000000000 ____D C:\Users\MJZ\AppData\Local\FortniteGame
2018-05-26 13:40 - 2018-05-26 13:40 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-05-26 13:14 - 2018-05-26 13:14 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-05-26 13:14 - 2018-05-26 13:14 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2018-05-26 13:14 - 2018-05-26 13:14 - 000000000 ____D C:\Users\MJZ\AppData\Local\UnrealEngineLauncher
2018-05-26 13:14 - 2018-05-26 13:14 - 000000000 ____D C:\Users\MJZ\AppData\Local\EpicGamesLauncher
2018-05-26 13:14 - 2018-05-26 13:14 - 000000000 ____D C:\ProgramData\Epic
2018-05-26 13:14 - 2018-05-26 13:14 - 000000000 ____D C:\Program Files (x86)\Epic Games
2018-05-26 13:13 - 2018-05-26 13:13 - 032362496 _____ C:\Users\MJZ\Downloads\EpicInstaller-7.9.2-fortnite-98bd4e1df43c42dfbd9f75c4e116a301.msi
2018-05-26 12:51 - 2018-05-26 12:51 - 000000000 ____D C:\Users\MJZ\AppData\Local\atkdehx
2018-05-25 09:54 - 2018-05-25 09:54 - 000000000 ____D C:\Users\MJZ\AppData\Local\vdknxbh
2018-05-25 01:16 - 2018-06-12 01:08 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\Plane9
2018-05-25 01:16 - 2018-05-25 01:16 - 027878152 _____ C:\Users\MJZ\Downloads\Plane9-2.5.1.3.exe
2018-05-25 01:16 - 2018-05-25 01:16 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plane9
2018-05-25 01:16 - 2018-05-25 01:16 - 000000000 ____D C:\Program Files (x86)\Plane9
2018-05-24 22:31 - 2018-05-24 22:31 - 031149296 _____ C:\Users\MJZ\Downloads\DAYTONA.zip
2018-05-24 11:00 - 2018-05-24 11:00 - 000000000 ____D C:\Users\MJZ\AppData\Local\sniraku
2018-05-23 20:47 - 2018-05-23 20:47 - 000000000 ____D C:\Users\MJZ\Documents\steamvr
2018-05-23 12:32 - 2018-05-23 12:32 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\Alteryx
2018-05-23 12:31 - 2018-05-23 12:31 - 000000000 __HDC C:\Users\MJZ\AppData\Local\{CC1BE488-E85D-4BE6-8792-19DCF2C2CD0B}
2018-05-23 12:30 - 2018-05-23 12:31 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R
2018-05-23 12:29 - 2018-05-23 12:33 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\SRC
2018-05-23 12:29 - 2018-05-23 12:33 - 000000000 ____D C:\ProgramData\SRC
2018-05-23 12:29 - 2018-05-23 12:33 - 000000000 ____D C:\ProgramData\Alteryx
2018-05-23 12:29 - 2018-05-23 12:29 - 000001188 _____ C:\Users\MJZ\Desktop\Alteryx Designer 2018.1 x64 (User).lnk
2018-05-23 12:29 - 2018-05-23 12:29 - 000000000 __HDC C:\Users\MJZ\AppData\Local\{379EA173-BAC8-4FCF-ACF9-3E1F4464D9A2}
2018-05-23 12:28 - 2018-05-23 12:43 - 000000000 ____D C:\Users\MJZ\AppData\Local\Alteryx
2018-05-23 12:28 - 2018-05-23 12:29 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alteryx 2018.1 (User)
2018-05-23 12:28 - 2018-05-23 12:28 - 000000000 ____D C:\Users\MJZ\AppData\Local\PackageAware
2018-05-23 10:49 - 2018-05-23 10:49 - 000000000 ____D C:\Users\MJZ\AppData\Local\reakhlt
2018-05-22 22:42 - 2018-05-22 22:42 - 000001390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tableau Public 2018.1.lnk
2018-05-22 22:42 - 2018-05-22 22:42 - 000001378 _____ C:\Users\Public\Desktop\Tableau Public 2018.1.lnk
2018-05-22 22:42 - 2018-05-22 22:42 - 000000000 ____D C:\Users\MJZ\.Tableau Public
2018-05-22 22:42 - 2018-05-22 22:42 - 000000000 ____D C:\Users\MJZ\.QtWebEngineProcess
2018-05-22 22:38 - 2018-05-22 22:38 - 000000000 ____D C:\Users\MJZ\AppData\Local\rthepas
2018-05-22 21:38 - 2018-06-11 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover
2018-05-22 19:47 - 2018-05-22 19:47 - 000000000 ____D C:\Users\MJZ\AppData\Local\uphlcdm
2018-05-22 19:43 - 2018-05-22 19:43 - 000214298 _____ C:\Users\MJZ\Downloads\winfilefolder.DiagCab
2018-05-22 19:41 - 2018-05-22 19:41 - 000182511 _____ C:\Users\MJZ\Downloads\The.Matrix.1999.2160p.BluRay.HEVC.TrueHD.7.1.Atmos-COASTER-[rarbg.to].torrent
2018-05-22 18:59 - 2018-05-22 18:59 - 000000000 ____D C:\Users\MJZ\AppData\Local\seruxdl
2018-05-22 00:19 - 2018-05-22 00:19 - 016219928 _____ C:\Users\MJZ\Downloads\ZeroNet-win-dist.zip
2018-05-21 22:56 - 2018-05-21 22:56 - 000000000 ____D C:\Users\MJZ\AppData\Local\wmhibgu
2018-05-21 22:27 - 2018-05-22 18:58 - 000000000 ____D C:\Users\MJZ\AppData\Local\NPE
2018-05-21 22:27 - 2018-05-21 22:54 - 000007582 _____ C:\WINDOWS\system32\Drivers\SMR521.dat
2018-05-21 22:27 - 2018-05-21 22:27 - 009497720 _____ (Symantec Corporation) C:\Users\MJZ\Downloads\NPE.exe
2018-05-21 22:27 - 2018-05-21 22:27 - 000119888 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR521.SYS
2018-05-21 22:27 - 2018-05-21 22:27 - 000000000 ____D C:\ProgramData\Norton
2018-05-21 22:23 - 2018-05-21 22:23 - 000000000 ____D C:\Users\MJZ\AppData\Local\aubvzgm
2018-05-21 22:21 - 2018-05-21 22:21 - 007271632 _____ (Malwarebytes) C:\Users\MJZ\Downloads\adwcleaner_7.1.1.exe
2018-05-21 00:40 - 2018-05-21 00:40 - 000000000 ____D C:\Users\MJZ\AppData\Local\scewvzo
2018-05-18 11:21 - 2018-05-04 05:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2018-05-18 11:19 - 2018-05-18 11:19 - 000000000 ____D C:\Users\MJZ\AppData\Local\aurbtzi
2018-05-17 11:31 - 2018-05-17 11:31 - 000000000 ____D C:\Users\MJZ\AppData\Local\vdsiapb
2018-05-17 00:30 - 2018-05-17 00:30 - 000000000 ____D C:\Users\MJZ\AppData\Local\avoplce
2018-05-16 23:57 - 2018-05-16 23:57 - 000000000 ____D C:\Users\MJZ\AppData\Local\schnzve
2018-05-16 22:31 - 2018-05-16 22:31 - 000000222 _____ C:\Users\MJZ\Desktop\Endless Space 2.url
2018-05-16 21:50 - 2018-05-16 21:50 - 016592322 _____ (The qBittorrent project) C:\Users\MJZ\Downloads\qbittorrent_4.1.0_setup.exe
2018-05-16 21:50 - 2018-05-16 21:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2018-05-16 12:20 - 2018-05-16 12:20 - 000000000 ____D C:\Users\MJZ\AppData\Local\aticpln
2018-05-16 00:36 - 2018-05-16 00:36 - 000000000 ____D C:\Users\MJZ\AppData\Local\rtsxgbd
2018-05-15 19:01 - 2018-05-15 19:01 - 000000000 ____D C:\Users\MJZ\AppData\Local\reobctd
2018-05-14 12:35 - 2018-05-14 12:35 - 002660771 _____ C:\Users\MJZ\Downloads\drive-download-20180330T172124Z-001.zip
2018-05-13 11:32 - 2018-05-13 11:32 - 000070047 _____ C:\Users\MJZ\Downloads\MichalZajac_Resume.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-12 20:32 - 2018-05-09 22:56 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-12 20:32 - 2018-05-09 22:56 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-12 20:32 - 2017-10-17 10:18 - 000103656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-06-12 20:32 - 2017-10-17 10:18 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-06-12 20:20 - 2014-12-22 00:50 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-12 20:11 - 2017-10-18 12:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-12 18:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-12 12:25 - 2018-02-10 19:22 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-12 10:03 - 2018-05-09 23:00 - 000000000 ____D C:\Users\MJZ\AppData\Local\cwshvdx
2018-06-11 23:47 - 2015-04-08 23:28 - 000000000 ____D C:\Program Files (x86)\Clover
2018-06-11 22:40 - 2017-10-18 12:47 - 004792572 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-11 22:35 - 2016-12-11 23:09 - 000000000 ____D C:\Users\MJZ\AppData\LocalLow\Mozilla
2018-06-11 22:35 - 2015-03-13 03:19 - 000000000 ____D C:\Users\MJZ\AppData\Local\Pushbullet
2018-06-11 22:34 - 2018-05-09 22:59 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\wembskcsvc.exe
2018-06-11 22:34 - 2017-10-18 12:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-11 22:34 - 2017-09-29 04:45 - 024379392 _____ C:\WINDOWS\system32\config\HARDWARE
2018-06-11 22:34 - 2017-09-29 04:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-06-11 22:11 - 2017-10-18 12:58 - 000002296 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2018-06-11 21:55 - 2015-10-18 15:38 - 000000000 ___RD C:\Users\MJZ\Google Drive
2018-06-11 21:54 - 2017-12-12 00:12 - 000000000 ____D C:\Users\MJZ\Desktop\Travel
2018-06-11 21:47 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-11 21:46 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-11 21:00 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-11 17:22 - 2014-12-01 23:39 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\vlc
2018-06-11 17:20 - 2017-07-25 22:55 - 000000000 ____D C:\Users\MJZ\AppData\LocalLow\Clover
2018-06-11 17:11 - 2016-11-02 18:21 - 000000000 ____D C:\Users\MJZ\Desktop\Pics Mikes Phone
2018-06-11 17:07 - 2017-11-03 18:14 - 000000000 ____D C:\Users\MJZ\Downloads\Operating Systems
