Joined
Sep 21, 2018
Messages
2
Operating System
Windows 7
#1
Hello:
I am struggling with this piece of malware. I have followed the instructions on this site, found HERE:


However, it has not worked and the malware is still present within the Goggle Preferences File. I have performed the FRST.txt and Addition.txt checks, but cannot find the Upload a File button on this page. I am therefore posting below.

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018
Ran by StephenDJButler (administrator) on STEPHENBUTLER (21-09-2018 16:40:13)
Running from D:\Downloads
Loaded Profiles: StephenDJButler (Available Profiles: StephenDJButler & Gaming & Recording & Guest & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
(Samsung Electronics Co.,Ltd) D:\Program Files\Samsung Link\Samsung Link.exe
(Samsung Electronics Co.,Ltd) D:\Program Files\Samsung Link\Samsung Link.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144184 2016-12-13] (Check Point Software Technologies Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\Run: [uTorrent] => C:\Users\StephenDJButler\AppData\Roaming\uTorrent\uTorrent.exe [1987512 2018-06-21] (BitTorrent Inc.)
HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64"
HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1"
HKU\S-1-5-21-410353808-276946841-1970485010-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-410353808-276946841-1970485010-1001] => localhost:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{ABCF391B-B915-442A-AA97-85DE20F3DA50}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{ABCF391B-B915-442A-AA97-85DE20F3DA50}: [DhcpNameServer] 35.197.209.21 1.1.1.1
Tcpip\..\Interfaces\{E2C53DA9-6A8D-480F-B3FF-3445BEA24857}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E2C53DA9-6A8D-480F-B3FF-3445BEA24857}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-05-20] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-09-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-05-20] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-09-16] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-11] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-11] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-11] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-03-24] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-02-06] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-05-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-05-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-11] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-08-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-08-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> D:\Program Files\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\Program Files\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR NewTab: Default -> Not-active:"chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
CHR DefaultSearchKeyword: Default -> drive
CHR Profile: C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default [2018-09-21]
CHR Extension: (Slides) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Floorplanner) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2017-01-28]
CHR Extension: (AccuRadio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnjfaipcnkkaepmlkobfohnlmdpfflm [2017-01-28]
CHR Extension: (Retrovision Classic Movies) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicmlhggpfoibmneibkkpicohhccepeb [2017-01-28]
CHR Extension: (Docs) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-28]
CHR Extension: (TV) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2017-01-28]
CHR Extension: (Google Docs Quick Create) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldgenmjegcnjebiongilahhcjldgmlm [2017-05-26]
CHR Extension: (YouTube) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-28]
CHR Extension: (Radio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmbklidifcgaleiiamhcfiaflkaajgni [2018-01-07]
CHR Extension: (Set Character Encoding) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpojelgakakmcfmjfilgdlmhefphglae [2017-10-28]
CHR Extension: (Advanced Font Settings) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2017-01-28]
CHR Extension: (OnWebRadio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfoadkpfdbkifpnbjfcccbncbmjajnfh [2017-01-28]
CHR Extension: (Google Tips) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2017-01-28]
CHR Extension: (MakeGIF Video Capture) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhdjbfjheoohmhpakglckehdcgfffbl [2017-06-09]
CHR Extension: (Quick Search for Google Drive™) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddebdlfmldojeofgkeocjdkloocegmae [2017-01-28]
CHR Extension: (FLV Player) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogabmliblgpadclikpkjfnnipeebjm [2017-12-06]
CHR Extension: (Letterboxd Movie Assistant) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlicmihnogpoemhcegbnhbmncbkoidjo [2017-09-16]
CHR Extension: (Gmail Offline) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2017-01-28]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2017-01-28]
CHR Extension: (Sheets) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Podbay) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgclhigcifiacijciojhdhhkpfoihbmd [2017-01-28]
CHR Extension: (Word Online) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2017-01-28]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-06-14]
CHR Extension: (World tv) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdejljjjgegbbgoopclmcaabkjlbcmdm [2017-12-26]
CHR Extension: (Google Docs Offline) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-18]
CHR Extension: (TweetDeck by Twitter) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-01-28]
CHR Extension: (TuneIn Radio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhkolpgedpldcfmkgbdokgiljfbblpfj [2017-01-28]