2018-06-11 17:06 - 2018-04-23 20:11 - 000000000 ____D C:\Users\MJZ\Downloads\Captain America - The First Avenger (2011)
2018-06-11 17:04 - 2014-12-01 18:16 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-06-11 17:03 - 2017-04-22 01:06 - 000000000 ____D C:\Users\MJZ\Downloads\Torrents
2018-06-11 17:02 - 2018-03-11 21:02 - 000000000 ____D C:\Users\MJZ\Downloads\VR Games
2018-06-11 12:42 - 2016-11-28 15:47 - 000007600 _____ C:\Users\MJZ\AppData\Local\Resmon.ResmonCfg
2018-06-11 12:40 - 2017-10-18 12:52 - 000000000 ____D C:\Users\MJZ\AppData\Local\Packages
2018-06-11 12:28 - 2015-01-15 23:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-11 12:14 - 2016-08-27 01:34 - 000000000 ____D C:\Users\MJZ\Downloads\ZIPS
2018-06-11 11:40 - 2018-05-09 22:55 - 000000000 ____D C:\Program Files (x86)\fitzmaurice
2018-06-11 11:40 - 2017-10-18 12:51 - 000000000 ____D C:\Users\MJZ
2018-06-11 11:38 - 2018-01-27 23:47 - 000000000 ____D C:\ProgramData\Emsisoft
2018-06-11 11:12 - 2014-12-01 17:39 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-06-11 11:12 - 2014-12-01 17:38 - 000000000 ____D C:\Program Files (x86)\Google
2018-06-11 10:38 - 2018-05-12 22:08 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-06-11 10:38 - 2018-05-12 22:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-11 10:35 - 2015-03-16 20:06 - 000000000 ____D C:\ProgramData\Unified Remote
2018-06-10 15:43 - 2018-02-10 19:22 - 000000000 ____D C:\Users\MJZ\AppData\Local\NVIDIA
2018-06-10 13:23 - 2015-07-17 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-06-10 13:17 - 2014-12-15 17:16 - 000000000 ____D C:\Users\MJZ\AppData\Local\CrashDumps
2018-06-10 13:13 - 2018-01-24 21:34 - 000000000 ____D C:\temp
2018-06-10 13:13 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-06-10 13:13 - 2017-04-25 21:35 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-06-09 23:56 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-09 21:50 - 2017-10-18 12:58 - 000004518 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-06-09 21:50 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-09 21:50 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-07 20:15 - 2015-05-26 03:05 - 000000000 ____D C:\ProgramData\HitmanPro
2018-06-07 19:37 - 2018-05-09 22:55 - 000000000 ____D C:\Program Files (x86)\Vichy
2018-06-07 01:06 - 2014-12-01 19:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-06-07 01:01 - 2009-07-13 22:34 - 000000541 _____ C:\WINDOWS\win.ini
2018-06-06 16:30 - 2016-08-03 18:38 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-06-05 19:24 - 2017-12-15 17:30 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 19:24 - 2017-12-15 17:30 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-01 23:03 - 2017-10-12 22:13 - 004855032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-06-01 14:04 - 2017-10-23 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-06-01 14:04 - 2014-12-01 18:16 - 000002073 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-06-01 13:59 - 2017-04-25 21:35 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-06-01 06:16 - 2018-02-10 19:30 - 000044277 _____ C:\WINDOWS\system32\nvinfo.pb
2018-06-01 04:39 - 2018-02-10 19:32 - 005947976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-06-01 04:39 - 2018-02-10 19:32 - 002612352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-06-01 04:39 - 2018-02-10 19:32 - 001767552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-06-01 04:39 - 2018-02-10 19:32 - 000634152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-06-01 04:39 - 2018-02-10 19:32 - 000450856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-06-01 04:39 - 2018-02-10 19:32 - 000124304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-06-01 04:39 - 2018-02-10 19:32 - 000083528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-06-01 00:18 - 2014-12-01 18:26 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\qBittorrent
2018-05-31 05:44 - 2018-02-10 19:32 - 008193252 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-05-30 13:04 - 2018-01-06 05:02 - 000000000 ____D C:\Program Files\PowerShell
2018-05-30 12:54 - 2018-04-02 19:45 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-30 12:54 - 2018-02-10 19:22 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-05-30 12:54 - 2017-10-18 12:58 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-30 12:54 - 2017-10-18 12:58 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-30 12:54 - 2017-10-18 12:58 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-30 12:54 - 2017-10-18 12:58 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-30 12:54 - 2017-10-18 12:58 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-30 12:54 - 2017-04-25 21:35 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-26 13:40 - 2016-07-19 00:46 - 000000000 ____D C:\Users\MJZ\AppData\Local\UnrealEngine
2018-05-26 13:40 - 2015-07-17 20:36 - 000000000 ____D C:\Users\MJZ\AppData\Local\NVIDIA Corporation
2018-05-26 13:29 - 2016-12-10 01:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-26 13:26 - 2016-01-12 22:52 - 000000000 ____D C:\ProgramData\VMware
2018-05-26 13:26 - 2016-01-12 22:52 - 000000000 ____D C:\Program Files (x86)\VMware
2018-05-26 13:14 - 2014-12-01 18:22 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-24 13:44 - 2018-02-10 19:22 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-05-24 06:55 - 2017-10-17 10:18 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-23 22:32 - 2014-12-01 19:00 - 000000000 ___RD C:\Users\MJZ\Dropbox
2018-05-23 22:15 - 2016-11-06 14:14 - 000000000 ____D C:\Users\MJZ\Downloads\Python
2018-05-23 20:48 - 2018-03-07 01:54 - 000000000 ____D C:\Program Files\Revive
2018-05-22 22:41 - 2017-04-22 15:12 - 000000000 ____D C:\Program Files\Tableau
2018-05-22 21:16 - 2017-07-01 11:35 - 000000000 ___RD C:\Users\MJZ\Desktop\Pc Tools
2018-05-22 21:14 - 2017-12-26 18:53 - 000000000 ____D C:\Users\MJZ\AppData\Local\Deployment
2018-05-22 19:44 - 2015-05-13 02:03 - 000000000 ____D C:\Users\MJZ\AppData\Local\ElevatedDiagnostics
2018-05-22 19:19 - 2018-04-20 12:07 - 000000000 ____D C:\Program Files (x86)\Overwatch
2018-05-22 19:19 - 2015-09-18 19:01 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-05-22 19:18 - 2015-09-18 19:01 - 000000000 ____D C:\Users\MJZ\AppData\Local\Battle.net
2018-05-22 19:17 - 2018-05-02 15:26 - 000313517 _____ C:\Users\MJZ\save.Save
2018-05-22 18:00 - 2018-04-02 19:51 - 001688848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2018-05-22 18:00 - 2018-04-02 19:51 - 000227928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2018-05-22 01:08 - 2017-11-04 20:49 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-05-22 00:19 - 2014-12-01 16:57 - 000000000 ____D C:\Users\MJZ\AppData\Local\VirtualStore
2018-05-21 00:49 - 2018-01-04 16:50 - 000000000 ____D C:\Users\MJZ\AppData\Local\Power Query Telemetry
2018-05-21 00:39 - 2016-08-03 18:38 - 000000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-21 00:39 - 2016-08-03 18:38 - 000000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-20 11:30 - 2018-02-10 19:22 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-05-18 21:58 - 2017-10-18 12:58 - 000003976 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-18 21:58 - 2017-10-18 12:58 - 000003744 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-17 11:32 - 2017-10-18 12:58 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 11:32 - 2017-10-18 12:58 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-17 00:29 - 2017-10-18 12:51 - 000000000 ____D C:\Users\DefaultAppPool
2018-05-16 21:50 - 2017-10-16 20:54 - 000000000 ____D C:\Program Files (x86)\qBittorrent
2018-05-16 17:26 - 2017-10-18 12:58 - 000003674 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-517441185-2000574432-2814188571-1000UA
2018-05-16 17:26 - 2017-10-18 12:58 - 000003406 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-517441185-2000574432-2814188571-1000Core
2018-05-16 12:31 - 2017-10-18 12:58 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-05-16 12:31 - 2015-12-18 03:36 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-14 21:49 - 2014-12-13 14:48 - 000000000 ____D C:\Users\MJZ\AppData\Local\DisplayFusion
2018-05-14 21:42 - 2015-05-29 11:19 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\Nitro PDF
2018-05-13 04:13 - 2018-05-09 23:16 - 000000000 ____D C:\Users\MJZ\AppData\Local\wmsgixp
2018-05-13 00:28 - 2017-10-18 18:39 - 000000000 ____D C:\WINDOWS\Minidump