CHR Extension: (Amazon Storywriter) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmcnhpcghhifadgblhkonelnmbenkeep [2018-04-14]
CHR Extension: (Comedy Radio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpmejdihoeonnkamggabbkibfgfdecj [2017-01-28]
CHR Extension: (Excel Online) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2017-01-28]
CHR Extension: (The West) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkgeioneoemibpddeiamfgiofnpjifm [2017-01-28]
CHR Extension: (Dropbox) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2018-03-22]
CHR Extension: (SoundCloud) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2017-01-28]
CHR Extension: (Font Changer with Google Web Fonts™) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjhhoglgjdklldfgoffdiaceffijeke [2017-11-27]
CHR Extension: (Grammarly for Chrome) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-09-11]
CHR Extension: (Adblock Plus Pro) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdjhcbppaonjcpcemdbhiainiljlpepo [2017-01-29]
CHR Extension: (WordPress.com) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2017-01-28]
CHR Extension: (Hootsuite) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2017-01-28]
CHR Extension: (Momentum) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2018-09-20]
CHR Extension: (Google Maps) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-01-28]
CHR Extension: (Old Time Radio Player) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\mobkgbcjlihocgpnkcdplmnhalhknlnh [2017-01-28]
CHR Extension: (OneDrive) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2017-01-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Retrovision Old Time Radio - Retrovision.tv) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\obeghhdggacmnaoghpjaibgdpfjcoege [2017-01-28]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2017-01-28]
CHR Extension: (Gmail) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-28]
CHR Extension: (Chrome Media Router) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-13]
CHR Extension: (MyMusicCloud) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaelelbkmommhmjlepigoiepmdaihbk [2017-01-28]
CHR Profile: C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-05]
CHR HKLM-x32\...\Chrome\Extension: [flljooaijgdgaaogmfhakpojmddcjjmj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9658664 2018-09-08] (Microsoft Corporation)
S3 CWUpdaterDaemon; C:\Program Files (x86)\CheckPoint\Parental Controls\bin\cwupdater.exe [9729368 2015-08-13] (ContentWatch, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-09-21] (SurfRight B.V.)
S3 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1157752 2016-03-25] (Check Point Software Technologies LTD)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 mi-raysat_3dsmax2016_64; D:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed]
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 Samsung Link Service; D:\Program Files\Samsung Link\Samsung Link.exe [623848 2016-03-09] (Samsung Electronics Co.,Ltd)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2015-11-19] (Microsoft Corporation) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4087568 2016-12-13] (Check Point Software Technologies Ltd.)
S3 VSStandardCollectorService140; D:\Program Files\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm AntiTheft; C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [3008824 2016-12-13] (Check Point Software Technologies Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1040184 2016-12-13] (Check Point Software Technologies Ltd.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R3 echo1394; C:\Windows\System32\DRIVERS\echo1394.sys [91944 2013-01-24] (Echo Digital Audio Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-07-12] (Malwarebytes)
S3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-07-17] (Check Point Software Technologies LTD)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2016-03-25] (Check Point Software Technologies LTD)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-08-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [180560 2016-08-02] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [292176 2016-08-02] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1015120 2016-08-02] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126808 2016-08-02] (AO Kaspersky Lab)
R3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [34184 2016-12-14] (KORG INC.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193256 2018-09-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [117472 2018-09-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [52328 2018-09-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [259360 2018-09-21] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [98616 2018-09-21] (Malwarebytes)
S3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [55856 2014-08-30] (MusicLab, Inc.)
S3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2506384 2015-08-12] (MediaTek Inc.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [65792 2018-08-21] (NVIDIA Corporation)
S3 Phosgene; C:\Windows\System32\DRIVERS\Phosgene.sys [33672 2015-09-02] (Adoriasoft LLC)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Resplendence Software Projects Sp.)
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2016-07-24] (Rsupport Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2017-03-18] (Check Point Software Technologies Ltd.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S1 aeicrvpl; \??\C:\Windows\system32\drivers\aeicrvpl.sys [X]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
S1 cubvdwlj; \??\C:\Windows\system32\drivers\cubvdwlj.sys [X]
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]
S1 jjpwxgnf; \??\C:\Windows\system32\drivers\jjpwxgnf.sys [X]
S1 malwgnfd; \??\C:\Windows\system32\drivers\malwgnfd.sys [X]
S3 mdf16; \??\D:\Program Files (x86)\mdf16.sys [X]
S3 mvd23; \??\D:\Program Files (x86)\mvd23.sys [X]
S1 nahbaxkg; \??\C:\Windows\system32\drivers\nahbaxkg.sys [X]
S1 pzhubuzu; \??\C:\Windows\system32\drivers\pzhubuzu.sys [X]
S1 rlijrmgr; \??\C:\Windows\system32\drivers\rlijrmgr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-21 16:35 - 2018-09-21 16:40 - 000000000 ___DC C:\FRST
2018-09-21 16:19 - 2018-09-21 16:25 - 000000000 ____D C:\Users\StephenDJButler\AppData\LocalLow\uTorrent
2018-09-21 16:14 - 2018-09-21 16:16 - 000000000 ___DC C:\AdwCleaner
2018-09-21 16:02 - 2018-09-21 16:02 - 000002314 _____ C:\Windows\system32\.crusader
2018-09-21 15:52 - 2018-09-21 15:52 - 000001900 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-09-21 15:52 - 2018-09-21 15:52 - 000000000 ___DC C:\Program Files\HitmanPro
2018-09-21 15:52 - 2018-09-21 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-09-21 15:50 - 2018-09-21 16:02 - 000000000 ____D C:\ProgramData\HitmanPro
2018-09-21 05:51 - 2018-09-21 16:20 - 000052328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-09-21 05:50 - 2018-09-21 16:20 - 000117472 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-09-21 05:50 - 2018-09-21 16:19 - 000259360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-09-21 05:50 - 2018-09-21 16:19 - 000098616 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-09-21 05:50 - 2018-09-21 05:50 - 000193256 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-09-16 17:11 - 2018-09-16 17:11 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-09-16 17:11 - 2018-09-16 17:11 - 000002386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-09-16 17:11 - 2018-09-16 17:11 - 000002385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-09-16 17:11 - 2018-09-16 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-09-16 09:02 - 2018-09-16 15:23 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\MusicBee
2018-09-16 09:01 - 2018-09-16 09:01 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee
2018-09-16 09:01 - 2018-09-16 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee
2018-09-15 17:17 - 2018-09-15 17:17 - 000000000 ___HD C:\ProgramData\CanonIJFAX
2018-09-15 17:17 - 2018-09-15 17:17 - 000000000 ___HD C:\ProgramData\CanonBJ
2018-09-15 17:17 - 2017-04-03 06:00 - 000254464 _____ (CANON INC.) C:\Windows\system32\CNCALDL.DLL
2018-09-15 17:16 - 2017-03-30 05:00 - 001302016 _____ (CANON INC.) C:\Windows\system32\CNMLMDL.DLL
2018-09-15 17:15 - 2017-02-27 09:14 - 000379392 _____ (CANON INC.) C:\Windows\system32\CNC_DLL.dll
2018-09-15 17:15 - 2017-02-07 16:57 - 000098560 _____ C:\Windows\system32\CNC1823D.TBL
2018-09-15 17:15 - 2016-10-26 11:31 - 000559616 _____ (CANON INC.) C:\Windows\system32\CNC_DLC.dll
2018-09-15 17:15 - 2016-10-26 11:31 - 000273408 _____ (CANON INC.) C:\Windows\system32\CNC_DLI.dll
2018-09-15 15:06 - 2018-09-15 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-15 15:06 - 2018-09-15 15:06 - 000000000 ___DC C:\Program Files\Malwarebytes
2018-09-15 15:06 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-09-13 20:42 - 2018-09-13 20:42 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\4kdownload.com
2018-09-12 05:31 - 2018-08-31 16:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2018-09-12 05:31 - 2018-08-31 16:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-09-12 05:31 - 2018-08-30 02:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2018-09-12 05:31 - 2018-08-30 02:10 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-12 05:31 - 2018-08-28 06:50 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-12 05:31 - 2018-08-24 20:47 - 000398424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-12 05:31 - 2018-08-24 19:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-09-12 05:31 - 2018-08-24 00:05 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-12 05:31 - 2018-08-23 23:45 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-12 05:31 - 2018-08-23 23:43 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-12 05:31 - 2018-08-23 23:43 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-12 05:31 - 2018-08-23 23:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-12 05:31 - 2018-08-23 23:34 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-12 05:31 - 2018-08-23 23:34 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-12 05:31 - 2018-08-23 23:33 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-12 05:31 - 2018-08-23 23:33 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-12 05:31 - 2018-08-23 23:33 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-12 05:31 - 2018-08-23 23:27 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-12 05:31 - 2018-08-23 23:24 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-12 05:31 - 2018-08-23 23:15 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-12 05:31 - 2018-08-23 23:15 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-12 05:31 - 2018-08-23 23:13 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-12 05:31 - 2018-08-23 23:12 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-12 05:31 - 2018-08-23 23:03 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-12 05:31 - 2018-08-23 23:01 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-12 05:31 - 2018-08-23 23:00 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-12 05:31 - 2018-08-23 22:59 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-12 05:31 - 2018-08-23 22:59 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-12 05:31 - 2018-08-23 22:52 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-12 05:31 - 2018-08-23 22:40 - 001555456 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-12 05:31 - 2018-08-23 22:28 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-12 05:31 - 2018-08-23 22:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-09-12 05:31 - 2018-08-23 22:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-09-12 05:31 - 2018-08-23 22:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-09-12 05:31 - 2018-08-23 22:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-09-12 