==================== Files in the root of some directories =======

2017-01-08 19:15 - 2017-01-08 19:15 - 021874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-08-09 04:49 - 2016-08-09 04:49 - 000000073 _____ () C:\Users\MJZ\AppData\Roaming\Camdata.ini
2016-08-09 04:49 - 2016-08-09 04:49 - 000000408 _____ () C:\Users\MJZ\AppData\Roaming\CamLayout.ini
2016-08-09 04:49 - 2016-08-09 04:49 - 000000408 _____ () C:\Users\MJZ\AppData\Roaming\CamShapes.ini
2016-08-09 03:08 - 2016-08-09 03:08 - 000000096 _____ () C:\Users\MJZ\AppData\Roaming\version2.xml
2015-04-08 23:19 - 2017-10-15 17:57 - 001790976 _____ () C:\Users\MJZ\AppData\Local\file__0.localstorage
2015-03-15 23:10 - 2017-11-30 22:02 - 000000600 _____ () C:\Users\MJZ\AppData\Local\PUTTY.RND
2016-11-28 15:47 - 2018-06-11 12:42 - 000007600 _____ () C:\Users\MJZ\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-06-10 13:10 - 2018-05-22 16:09 - 000395048 _____ (NVIDIA Corporation) C:\Users\MJZ\AppData\Local\Temp\nvStInst.exe
2018-05-12 11:30 - 2016-10-27 00:12 - 000006144 ____N (Pushbullet Inc) C:\Users\MJZ\AppData\Local\Temp\pushbullet_watchdog.exe
2018-06-11 17:04 - 2018-06-11 17:04 - 040184976 _____ () C:\Users\MJZ\AppData\Local\Temp\vlc-3.0.3-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\reiruxae.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-06-11 14:28

==================== End of FRST.txt ============================

Then Additional.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by MJZ (12-06-2018 20:43:10)
Running from C:\Users\MJZ\Downloads
Windows 10 Pro Version 1709 16299.431 (X64) (2017-10-18 17:01:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-517441185-2000574432-2814188571-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-517441185-2000574432-2814188571-503 - Limited - Disabled)
Guest (S-1-5-21-517441185-2000574432-2814188571-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-517441185-2000574432-2814188571-1002 - Limited - Enabled)
MJZ (S-1-5-21-517441185-2000574432-2814188571-1000 - Administrator - Enabled) => C:\Users\MJZ
WDAGUtilityAccount (S-1-5-21-517441185-2000574432-2814188571-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