05:31 - 2018-08-23 22:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-09-12 05:31 - 2018-08-23 22:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-09-12 05:31 - 2018-08-23 22:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-09-12 05:31 - 2018-08-23 21:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-09-12 05:31 - 2018-08-23 21:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-09-12 05:31 - 2018-08-23 21:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-09-12 05:31 - 2018-08-23 21:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-09-12 05:31 - 2018-08-23 21:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-09-12 05:31 - 2018-08-23 21:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-09-12 05:31 - 2018-08-23 21:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-09-12 05:31 - 2018-08-23 21:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-09-12 05:31 - 2018-08-23 21:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-09-12 05:31 - 2018-08-23 21:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-09-12 05:31 - 2018-08-23 21:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-09-12 05:31 - 2018-08-13 16:54 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-12 05:31 - 2018-08-13 16:54 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-12 05:31 - 2018-08-13 16:54 - 001888768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-12 05:31 - 2018-08-13 16:54 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-12 05:31 - 2018-08-13 16:53 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-12 05:31 - 2018-08-13 16:53 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-12 05:31 - 2018-08-13 16:41 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-09-12 05:31 - 2018-08-13 16:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-09-12 05:31 - 2018-08-13 16:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-09-12 05:31 - 2018-08-13 16:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-09-12 05:31 - 2018-08-13 16:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2018-09-12 05:31 - 2018-08-12 21:32 - 000378464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-12 05:31 - 2018-08-12 21:31 - 001894496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-12 05:31 - 2018-08-12 21:31 - 000289376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-12 05:31 - 2018-08-10 16:59 - 005552816 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-12 05:31 - 2018-08-10 16:59 - 000154800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-12 05:31 - 2018-08-10 16:58 - 000385120 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-12 05:31 - 2018-08-10 16:58 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-12 05:31 - 2018-08-10 16:58 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-12 05:31 - 2018-08-10 16:57 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-09-12 05:31 - 2018-08-10 16:57 - 000631624 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-09-12 05:31 - 2018-08-10 16:56 - 001664296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-12 05:31 - 2018-08-10 16:55 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-12 05:31 - 2018-08-10 16:55 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-09-12 05:31 - 2018-08-10 16:55 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-09-12 05:31 - 2018-08-10 16:55 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-09-12 05:31 - 2018-08-10 16:55 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-12 05:31 - 2018-08-10 16:55 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-12 05:31 - 2018-08-10 16:55 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-12 05:31 - 2018-08-10 16:55 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-12 05:31 - 2018-08-10 16:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-12 05:31 - 2018-08-10 16:55 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-12 05:31 - 2018-08-10 16:55 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-09-12 05:31 - 2018-08-10 16:54 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-12 05:31 - 2018-08-10 16:54 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-12 05:31 - 2018-08-10 16:54 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-09-12 05:31 - 2018-08-10 16:54 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-12 05:31 - 2018-08-10 16:54 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-12 05:31 - 2018-08-10 16:54 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-09-12 05:31 - 2018-08-10 16:54 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-12 05:31 - 2018-08-10 16:54 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-12 05:31 - 2018-08-10 16:54 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-12 05:31 - 2018-08-10 16:54 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-12 05:31 - 2018-08-10 16:54 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-12 05:31 - 2018-08-10 16:54 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-12 05:31 - 2018-08-10 16:54 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-09-12 05:31 - 2018-08-10 16:53 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-12 05:31 - 2018-08-10 16:53 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-09-12 05:31 - 2018-08-10 16:53 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-12 05:31 - 2018-08-10 16:53 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-12 05:31 - 2018-08-10 16:53 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-12 05:31 - 2018-08-10 16:53 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-12 05:31 - 2018-08-10 16:53 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-12 05:31 - 2018-08-10 16:53 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-12 05:31 - 2018-08-10 16:53 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-12 05:31 - 2018-08-10 16:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-09-12 05:31 - 2018-08-10 16:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-09-12 05:31 - 2018-08-10 16:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-09-12 05:31 - 2018-08-10 16:42 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-09-12 05:31 - 2018-08-10 16:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-09-12 05:31 - 2018-08-10 16:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-09-12 05:31 - 2018-08-10 16:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-09-12 05:31 - 2018-08-10 16:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-09-12 05:31 - 2018-08-10 16:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-09-12 05:31 - 2018-08-10 16:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-09-12 05:31 - 2018-08-10 16:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-09-12 05:31 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-09-12 05:31 - 2018-08-10 16:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-09-12 05:31 - 2018-08-10 16:27 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-12 05:31 - 2018-08-10 16:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-12 05:31 - 2018-08-10 16:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-12 05:31 - 2018-08-10 16:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-12 05:31 - 2018-08-10 16:21 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-12 05:31 - 2018-08-10 16:17 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-09-12 05:31 - 2018-08-10 16:17 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-12 05:31 - 2018-08-10 16:17 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-12 05:31 - 2018-08-10 16:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-09-12 05:31 - 2018-08-10 16:13 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-12 05:31 - 2018-08-10 16:13 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-12 05:31 - 2018-08-10 16:13 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-12 05:31 - 2018-08-10 16:12 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-12 05:31 - 2018-08-10 16:12 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-12 05:31 - 2018-08-10 16:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-12 05:31 - 2018-08-10 16:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-12 05:31 - 2018-08-10 16:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-12 05:31 - 2018-08-10 16:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-12 05:31 - 2018-08-10 16:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-09-12 05:31 - 2018-08-10 16:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-09-12 05:31 - 2018-08-10 16:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-09-12 05:31 - 2018-07-29 16:55 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-12 05:31 - 2018-07-18 16:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-12 05:30 - 2018-08-23 23:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-12 05:30 - 2018-08-23 23:56 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-12 05:30 - 2018-08-23 23:44 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-12 05:30 - 2018-08-23 23:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-12 05:30 - 2018-08-23 23:43 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-12 05:30 - 2018-08-23 23:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-12 05:30 - 2018-08-23 23:33 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-12 05:30 - 2018-08-23 23:19 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-12 05:30 - 2018-08-23 23:18 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-12 05:30 - 2018-08-23 23:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-12 05:30 - 2018-08-23 23:01 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-12 05:30 - 2018-08-23 22:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-09-12 05:30 - 2018-08-23 22:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-09-12 05:30 - 2018-08-23 22:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-09-12 05:30 - 2018-08-23 22:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-09-12 05:30 - 2018-08-23 22:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-09-12 05:30 - 2018-08-23 22:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-09-12 05:30 - 2018-08-23 22:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-09-12 05:30 - 2018-08-23 22:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-09-12 05:30 - 2018-08-23 21:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-09-12 05:30 - 2018-08-23 21:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-09-12 05:30 - 2018-08-23 21:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-09-12 05:30 - 2018-08-23 21:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-09-12 05:30 - 2018-08-23 21:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-09-12 05:30 - 2018-08-13 16:54 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-12 05:30 - 2018-08-13 16:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-12 05:30 - 2018-08-13 16:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-12 05:30 - 2018-08-13 16:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-09-12 05:30 - 2018-08-13 16:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2018-09-12 05:30 - 2018-08-13 16:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-09-12 05:30 - 2018-08-13 16:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2018-09-12 05:30 - 2018-08-12 21:28 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-12 05:30 - 2018-08-12 21:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2018-09-12 05:30 - 2018-08-10 16:55 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-12 05:30 - 2018-08-10 16:54 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-12 05:30 - 2018-08-10 16:54 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-12 05:30 - 2018-08-10 16:54 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-12 05:30 - 2018-08-10 16:54 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-12 05:30 - 2018-08-10 16:54 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-12 05:30 - 2018-08-10 16:54 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-09-12 05:30 - 2018-08-10 16:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-09-12 05:30 - 2018-08-10 16:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-09-12 05:30 - 2018-08-10 16:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-09-12 05:30 - 2018-08-10 16:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-09-12 05:30 - 2018-08-10 16:10 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-09-12 05:30 - 2018-08-10 16:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-09-12 05:30 - 2018-08-10 16:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-09-12 05:30 - 2018-08-10 16:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-09-12 05:30 - 2018-06-27 14:20 - 000419648 _____ C:\Windows\SysWOW64\locale.nls