${{arpDisplayName}} (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cufft_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation)
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Disk (HKLM-x32\...\Active Disk) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Alteryx 2018.1 x64 (User) (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Alteryx 2018.1 x64 (User)) (Version: 2018.1.3.42973 - Alteryx)
Alteryx Predictive Tools with R 3.3.2 (User) (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Alteryx Predictive Tools with R 3.3.2 (User)) (Version: 3.3.2 - R Development Core Team)
AlteryxProductName (HKLM\...\{2E60F15F-3451-465C-B6A2-62A3BA5AA56A}) (Version: 2018.1.3.42973 - Alteryx) Hidden
AlteryxRProductName (HKLM\...\{75E7E186-8B9A-46B3-83A2-43656D524F11}) (Version: 3.3.2 - R Development Core Team) Hidden
Amazon Drive (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Amazon Drive) (Version: 4.0.19 - Amazon.com, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
AOMEI Partition Assistant Standard Edition 6.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Atom (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\atom) (Version: 1.22.0 - GitHub Inc.)
Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Chrome Remote Desktop Host (HKLM-x32\...\{FBB43A99-0B72-461A-A6D2-2F1B54D36B69}) (Version: 66.0.3359.12 - Google Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)
Civilization VI - Nubia Civilization and Scenario Pack (HKLM-x32\...\Civilization VI - Nubia Civilization and Scenario Pack_is1) (Version:  - )
Clover V3.4 (HKLM-x32\...\Clover) (Version: 3.4.3.04081 - 易捷科技)
CMEDIA USB2.0 Audio Device (HKLM-x32\...\{9445E4B8-E875-470A-928A-A665D3F973B4}) (Version: 1.00.0005 - C-Media Electronics, Inc.)
Corsair K70 Firmware Update Application (HKLM-x32\...\{8C9DA353-2101-4658-BAA7-53F88EA0D3AB}_is1) (Version:  - )
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
CPUID CPU-Z 1.83 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.83 - CPUID, Inc.)
CPUID HWMonitor 1.34 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.34 - )
CUBLAS Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cublas_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
CUBLAS Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cublas_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
CUDA Documentation (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_documentation_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
CUDA Profiler Tools (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvprof_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
CUDA Toolkit (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAToolkit_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
CUDA Version (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAVersion_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
CUDART Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cudart_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
CUFFT Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cufft_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
cuobjdump (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cuobjdump_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
CUPTI (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cupti_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
CURAND Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_curand_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
CURAND Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_curand_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
CUSOLVER Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusolver_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
CUSOLVER Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusolver_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
CUSPARSE Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusparse_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
CUSPARSE Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusparse_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
Demo Suite (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_demo_suite_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
Disassembler (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvdisasm_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.11 - NVIDIA Corporation) Hidden
DisplayFusion 6.1.2 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 6.1.2.0 - Binary Fortress Software)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 51.4.66 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.2 - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Flux) (Version:  - f.lux Software LLC)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
foobar2000 v1.3.15 (HKLM-x32\...\foobar2000) (Version: 1.3.15 - Peter Pawlowski)
Fortran Examples (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_fortran_examples_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
Git version 2.8.1 (HKLM\...\Git_is1) (Version: 2.8.1 - The Git Development Community)
GitHub (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\5f7eb300e2ea4ebf) (Version: 3.3.4.0 - GitHub, Inc.)
Gitter (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\{03C07717-35D4-40B2-B4F2-05A0EF1B9F6F}_is1) (Version:  - Troupe Technology Limited)
Google Cloud SDK (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Google Cloud SDK) (Version:  - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPU Library Advisor (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_gpu-library-advisor_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
HellBlazers Maps Pack v12 (HKLM-x32\...\{868D1888-EA61-46C1-A8E8-FEEB78B1412F}) (Version: 12 - HellBlazer)
Heroku CLI (HKLM-x32\...\Heroku) (Version:  - Heroku, Inc)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel Extreme Tuning Utility (HKLM-x32\...\{41E5D953-530A-441B-98D3-92B5D6B80AEB}) (Version: 6.2.0.17 - Intel Corporation) Hidden
Intel Extreme Tuning Utility (HKLM-x32\...\{fde8aa07-3912-4bdf-ad35-ff1231bfd00d}) (Version: 6.2.0.17 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Network Connections 22.9.16.0 (HKLM\...\PROSetDX) (Version: 22.9.16.0 - Intel)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3A55D9C8-17B6-41F9-B9C2-4B1532DCD016}) (Version: 19.10.1635.0483 - Intel Corporation)
itch (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\itch) (Version: 23.6.3 - Itch Corp)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Learn IDE 3 (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\learn_ide_3) (Version: 3.0.0 - GitHub Inc.)
Litecoin Core (64-bit) (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Litecoin Core (64-bit)) (Version: 0.14.2 - Litecoin Core project)
Logitech Gaming Software 8.72 (HKLM\...\Logitech Gaming Software) (Version: 8.72.107 - Logitech Inc.)
Mail Attachment Downloader v3.2 (HKLM-x32\...\{2B263955-187B-42ED-A97B-2EAE3F9BD58D}) (Version: 3.2.0991 - Gearmage)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MEMCHECK (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_memcheck_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Azure Storage Explorer version 0.9. (HKLM-x32\...\{8E14ADF3-1B18-4711-87BD-E3827D395466}_is1) (Version: 0.9. - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Power BI Desktop (x64) (HKLM\...\{89A52314-C097-401F-A45B-14C8B67702FA}) (Version: 2.56.5023.942 - Microsoft Corporation)
Microsoft Power Query for Excel (x64) (HKLM\...\{90693CA5-9830-45AC-8A87-7C1206C0DCBC}) (Version: 2.51.4885.721 - Microsoft Corporation)
Microsoft Report Viewer for SQL Server 2016 (HKLM-x32\...\{6ECB5D2E-AF2E-4E1B-A311-3CD800DF2A5F}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E534493E-80D2-4E37-8020-3ECAC55D9DB5}) (Version: 10.53.6000.34 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM\...\{FE3BF1DD-677E-4793-9770-C07AECC88882}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{DBCB046A-1288-41C2-9BAF-90127F740B6E}) (Version: 13.0.3432.1 - Microsoft Corporation)
Microsoft Support and Recovery Assistant for Office 365 (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\dacae1bed46e81d5) (Version: 16.0.2250.6 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{353253a9-15a3-4727-b415-79b4e6be765e}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
MSI Afterburner 4.4.2 (HKLM-x32\...\Afterburner) (Version: 4.4.2 - MSI Co., LTD)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.12 - MSI)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
MySQL Connector/ODBC 5.3 (HKLM\...\{EB0CFCBD-B0C8-4F0F-ACF4-8B674A19B459}) (Version: 5.3.8 - Oracle Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro)
Node.js (HKLM\...\{4219DF19-09C9-47A4-88C0-49778E491E54}) (Version: 8.9.4 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
NPP Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_npp_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
NPP Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_npp_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
nvcc (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvcc_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
NVGRAPH Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvgraph_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
NVGRAPH Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvgraph_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 398.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.11 - NVIDIA Corporation)
NVIDIA CUDA Development 9.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADevelopment_9.1) (Version: 9.1 - NVIDIA Corporation)
NVIDIA CUDA Documentation 9.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADocument_9.1) (Version: 9.1 - NVIDIA Corporation)
NVIDIA CUDA Runtime 9.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDARuntimes_9.1) (Version: 9.1 - NVIDIA Corporation)
NVIDIA CUDA Samples 9.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_samples_9.1) (Version: 9.1 - NVIDIA Corporation)
NVIDIA CUDA Visual Studio Integration 9.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_visual_studio_integration_9.1) (Version: 9.1 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation)
NVIDIA Graphics Driver 398.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Nsight Visual Studio Edition 5.4.0.17229 (HKLM\...\{3C2B7A30-1441-4418-8222-2A647ECF1C07}) (Version: 5.4.0.17229 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NVIDIA Tools Extension SDK (NVTX) - 64 bit (HKLM\...\{B56D2F88-8865-40FD-B7AC-F074EE4D201D}) (Version: 1.00.00.00 - NVIDIA Corporation)
NVM for Windows 1.1.6 (HKLM\...\40078385-F676-4C61-9A9C-F9028599D6D3_is1) (Version: 1.1.6 - Ecor Ventures LLC)
NVML Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvml_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
nvprune (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvprune_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
NVRTC Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvrtc_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
NVRTC Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvrtc_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
Occupancy Calculator (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_occupancy_calculator_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
Oculus (HKLM\...\Oculus) (Version: ❤️ - Oculus VR, LLC)
Online Plug-in (HKLM-x32\...\{7BD3DC6D-A2BE-4345-B6EE-D146193DB18F}) (Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 5.2.8 (HKLM\...\{A7F49FA5-9FCA-4936-8652-CD00206D9300}) (Version: 5.2.8 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PatchCleaner (HKLM-x32\...\{727DA176-50BB-452C-8DB5-96EE0A573ED4}) (Version: 1.4.20 - HomeDev)
Peace (HKLM\...\Peace) (Version: 1.4.0.1 - P.E. Verbeek)
Plane9 v2.5.1.3 (HKLM-x32\...\Plane9) (Version: v2.5.1.3 - Joakim Dahl / Planestate Software)
Plex Media Server (HKLM-x32\...\{5C768A2E-CC32-4AF3-BDF8-A0659872915A}) (Version: 1.9.7460 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{a2e22d95-0134-4c6f-a056-3443179ba2bb}) (Version: 1.9.7.4460 - Plex, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)
PowerShell 6-preview-x64 (HKLM\...\{3C3D1E90-8F22-4712-B134-10C49501AA47}) (Version: 6.1.0.2 - Microsoft Corporation)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Project Highrise - Las Vegas (HKLM-x32\...\2116077629_is1) (Version: 1.5.5.3.[50328382035041383] - GOG.com)
Project Highrise - Miami Malls (HKLM-x32\...\1840309235_is1) (Version: 1.5.5.3.[50328382035041383] - GOG.com)
psqlODBC_x64 (HKLM\...\{3D4F4C5A-28C7-441D-81DC-2AA2C1A61B6A}) (Version: 09.06.0201 - PostgreSQL Global Development Group)
Pushbullet version 312 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 312 - Pushbullet Inc)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Python 2.7.12 (Anaconda2 4.1.1 64-bit) (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Python 2.7.12 (Anaconda2 4.1.1 64-bit)) (Version: 4.1.1 - Continuum Analytics, Inc.)
Python 2.7.9 (64-bit) (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813233}) (Version: 2.7.9150 - Python Software Foundation)
Python 3.6.1 (64-bit) (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\{5984d629-979e-4439-b893-accde1a00a68}) (Version: 3.6.1150.0 - Python Software Foundation)