2018-09-12 05:30 - 2018-06-27 14:19 - 000419648 _____ C:\Windows\system32\locale.nls
2018-09-10 16:50 - 2018-09-10 16:50 - 013422621 _____ C:\Users\StephenDJButler\Documents\MediaMonkey Scan Log (10-09-2018).txt
2018-09-10 12:56 - 2018-09-21 14:23 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\MediaMonkey
2018-09-10 12:56 - 2018-09-10 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2018-09-10 12:56 - 2018-09-10 12:56 - 000000000 ____D C:\ProgramData\MediaMonkey
2018-09-09 14:54 - 2018-09-09 14:54 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\GitHubVisualStudio
2018-09-08 14:18 - 2018-09-08 14:18 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\NVIDIA
2018-09-08 14:00 - 2018-09-08 14:00 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-09-08 14:00 - 2018-08-21 11:24 - 000132408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-09-08 13:58 - 2018-08-21 11:14 - 005947600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-09-08 13:58 - 2018-08-21 11:14 - 002612264 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-09-08 13:58 - 2018-08-21 11:14 - 001767632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-09-08 13:58 - 2018-08-21 11:14 - 000634352 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-09-08 13:58 - 2018-08-21 11:14 - 000450768 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-09-08 13:58 - 2018-08-21 11:14 - 000124216 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-09-08 13:58 - 2018-08-21 11:14 - 000083440 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-09-08 13:58 - 2018-08-02 23:32 - 008273432 _____ C:\Windows\system32\nvcoproc.bin
2018-09-08 13:57 - 2018-07-13 20:20 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-09-08 13:56 - 2018-08-22 17:12 - 000553200 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-09-08 13:56 - 2018-08-22 17:12 - 000458480 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-09-08 13:53 - 2018-09-08 13:56 - 000000000 ____D C:\Windows\system32\unknown
2018-09-08 13:53 - 2018-09-08 13:53 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-09-08 13:45 - 2018-08-22 17:12 - 040189616 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-09-08 13:45 - 2018-08-22 17:12 - 032457736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-09-08 13:45 - 2018-08-22 17:12 - 017014632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-09-08 13:45 - 2018-08-22 17:12 - 000628560 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-09-08 13:45 - 2018-08-22 17:12 - 000519120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 040346976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 035250176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 031248576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 025964944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 023305232 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 020330616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 019088480 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 017755768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 015699512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 015169920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 013732120 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 011276424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 004616904 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 004085328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 003967304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 003504968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 002015184 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439907.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 001564136 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 001467728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439907.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 001420296 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 001217352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 001159096 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 001093456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 000906608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 000546880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 000505592 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 000464536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 000420032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 000182624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 000164792 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 000159736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-09-08 13:45 - 2018-08-22 17:11 - 000142656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-09-08 13:45 - 2018-08-21 13:08 - 001688848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-09-08 13:45 - 2018-08-21 13:08 - 000227928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-09-08 13:45 - 2018-08-21 13:08 - 000065792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2018-09-08 13:45 - 2018-08-21 13:08 - 000047648 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-09-08 13:45 - 2018-08-21 13:08 - 000041866 _____ C:\Windows\system32\nvinfo.pb
2018-09-08 13:45 - 2018-08-21 13:08 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-09-08 13:45 - 2018-08-21 13:08 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-09-08 13:35 - 2018-06-08 02:59 - 000069544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-09-07 12:19 - 2018-09-07 12:19 - 000000000 ____D C:\Users\StephenDJButler\Documents\MEGA
2018-09-07 12:16 - 2018-09-07 12:32 - 000000000 ____D C:\Windows\System32\Tasks\MEGA
2018-09-03 13:01 - 2018-09-03 13:02 - 000077702 _____ C:\Windows\ntbtlog.txt
2018-09-03 12:38 - 2018-09-03 12:38 - 000456088 _____ C:\Windows\Minidump\090318-1539371-01.dmp
2018-08-30 16:13 - 2018-08-30 16:13 - 000427432 _____ C:\Windows\Minidump\083018-445226-01.dmp
2018-08-27 23:26 - 2018-08-27 23:26 - 000675984 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000457512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000386712 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000343192 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000274072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000248624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000089248 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000087352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000031896 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_1.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000028472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140_1.dll
2018-08-26 11:03 - 2018-08-26 11:03 - 000427424 _____ C:\Windows\Minidump\082618-52416-01.dmp
2018-08-25 10:36 - 2018-08-25 10:36 - 000427416 _____ C:\Windows\Minidump\082518-706840-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-21 16:27 - 2009-07-14 05:45 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-21 16:27 - 2009-07-14 05:45 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-21 16:26 - 2015-12-13 09:59 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\uTorrent
2018-09-21 16:25 - 2009-07-14 06:13 - 000893102 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-21 16:25 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-09-21 16:21 - 2015-12-15 11:04 - 000000000 ____D C:\ProgramData\NVIDIA
2018-09-21 16:19 - 2017-12-16 13:26 - 000000422 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2018-09-21 16:19 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-21 16:16 - 2016-04-25 12:42 - 000000000 ____D C:\Users\StephenDJButler\AppData\LocalLow\IObit
2018-09-20 19:36 - 2015-12-10 00:16 - 000000000 ____D C:\Program Files (x86)\Steam
2018-09-20 14:25 - 2018-04-06 12:17 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\Echo FireWire Console
2018-09-20 13:46 - 2015-12-10 00:08 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-09-20 13:45 - 2018-06-27 07:03 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 13:45 - 2018-06-27 07:03 - 000003790 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 13:44 - 2018-06-27 07:03 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 13:44 - 2018-06-27 07:03 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 13:44 - 2018-06-27 07:03 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 13:44 - 2018-04-12 16:04 - 000003940 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 13:44 - 2016-12-30 17:27 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 13:44 - 2016-10-25 12:46 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 13:44 - 2016-10-25 12:46 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 13:44 - 2016-10-25 12:46 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 13:44 - 2016-10-25 12:46 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 13:44 - 2015-12-10 00:08 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-09-20 13:44 - 2015-12-10 00:05 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-09-20 11:21 - 2016-03-05 19:25 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\REAPER
2018-09-20 11:19 - 2016-03-06 12:01 - 000000000 ____D C:\Users\StephenDJButler\Documents\REAPER Media
2018-09-20 11:15 - 2017-07-18 09:47 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\audacity
2018-09-20 10:23 - 2018-08-08 11:07 - 000000000 ____D C:\Users\StephenDJButler\Desktop\Reg Keys, .Bat Files, etc
2018-09-18 08:03 - 2016-05-01 20:42 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\vlc
2018-09-18 05:04 - 2017-01-28 10:24 - 000002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-16 18:24 - 2018-08-07 21:46 - 000000000 ___RD C:\Users\StephenDJButler\Desktop\Programs, etc
2018-09-16 17:16 - 2015-12-14 17:41 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-16 17:11 - 2016-04-07 15:55 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-09-16 17:11 - 2016-04-07 15:55 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-09-16 17:11 - 2016-04-07 15:55 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-09-16 17:11 - 2016-04-07 15:55 - 000002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-09-16 17:10 - 2016-04-07 15:49 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-09-16 09:02 - 2017-10-31 18:52 - 000000714 _____ C:\Users\Recording\Desktop\MusicBee.lnk
2018-09-16 09:02 - 2017-10-31 18:52 - 000000714 _____ C:\Users\Guest\Desktop\MusicBee.lnk
2018-09-16 09:02 - 2017-10-31 18:52 - 000000714 _____ C:\Users\Gaming\Desktop\MusicBee.lnk
2018-09-16 05:26 - 2018-03-04 09:07 - 000002199 _____ C:\Users\StephenDJButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-09-16 05:26 - 2017-07-28 06:48 - 000003202 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-410353808-276946841-1970485010-1001
2018-09-16 05:26 - 2017-07-07 14:52 - 000000000 ___RD C:\Users\StephenDJButler\OneDrive
2018-09-15 15:06 - 2015-12-21 11:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-15 14:22 - 2016-04-25 12:42 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\IObit