Python 3.6.1 Add to Path (64-bit) (HKLM\...\{079FEF6F-9E83-4694-897D-69C30389B772}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Core Interpreter (64-bit) (HKLM\...\{27133190-078A-4A46-81B0-FF476EAEBF2A}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Development Libraries (64-bit) (HKLM\...\{953B4007-8312-48CA-817E-29B43988EB35}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Documentation (64-bit) (HKLM\...\{41626EAD-257F-401F-8531-51C5A7D4CA6C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (64-bit) (HKLM\...\{9139037B-B991-4022-946F-DAA9A9FDC7EE}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 pip Bootstrap (64-bit) (HKLM\...\{5F9A36CA-767E-4922-84AB-73E61264FE5C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (64-bit) (HKLM\...\{B7A716F0-78C1-4CB9-8756-0E51C5DD7622}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (64-bit) (HKLM\...\{AC60D963-1CE4-429B-AB29-F973DC55A918}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (64-bit) (HKLM\...\{A298B2DB-1F21-476D-9BD7-4ECC23101C90}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Utility Scripts (64-bit) (HKLM\...\{7CB8460F-55AD-4C70-8D04-72947C46C85E}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.4 (Anaconda3 5.1.0 64-bit) (HKLM\...\Python 3.6.4 (Anaconda3 5.1.0 64-bit)) (Version: 5.1.0 - Anaconda, Inc.)
Python Launcher (HKLM-x32\...\{3B2D9AEB-40B2-4502-85BE-0B07C2AC4A91}) (Version: 3.7.6133.0 - Python Software Foundation)
qBittorrent 4.1.0 (HKLM-x32\...\qBittorrent) (Version: 4.1.0 - The qBittorrent project)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 beta r2720 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7512 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Revive Dashboard (HKLM-x32\...\Revive) (Version:  - )
Room EQ Wizard (HKLM-x32\...\RoomEQWizardV5.1) (Version:  - John Mulcahy)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
RStudio (HKLM-x32\...\RStudio) (Version: 1.1.453 - RStudio)
SADPTool (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 3.0.0.10 - hikvision)
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.7.5.235 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SanDisk SSD Toolkit 1.0.0.1 (HKLM-x32\...\{26326B5B-3D62-4C12-8841-6B55A19B552D}_is1) (Version: 1.0.0.1 - SanDisk Corporation)
SD Card Formatter (HKLM-x32\...\{10C16E01-F739-4093-89A7-E570589FA0F6}) (Version: 5.0.0 - SD Association)
Self-service Plug-in (HKLM-x32\...\{EF269F8D-1DFE-4C3B-9CE9-09C5773C0CF9}) (Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Simple Shutdown Timer (HKLM-x32\...\Simple Shutdown Timer1.1.2) (Version: 1.1.2 - PcWinTech.com)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{A68C70CF-1473-4E04-8646-297B2F90C296}) (Version: 1.9.7460 - Plex, Inc.) Hidden
Tableau Public 2018.1 (20181.18.0510.1418) (HKLM\...\{ACF37D3B-C421-4EF1-8FCD-01331AFCCBA0}) (Version: 18.1.1036 - Tableau Software) Hidden
Tableau Public 2018.1 (20181.18.0510.1418) (HKLM-x32\...\{f19a0588-efdb-47e1-8fa7-73ac05b31f04}) (Version: 18.1.1036 - Tableau Software)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Telegram Desktop version 1.2.6 (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.6 - Telegram Messenger LLP)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.4.1 - Unified Intents AB)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB4022170) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{623DC402-8FDC-490D-9881-E60F5337036E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4022170) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{623DC402-8FDC-490D-9881-E60F5337036E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4022170) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{623DC402-8FDC-490D-9881-E60F5337036E}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 44.0 - Ubisoft)
USB Disk Storage Format Tool 5.3 (HKLM\...\USB Disk Storage Format Tool_is1) (Version:  - Authorsoft Corporation)
Vagrant (HKLM-x32\...\{69366E88-77F9-4358-891E-DC369C211601}) (Version: 2.0.0 - HashiCorp)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.21 - IDRIX)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WD Drive Utilities (HKLM-x32\...\{2db219ff-e483-403b-9374-aea609abaf1d}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{546D15D7-D6AF-422B-B4E5-05AF20BA8573}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: 3.0.6.27 - )
Win10Pcap (HKLM-x32\...\{B5B58F8A-1984-4F3E-B400-235A6E005002}) (Version: 10.2.5002 - Daiyuu Nobori, University of Tsukuba, Japan)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.80 Build 33 - Windscribe Limited)
WinRAR 5.20 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH)
WizTree v3.23 (HKLM\...\WizTree_is1) (Version:  - Antibody Software)
XAMPP (HKLM-x32\...\xampp) (Version: 7.1.1-0 - Bitnami)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-517441185-2000574432-2814188571-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\MJZ\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-517441185-2000574432-2814188571-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\MJZ\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-517441185-2000574432-2814188571-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\MJZ\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-517441185-2000574432-2814188571-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\MJZ\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-517441185-2000574432-2814188571-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\MJZ\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-517441185-2000574432-2814188571-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MJZ\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-517441185-2000574432-2814188571-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\MJZ\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers-x32: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-06-11] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-10-15] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\PRO9~1\NPSHEL~1.DLL [2014-05-19] (Nitro PDF)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-11-30] (Apple Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-11-28] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-11-28] (Alexander Roshal)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-01] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-06-11] ()
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-11-28] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-11-28] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014E3824-5A08-4876-8EFA-2DC4E8F78AA6} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe [2018-05-04] (Microsoft Corporation)
Task: {047CB2C5-B331-4709-BBCF-02A43A49D33A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-05-20] (NVIDIA Corporation)
Task: {09CC747F-9077-4E40-A3E4-2356ADB2DA73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {17F17249-06E1-45A1-B17F-9655CBCF100B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1E683F90-74FE-4D96-A610-46418B53BFD2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-517441185-2000574432-2814188571-1000Core => C:\Users\MJZ\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-04] (Google Inc.)
Task: {2CFD8CCB-F42B-42B7-AB02-FF2B29BFE646} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)
Task: {3AE96515-5D7B-421F-BEF8-74C2620432E9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3C6B767D-F9B4-485E-9352-ABD3A63B8C67} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-20] (NVIDIA Corporation)
Task: {3E440623-BF0E-439C-8FCC-14EFBA4A7C72} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {3F53B23D-F988-4BBE-B233-D72D49DF360B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {430867E1-EC7E-41CB-8E8F-46863891E682} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {495C12E6-3730-46EC-9E8A-D3EE4A8E58C1} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4DCAAC1D-8B69-4906-AF11-46FED2710B81} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {55A4BB57-62C2-473C-9783-FD7E262FE503} - System32\Tasks\User_Feed_Synchronization-{9CA02D3E-14C1-44A9-AFD2-DC7A95884CE0}
Task: {5680E6EB-C87D-43EE-AF6A-4E54F60C6E6A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5A222FD9-F88F-463F-AF31-3D1859A0E584} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5CAB38B4-7EA7-48AF-B496-BBFC7D7D7BD2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {5FE56E59-A553-4742-B027-8AEC73A9B234} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {60554D06-0FBB-45B4-B4B4-F47904FBE48B} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {626DA919-86CC-482F-A41A-B8669A243524} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6444F6EA-ACF1-42BF-A7B9-3A4EBDA32AD3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {646817C2-81A6-4267-8B90-975EF56D0FF3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {6C9CFE15-4FF9-4500-9224-CBC880029801} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {723CFDA2-F320-4F24-8ABC-2C7F61D2327F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7314C99E-4609-4527-9764-1489B0EA1739} - System32\Tasks\Wake => cmd.exe /c “exit”
Task: {74814085-133A-419C-8168-46EDF05301DE} - System32\Tasks\Alarm Clock => Command(1): C:\Users\MJZ\Desktop\Music Production\foobar2000\foobar2000.exe [2015-03-26] (Piotr Pawlowski)
Task: {74814085-133A-419C-8168-46EDF05301DE} - System32\Tasks\Alarm Clock => Command(2): foobar2000.exe -> /playlist-activate:"All Music" /play /rand
Task: {757DD069-E63C-4EC0-AABC-6DAB6D750275} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {76537D2F-6AE6-4B31-A35C-BCB27BC5B5EE} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MJZ-PC-MJZ MJZ-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2016-02-09] (Microsoft Corporation)
Task: {7C0283F1-F501-4EEA-B47A-9607BA4F8A76} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-03] (Dropbox, Inc.)
Task: {7CE4DB5F-380E-4D95-BE0D-0559F88BD3F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {810EC0E7-BF21-4C8D-A4BF-7C2E2F40B969} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {83835D17-6724-44F4-A852-630C15AD9894} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
Task: {86DD8425-228F-4EDE-8011-CD50A99A6C1E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {890EBD8F-535B-4159-A251-148AB4E0F067} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8C15903F-A260-4A70-A4DD-795FA2A223E5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-517441185-2000574432-2814188571-1000UA => C:\Users\MJZ\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-04] (Google Inc.)
Task: {8D8013E9-340A-47AC-B0A8-80A75DA3A06F} - System32\Tasks\Sleep => C:\Users\MJZ\Desktop\sleep.bat [2016-08-07] () <==== ATTENTION
Task: {93A4974D-B5E7-4A54-BF07-B0A62D467CDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-23] (Google Inc.)
Task: {98F0F56C-363B-4898-AB3D-4E85D95F0A05} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe
Task: {99FC46B2-3EA7-4377-B593-81CD59CFB06B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {9BC4BCB3-DA30-43D2-AD67-7905F802B3AE} - System32\Tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate => C:\WINDOWS\System32\LxRun.exe [2018-03-29] (Microsoft Corporation)
Task: {9D1C8F5E-F862-48C8-8F02-ACD7888FC316} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {A0B54252-CBD5-4D25-ACC5-FDC1FBDCEF90} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A21067BF-BB77-4FA8-8D6E-AAC8F56557C4} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A641EFE9-E9E3-4809-9467-588042FC9D85} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-03] (Dropbox, Inc.)
Task: {A6D673CA-EF17-4A07-87B8-450808462295} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AB67642A-3E54-4141-B902-2A8D04F32AF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-23] (Google Inc.)
Task: {AFDDF86B-7B6C-4520-9395-882FD987AA36} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B61DA7A0-1E5A-4A76-BAB8-17F964D468AD} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {B641C8D8-C07A-48A2-B2B0-42BA2E565EE6} - System32\Tasks\SpeedTest => C:\Utils\Run.bat [2017-12-17] () <==== ATTENTION
Task: {C381AC5A-8F90-496E-957B-5DEF1E401EEA} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CF708DAA-8612-41DA-8FE3-C0E577265941} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
Task: {D18B14D7-1044-44D9-8AA0-AFECC0113985} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {D1E97D95-D96E-4FC0-BF3A-6BA69FA66670} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D36A8377-1BC7-4F3E-859D-3F7ED7B16F2D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E1D89EF4-1ECC-4122-A19C-3306BCB9B036} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
Task: {E3DED01F-B4C4-4D37-84AC-D7915FEC456E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {E8E2A9D2-FC19-4D49-A434-E926244A9B3B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F0511A30-4DFE-43EF-BFFD-A33AB45C039B} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {F240D076-A76B-4539-901D-5823ABAD0917} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-05-20] (NVIDIA Corporation)
Task: {F45A4664-828F-42C4-8A0E-AF0D7F2F864C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F64F2E61-1A4F-4891-A49C-A512FB3CF36C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
Task: {FB20F90F-7A9C-4288-B1C2-1A3974022CCA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\MJZ\Desktop\Pc Tools\Valley Benchmark 1.0.lnk -> C:\Program Files (x86)\Unigine\Valley Benchmark 1.0\valley.bat (No File)
Shortcut: C:\Users\MJZ\Desktop\Pc Tools\Overlocking Tools\Heaven Benchmark 4.0.lnk -> C:\Program Files (x86)\Unigine\Heaven Benchmark 4.0\heaven.bat (No File)

ShortcutWithArgument: C:\Users\MJZ\Desktop\Google Cloud SDK Shell.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\MJZ\AppData\Local\Google\Cloud SDK\cloud_env.bat""
ShortcutWithArgument: C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Cloud SDK\Google Cloud SDK Shell.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\MJZ\AppData\Local\Google\Cloud SDK\cloud_env.bat""
ShortcutWithArgument: C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\MJZ\Anaconda2\Scripts\activate.bat C:\Users\MJZ\Anaconda2

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-19 13:27 - 2014-05-19 13:27 - 000417800 _____ () c:\program files\nitro\pro 9\nitro_updateservice.exe
2018-05-30 12:54 - 2018-05-20 13:36 - 001315296 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-03-20 20:53 - 2018-03-22 21:39 - 000165616 _____ () C:\WINDOWS\system32\IntelWifiIhv06.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2018-04-23 23:04 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-04-23 23:04 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-09-01 14:27 - 2015-09-01 14:27 - 001095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-09-01 14:27 - 2015-09-01 14:27 - 000240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2018-05-30 12:54 - 2018-05-20 13:36 - 095437792 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-05-30 12:54 - 2018-05-20 13:36 - 003029472 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-05-30 12:54 - 2018-05-20 13:36 - 000149984 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-03-07 03:24 - 2018-03-07 03:24 - 012476064 _____ () C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
2016-11-27 09:29 - 2016-11-27 09:29 - 000093696 _____ () C:\Program Files\Rainmeter\Plugins\Process.DLL
2016-11-27 09:29 - 2016-11-27 09:29 - 000173568 _____ () C:\Program Files\Rainmeter\Plugins\AudioLevel.DLL
2017-08-03 12:36 - 2017-08-03 12:36 - 000556032 _____ () C:\Users\MJZ\AppData\Roaming\Rainmeter\Plugins\SpotifyPlugin.dll
2018-06-11 22:30 - 2018-06-11 22:30 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2018-05-19 10:39 - 2018-05-19 10:39 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-05-08 02:54 - 2018-05-08 02:54 - 001873120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-06-07 15:27 - 2018-06-07 15:29 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-07 15:27 - 2018-06-07 15:29 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-12 22:01 - 2017-10-12 22:06 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-26 07:49 - 2018-05-26 07:49 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-26 07:49 - 2018-05-26 07:49 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-04 09:44 - 2018-05-04 09:44 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-05-26 07:49 - 2018-05-26 07:49 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-03-29 14:04 - 2018-03-29 14:05 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-06-07 15:27 - 2018-06-07 15:29 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-26 07:49 - 2018-05-26 07:49 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-07 15:27 - 2018-06-07 15:29 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-26 07:49 - 2018-05-26 07:49 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-26 07:49 - 2018-05-26 07:49 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-26 07:49 - 2018-05-26 07:49 - 000103424 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-05-26 07:49 - 2018-05-26 07:49 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-03-29 14:04 - 2018-03-29 14:05 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-06-07 15:27 - 2018-06-07 15:29 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
2018-05-09 22:56 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-09 22:56 - 2018-05-30 09:22 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-03 14:45 - 2018-05-22 21:38 - 000735592 _____ () c:\program files (x86)\clover\cloversvc.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2018-02-10 19:22 - 2018-05-20 13:36 - 001033184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-11-14 03:03 - 2017-11-14 03:03 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-11-14 03:03 - 2017-11-14 03:03 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-11-14 03:03 - 2017-11-14 03:03 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-11-14 03:03 - 2017-11-14 03:03 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-11-14 03:03 - 2017-11-14 03:03 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-11-14 03:03 - 2017-11-14 03:03 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-11-14 03:03 - 2017-11-14 03:03 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-11-14 03:03 - 2017-11-14 03:03 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-11-14 03:03 - 2017-11-14 03:03 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2018-03-07 03:45 - 2018-03-07 03:45 - 002661536 _____ () C:\Program Files (x86)\Samsung\SideSync4\NativeSideSyncFramework.dll
2018-03-07 03:53 - 2018-03-07 03:53 - 005038752 _____ () C:\Program Files (x86)\Samsung\SideSync4\SLocales.dll
2018-03-07 03:49 - 2018-03-07 03:49 - 000861344 _____ () C:\Program Files (x86)\Samsung\SideSync4\SCommon.dll
2016-05-04 05:15 - 2016-05-04 05:15 - 001289216 _____ () C:\Program Files (x86)\Samsung\SideSync4\cairo.dll
2016-05-04 05:15 - 2016-05-04 05:15 - 000100352 _____ () C:\Program Files (x86)\Samsung\SideSync4\zlib1.dll
2016-05-04 05:15 - 2016-05-04 05:15 - 000230529 _____ () C:\Program Files (x86)\Samsung\SideSync4\libpng14-14.dll
2016-05-04 05:15 - 2016-05-04 05:15 - 000091136 _____ () C:\Program Files (x86)\Samsung\SideSync4\ThoughtWorks.QRCode.dll
2017-11-14 03:03 - 2017-11-14 03:03 - 000064488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll
2018-06-06 16:30 - 2018-06-04 06:18 - 001107272 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-06-06 16:30 - 2018-06-04 06:18 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-07-13 15:47 - 2018-06-04 06:21 - 000106816 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-07-13 15:47 - 2018-06-04 06:20 - 000025408 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-07-13 15:47 - 2018-06-04 06:20 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000042312 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-07-13 15:47 - 2018-06-04 06:20 - 000700736 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-06-06 16:30 - 2018-06-04 06:19 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000137032 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-06-06 16:30 - 2018-06-04 06:19 - 001845600 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-06-06 16:30 - 2018-06-04 06:19 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 000123200 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-07-13 15:47 - 2018-06-04 06:20 - 000112448 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-06-06 16:30 - 2018-06-04 06:19 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-13 15:47 - 2018-06-04 06:20 - 000031040 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-06-06 16:30 - 2018-06-04 06:19 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 000399168 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-07-13 15:47 - 2018-06-04 06:21 - 000049984 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-06-06 16:30 - 2018-06-04 06:19 - 000027456 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-07-13 15:47 - 2018-06-04 06:20 - 000131392 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000120648 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-07-13 15:47 - 2018-06-04 06:20 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000028000 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-07-13 15:47 - 2018-06-04 06:20 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-07-13 15:47 - 2018-06-04 06:20 - 000182080 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-07-13 15:47 - 2018-06-04 06:20 - 000036672 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-10-16 19:52 - 2018-06-04 06:20 - 000032576 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000055104 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-07-13 15:47 - 2018-06-04 06:20 - 000064320 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-10-16 19:52 - 2018-06-04 06:21 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-06-06 16:30 - 2018-06-04 06:19 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-06-06 16:30 - 2018-06-04 06:19 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-06-06 16:30 - 2018-06-04 06:19 - 000152384 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-07-13 15:47 - 2018-06-04 06:20 - 000091448 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000035136 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000067392 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000030528 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-06-06 16:30 - 2018-06-04 06:19 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000355648 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-06-06 16:30 - 2018-06-04 06:19 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-06-06 16:30 - 2018-06-04 06:18 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-06-06 16:30 - 2018-06-04 06:19 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-06-06 16:30 - 2018-06-04 06:18 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-01-11 14:59 - 2018-06-04 06:21 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-06-06 16:30 - 2018-06-04 06:19 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-07-13 15:47 - 2018-06-04 06:21 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-06-06 16:30 - 2018-06-04 06:19 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-06-06 16:30 - 2018-06-04 06:19 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-07-13 15:47 - 2018-06-04 06:21 - 000087904 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-07-13 15:47 - 2018-06-04 06:21 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-06-06 16:30 - 2018-06-04 06:20 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-03-23 11:04 - 2016-03-23 11:04 - 000091136 _____ () C:\Program Files (x86)\corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2016-03-23 11:02 - 2016-03-23 11:02 - 000224256 _____ () C:\Program Files (x86)\corsair\Corsair Utility Engine\quazip.dll
2016-03-23 11:02 - 2016-03-23 11:02 - 000200704 _____ () C:\Program Files (x86)\corsair\Corsair Utility Engine\lua52.dll
2013-05-04 07:57 - 2013-05-04 07:57 - 000095712 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\zlib1.dll
2015-03-26 03:45 - 2015-03-26 03:45 - 000160528 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\shared.dll
2015-05-19 00:08 - 2013-12-06 17:44 - 000271872 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_uie_library_tree\foo_uie_library_tree.dll
2015-05-19 00:08 - 2013-12-08 07:21 - 000241664 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_uie_vis_channel_spectrum\foo_uie_vis_channel_spectrum.dll
2015-03-26 03:45 - 2015-03-26 03:45 - 001401120 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\components\foo_input_std.dll
2016-08-15 00:04 - 2016-08-15 00:04 - 000923136 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_scheduler\foo_scheduler.dll
2015-05-19 00:08 - 2013-12-06 08:48 - 000452608 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_uie_elplaylist\foo_uie_elplaylist.dll
2015-05-19 00:08 - 2013-12-08 17:24 - 000337920 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_uie_biography\foo_uie_biography.dll
2016-08-14 12:50 - 2016-08-14 12:50 - 000730112 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_uie_lyrics3\foo_uie_lyrics3.dll
2015-05-19 00:08 - 2014-01-20 19:00 - 000423424 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_queuecontents\foo_queuecontents.dll
2015-06-25 14:41 - 2015-06-25 14:41 - 000183296 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_out_asio\foo_out_asio.dll
2016-03-25 22:14 - 2016-03-25 22:14 - 000132096 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_cad\foo_cad.dll
2015-05-19 00:08 - 2011-02-27 16:22 - 001608192 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\components\foo_ui_columns.dll
2015-05-19 00:08 - 2013-12-19 08:51 - 000356352 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_uie_panel_splitter\foo_uie_panel_splitter.dll
2016-08-14 12:50 - 2016-08-14 12:50 - 000209408 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_random_pools\foo_random_pools.dll
2015-05-19 00:08 - 2011-08-18 12:06 - 001767936 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_facets\foo_facets.dll
2016-08-14 12:50 - 2016-08-14 12:50 - 000264704 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_dsp_effect\foo_dsp_effect.dll
2015-03-26 03:45 - 2015-03-26 03:45 - 001087272 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\components\foo_ui_std.dll
2016-08-14 12:49 - 2016-08-14 12:49 - 001905152 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_upnp\foo_upnp.dll
2015-05-19 00:08 - 2014-01-21 19:38 - 000250368 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_covdow\foo_covdow.dll
2015-05-19 00:08 - 2013-12-07 12:21 - 000147456 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_out_wasapi\foo_out_wasapi.dll
2015-05-19 00:08 - 2013-12-22 17:55 - 000327680 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_masstag\foo_masstag.dll
2015-05-19 00:08 - 2013-12-08 16:41 - 000946176 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_uie_wsh_panel_mod\foo_uie_wsh_panel_mod.dll
2016-08-15 00:07 - 2016-08-15 00:07 - 000186368 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_runcmd\foo_runcmd.dll
2015-05-19 00:08 - 2013-12-08 18:22 - 000188416 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_audioscrobbler\foo_audioscrobbler.dll
2016-08-14 12:50 - 2016-08-14 12:50 - 000248320 _____ () \\?\C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_wave_seekbar\frontend_direct2d.dll
2016-08-14 12:50 - 2016-08-14 12:50 - 000310784 _____ () \\?\C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_wave_seekbar\frontend_direct3d9.dll
2014-12-22 00:51 - 2018-06-08 17:38 - 000788256 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-12-22 00:51 - 2018-06-08 19:39 - 002632992 _____ () C:\Program Files (x86)\Steam\video.dll
2015-05-19 15:31 - 2018-06-08 17:42 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-12-13 23:06 - 2018-06-08 17:40 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-13 23:06 - 2018-06-08 17:40 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-13 23:06 - 2018-06-08 17:40 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-13 23:06 - 2018-06-08 17:40 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-12-13 23:06 - 2018-06-08 17:40 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2015-05-19 15:31 - 2018-06-08 17:40 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-05-19 15:31 - 2018-06-08 17:40 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-12-22 00:51 - 2018-06-08 19:38 - 000979744 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-05-04 15:05 - 2018-06-08 17:40 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-06-28 12:07 - 2018-06-08 17:39 - 000788256 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-18 02:53 - 2018-06-08 17:39 - 083524384 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-05-19 15:30 - 2018-06-08 17:42 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-07-28 14:05 - 2018-06-08 17:39 - 002253600 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2017-07-28 14:05 - 2018-06-08 17:39 - 000109856 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:395C04BE53263E9E [1]
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Users\All Users:395C04BE53263E9E [1]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\ProgramData\Application Data:395C04BE53263E9E [1]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\Users\Public\AppData:CSM [466]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\sharepoint.com -> hxxps://avaapcorp-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2018-05-09 23:13 - 000000053 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-517441185-2000574432-2814188571-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MJZ\AppData\Local\DisplayFusion\Wallpaper_1.png
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Razer Game Manager Service => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RzActionSvc => 2
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
MSCONFIG\startupfolder: C:^Users^MJZ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: BitTorrent Sync => "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe"  /MINIMIZED
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\MJZ\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\MJZ\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "tvncontrol"
HKLM\...\StartupApproved\Run: => "Bulldozers"
HKLM\...\StartupApproved\Run: => "Upwelling"
HKLM\...\StartupApproved\Run: => "Underprepared"
HKLM\...\StartupApproved\Run32: => "RzWizard"
HKLM\...\StartupApproved\Run32: => "Hecht"
HKLM\...\StartupApproved\Run32: => "Lampooned"
HKLM\...\StartupApproved\Run32: => "Kemal"
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk"
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "Gitter"
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "Amazon Drive"
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "electron.app.Zazu"
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "USB Guard"
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "Prime95"
HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "indolent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{77CCFE49-58ED-47CD-A7A4-3D385B6CBB39}E:\steam games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\steam games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{92108CDC-9DBF-407C-9B70-92532131EC37}E:\steam games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\steam games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{42C4E68C-C378-4A4D-B436-B0FEC07A70C2}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{67AE5F5A-3952-45FB-AA6A-317FC5E33FE4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{00C61AEF-836D-46E8-A416-7332101A31DA}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe
FirewallRules: [UDP Query User{77EFAD25-B2BF-429B-A92F-7F52889D77A8}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe
FirewallRules: [TCP Query User{EF77E755-B9DF-424B-A160-689ED4928FD3}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [UDP Query User{A06AF092-1111-4883-8379-159A040C86ED}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [TCP Query User{17F1F025-6D43-4848-A4B9-05FDDA17574A}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [UDP Query User{077ECBA3-EFD2-46BD-9433-B44BCE6D8247}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [TCP Query User{953467CA-5864-45D7-8FEE-2ABBFDE2661B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{96507CC8-6B9C-4D32-BEAA-31C378EFFF96}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{9E134752-C57C-4474-9118-1B211959B1EB}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{502682D8-7679-43C4-B57F-3B750326B1C5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{A3EFFE73-996C-437D-87A5-DA53B3AB1C75}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9E929AA1-F2A3-4B12-8B23-643E40299445}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8EF453E5-06D2-41AD-B699-C69D6254F9EC}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{DEA58A4B-F6BA-4D0A-96E3-E594C28E43EE}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{4D67D1C1-24F8-4A18-A1D8-FE4FB26C6167}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{16C9986C-9EDD-46A7-BE1B-2FA30AA9B710}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC9D5355-04F1-4C79-8CBE-4BAB76C31F4B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4134C0FB-5BE1-49FD-AAB5-CE616C6097B1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7015670C-B5D6-46B9-BF8F-E4EE33B547EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacknet\Hacknet.exe
FirewallRules: [{5D5497E1-29B4-421A-80B8-00C8086784D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacknet\Hacknet.exe
FirewallRules: [{E2387D64-7123-4E7E-9E6B-CD11CFCCD8D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe
FirewallRules: [{9D89C43F-23B3-4EEC-A6F8-AFBA538972FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe
FirewallRules: [{2F7C58D7-034F-450C-9BF7-2E2EB97584FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bigscreen\Bigscreen.exe
FirewallRules: [{B6727107-5938-42C2-90D8-933A8F624F70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bigscreen\Bigscreen.exe
FirewallRules: [{63CC9D10-B255-4EF4-ABEF-5301E254C878}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Pirate Trainer VR\SpacePirateVR.exe
FirewallRules: [{679D0D17-D8D0-414F-88A6-50BF5C406C93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Pirate Trainer VR\SpacePirateVR.exe
FirewallRules: [{D0A64C67-A261-4E51-A00E-7381D87A9962}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Lab\TheLab\win64\TheLab.exe
FirewallRules: [{2E8394C8-58D8-4406-81E7-BF1563F2B076}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Lab\TheLab\win64\TheLab.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2018 07:48:00 PM) (Source: ESENT) (EventID: 544) (User: )
Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1).

The flush state on database page 17151 (0x42FF) was 0 while the flush state on flush map page 0 (0x0) was 1.

If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (06/12/2018 07:48:00 PM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (06/12/2018 06:48:00 PM) (Source: ESENT) (EventID: 544) (User: )
Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1).

The flush state on database page 17151 (0x42FF) was 0 while the flush state on flush map page 0 (0x0) was 1.

If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (06/12/2018 06:48:00 PM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (06/12/2018 05:48:00 PM) (Source: ESENT) (EventID: 544) (User: )
Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1).

The flush state on database page 17151 (0x42FF) was 0 while the flush state on flush map page 0 (0x0) was 1.

If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (06/12/2018 05:48:00 PM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (06/12/2018 04:48:00 PM) (Source: ESENT) (EventID: 544) (User: )
Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1).

The flush state on database page 17151 (0x42FF) was 0 while the flush state on flush map page 0 (0x0) was 1.

If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (06/12/2018 04:48:00 PM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


System errors:
=============
Error: (06/12/2018 08:43:01 PM) (Source: DCOM) (EventID: 10010) (User: MJZ-PC)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (06/12/2018 08:41:01 PM) (Source: DCOM) (EventID: 10010) (User: MJZ-PC)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (06/12/2018 08:39:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (06/12/2018 08:39:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (06/12/2018 08:39:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (06/12/2018 08:39:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (06/12/2018 08:39:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (06/12/2018 08:39:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Windows Defender:
===================================
Date: 2018-05-09 22:58:48.311
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Linkhortry!blnk&threatid=235116&enterprise=0
Name: BrowserModifier:Win32/Linkhortry!blnk
ID: 235116
Severity: High
Category: Browser Modifier
Path: containerfile:_C:\Users\MJZ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk;file:_C:\Users\MJZ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk->[CMDEmbedded]
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\ProgramData\Subair\Subair.exe
Signature Version: AV: 1.267.1090.0, AS: 1.267.1090.0, NIS: 1.267.1090.0
Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3

Date: 2018-05-09 22:58:15.746
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\foldershare\uninstaller.exe;file:_C:\Users\MJZ\AppData\Local\Temp\cfvljamq.uwl\Pub1.exe;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\foldershare;uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\foldershare
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Nexus Mod Manager\YYAXJWB7RFDEBHE75I6YL5C5OJCC4ZJEVZ90ONFE0Z5FM6N\UhM_KV-S0N.exe
Signature Version: AV: 1.267.1090.0, AS: 1.267.1090.0, NIS: 1.267.1090.0
Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3

Date: 2018-05-09 22:58:00.003
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Linkhortry!blnk&threatid=235116&enterprise=0
Name: BrowserModifier:Win32/Linkhortry!blnk
ID: 235116
Severity: High
Category: Browser Modifier
Path: file:_C:\Users\MJZ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk->[CMDEmbedded]
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\ProgramData\Subair\Subair.exe
Signature Version: AV: 1.267.1090.0, AS: 1.267.1090.0, NIS: 1.267.1090.0
Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3

Date: 2018-05-09 22:57:40.067
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files\Nexus Mod Manager\YYAXJWB7RFDEBHE75I6YL5C5OJCC4ZJEVZ90ONFE0Z5FM6N\CNO+MkKç5z.exe;file:_C:\Users\MJZ\AppData\Local\Temp\yclkey2d.ic2\system.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Nexus Mod Manager\YYAXJWB7RFDEBHE75I6YL5C5OJCC4ZJEVZ90ONFE0Z5FM6N\UhM_KV-S0N.exe
Signature Version: AV: 1.267.1090.0, AS: 1.267.1090.0, NIS: 1.267.1090.0
Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3

Date: 2018-05-09 22:57:31.604
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files\Nexus Mod Manager\YYAXJWB7RFDEBHE75I6YL5C5OJCC4ZJEVZ90ONFE0Z5FM6N\CNO+MkKç5z.exe;file:_C:\Users\MJZ\AppData\Local\Temp\yclkey2d.ic2\system.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Nexus Mod Manager\YYAXJWB7RFDEBHE75I6YL5C5OJCC4ZJEVZ90ONFE0Z5FM6N\UhM_KV-S0N.exe
Signature Version: AV: 1.267.1090.0, AS: 1.267.1090.0, NIS: 1.267.1090.0
Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3

CodeIntegrity:
===================================

Date: 2018-06-12 20:35:12.899
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-12 20:35:12.898
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-12 20:14:24.664
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-12 20:14:24.663
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-12 19:50:12.560
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-12 19:50:12.559
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-12 19:50:03.942
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-12 19:50:03.941
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
Percentage of memory in use: 47%
Total physical RAM: 16341.19 MB
Available physical RAM: 8585.38 MB
Total Virtual: 17365.19 MB
Available Virtual: 5522.67 MB

==================== Drives ================================

Drive ? () (Fixed) (Total:446.69 GB) (Free:144.74 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (New Volume) (Fixed) (Total:902.63 GB) (Free:883.94 GB) NTFS

\\?\Volume{07f00399-0000-0000-0000-30ac6f000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 07F00399)
Partition 1: (Active) - (Size=446.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 516D590C)
Partition 1: (Active) - (Size=487 MB) - (Type=82)
Partition 2: (Not Active) - (Size=28.4 GB) - (Type=05)
Partition 3: (Not Active) - (Size=902.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Link to post
Share on other sites

Hello 2Seconds2,

The logs from FRST indicate your system is still exploited with smartservice infection, at present there is no security program available (including Malwarebytes) that can defeat smartservice protective rootkit from Normal Windows. The only way to do that action is with FRST via the Recovery Environment.

Until this infection is defeated do not use the exploited system for any actions with financial implications! You will need access to a spare PC and a USB Flashdrive 4GB or above....

First do the following on the infected PC:

Open FRST, copy/paste the following inside the text area of FRST. Once done, click on the Fix button. A file called fixlog.txt should appear on your desktop or the folder you saved FRST to. Attach it in your next reply.

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
End::

user posted image

Next,

Boot up your spare PC plug in the flash drive, navigate to that drive, right click on it direct and select format. Quick option is adequate...

Next,

On that same PC downoad and save FRST to same Flash drive, make sure to get the correct version, if you are unsure d/l and save both, only the correct one will run. Do not plug Flash Drive into sick PC until booted to Recovery Environment.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Next,

Boot sick PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference...

https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

Next,

From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10

user posted image


From that window select "Troubleshoot"


user posted image


From the next window select "Advance Options"


user posted image


From that Window select "Command Prompt"

Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open......

Continue with the following:
 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" or "My PC" and find your flash drive letter and close the notepad.
  • In the command window type E:\frst64 or E:\frst depending on your version. Press Enter Note: Replace letter E with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Leave the infected PC in Recovery mode, post the produced log from your flash drive via the spare PC....

Thank you,

Kevin..
Link to post
Share on other sites

Hi Kevin,

Im having trouble getting a Frst text log to appear after running it from the flashdrive. I have entered recovery mode but whenever it wants to run the program it doesnt scan anything. I was able to try another way and when I put the admin password it keeps saying its incorrect. Any further guidance would be appreciated.

Link to post
Share on other sites

Hi Kevin,

Yes I am still having trouble. I got the program to run but it only scans a couple of items then stops. Whenever I try to open the txt file that it creates it, it doesn't have anything in it. Sorry for the delay between response. Hope we can continue working to trying to fix this computer.

 

Thanks.

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.