2018-09-15 13:59 - 2016-04-25 12:43 - 000000000 ____D C:\ProgramData\ProductData
2018-09-13 15:33 - 2017-03-01 13:31 - 000000000 ____D C:\Windows\rescache
2018-09-13 04:56 - 2009-07-14 05:45 - 005235312 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-12 19:50 - 2015-12-11 09:44 - 000000000 ____D C:\Windows\system32\MRT
2018-09-12 19:42 - 2015-12-11 09:44 - 139184408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-09-12 19:33 - 2015-12-10 11:30 - 000876968 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-09-12 12:45 - 2018-06-27 07:03 - 002622160 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2018-09-12 12:45 - 2018-06-27 07:03 - 002249424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2018-09-12 12:45 - 2018-06-27 07:03 - 001311952 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2018-09-12 11:23 - 2016-12-30 17:27 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-09-10 11:23 - 2015-12-24 14:20 - 000000000 ____D C:\Users\StephenDJButler\Documents\Visual Studio 2015
2018-09-09 16:03 - 2015-12-11 18:54 - 000000000 ____D C:\Users\StephenDJButler\Documents\Adobe
2018-09-08 13:58 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Help
2018-09-08 13:08 - 2016-04-25 12:42 - 000000000 ____D C:\ProgramData\IObit
2018-09-03 21:10 - 2017-07-13 10:59 - 000000000 ____D C:\Users\Recording
2018-09-03 21:10 - 2017-06-25 11:57 - 000000000 ____D C:\Users\Gaming
2018-09-03 21:10 - 2016-04-27 07:34 - 000000000 ____D C:\Users\Guest
2018-09-03 21:10 - 2016-02-10 17:22 - 000000000 ____D C:\Users\DefaultAppPool
2018-09-03 21:10 - 2016-02-06 11:11 - 000000000 ____D C:\Users\Classic .NET AppPool
2018-09-03 21:10 - 2015-12-09 23:57 - 000000000 ____D C:\Users\StephenDJButler
2018-09-03 21:09 - 2017-12-16 15:12 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\FreeFileViewer
2018-09-03 21:09 - 2016-07-24 16:59 - 000000000 ____D C:\ProgramData\RemotePC
2018-09-03 21:09 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2018-09-03 19:07 - 2016-04-09 15:00 - 000000000 ____D C:\ProgramData\Package Cache
2018-09-03 12:38 - 2015-12-12 16:14 - 000000000 ____D C:\Windows\Minidump
2018-09-03 12:25 - 2018-08-07 12:13 - 1388555772 ____N C:\Windows\MEMORY.DMP
2018-09-01 11:32 - 2016-03-31 16:04 - 000000000 ____D C:\Users\StephenDJButler\Documents\Addictive Drums 2 Logs
2018-08-25 19:59 - 2016-06-03 17:51 - 000000000 ___DC C:\Program Files\EaseUS

==================== Files in the root of some directories =======

2013-04-03 23:46 - 2013-04-03 23:46 - 000091648 _____ (Winaero - Free small and useful software for Windows) C:\Program Files\DeskthemepackInstaller.exe
2009-06-19 08:03 - 2009-06-19 08:03 - 000049152 _____ (Microsoft Corporation) C:\Program Files\Microsoft.Deployment.Compression.Cab.dll
2009-06-19 08:02 - 2009-06-19 08:02 - 000036864 _____ (Microsoft Corporation) C:\Program Files\Microsoft.Deployment.Compression.dll
2015-12-12 14:06 - 2015-12-12 14:06 - 000000604 _____ () C:\Program Files (x86)\STLL Notifier
2016-12-20 16:15 - 2016-12-20 16:25 - 000000132 _____ () C:\Users\StephenDJButler\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-05-29 19:05 - 2017-08-07 19:25 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Roaming\avoriontestfile
2018-01-22 08:43 - 2018-01-22 08:43 - 000000008 ___SH () C:\Users\StephenDJButler\AppData\Roaming\date
2018-01-22 08:43 - 2018-01-22 08:43 - 000000002 ___SH () C:\Users\StephenDJButler\AppData\Roaming\evf103
2016-01-19 15:06 - 2016-11-26 19:49 - 000099384 _____ () C:\Users\StephenDJButler\AppData\Roaming\inst.exe
2016-01-19 15:06 - 2016-11-26 19:49 - 000007859 _____ () C:\Users\StephenDJButler\AppData\Roaming\pcouffin.cat
2016-01-19 15:06 - 2016-11-26 19:49 - 000001167 _____ () C:\Users\StephenDJButler\AppData\Roaming\pcouffin.inf
2016-01-19 15:07 - 2016-11-26 19:49 - 000000033 _____ () C:\Users\StephenDJButler\AppData\Roaming\pcouffin.log
2016-01-19 15:06 - 2016-11-26 19:49 - 000082816 _____ (VSO Software) C:\Users\StephenDJButler\AppData\Roaming\pcouffin.sys
2016-03-25 15:36 - 2016-03-25 15:36 - 000327680 _____ () C:\Users\StephenDJButler\AppData\Local\178502EF-0290-41CE-9FCE-C846E56E8B13.Diagnose.Admin.2.etl
2016-03-25 15:36 - 2016-03-25 15:36 - 000262144 _____ () C:\Users\StephenDJButler\AppData\Local\178502EF-0290-41CE-9FCE-C846E56E8B13.Repair.Admin.3.etl
2016-03-25 15:36 - 2016-03-25 15:36 - 000262144 _____ () C:\Users\StephenDJButler\AppData\Local\178502EF-0290-41CE-9FCE-C846E56E8B13.Verify.Admin.4.etl
2016-03-25 15:36 - 2016-03-25 15:36 - 000327680 _____ () C:\Users\StephenDJButler\AppData\Local\30EFF69C-FF70-4B74-8FEE-2AE573237775.Diagnose.0.etl
2016-03-25 15:36 - 2016-03-25 15:36 - 000196608 _____ () C:\Users\StephenDJButler\AppData\Local\30EFF69C-FF70-4B74-8FEE-2AE573237775.Repair.Admin.0.etl
2016-03-25 14:31 - 2016-03-25 14:31 - 000003584 _____ () C:\Users\StephenDJButler\AppData\Local\7CEB9B2A0E395BD64E74381485A106AF.dll
2016-03-25 14:31 - 2016-03-25 14:31 - 000003072 _____ () C:\Users\StephenDJButler\AppData\Local\A1D76FF97175BF79025AB7AA1DDF0A2A.dll
2016-03-25 12:48 - 2016-03-25 12:48 - 000049208 _____ () C:\Users\StephenDJButler\AppData\Local\Administrator.bmp
2016-03-25 12:48 - 2016-03-25 12:49 - 000031832 _____ () C:\Users\StephenDJButler\AppData\Local\Administrator2.bmp
2016-04-19 15:39 - 2018-09-13 13:19 - 000001456 _____ () C:\Users\StephenDJButler\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-03-06 09:25 - 2016-03-31 08:11 - 000030526 _____ () C:\Users\StephenDJButler\AppData\Local\AdobeARM.log
2016-03-21 11:39 - 2016-03-21 18:29 - 000000783 _____ () C:\Users\StephenDJButler\AppData\Local\AdobeARM_NotLocked.log
2016-03-25 14:49 - 2016-03-25 15:41 - 000000968 _____ () C:\Users\StephenDJButler\AppData\Local\amt3.log
2016-03-28 11:58 - 2016-03-31 08:10 - 000228380 _____ () C:\Users\StephenDJButler\AppData\Local\ArmUI.ini
2016-03-25 13:35 - 2016-03-29 13:27 - 000001779 _____ () C:\Users\StephenDJButler\AppData\Local\chrome_installer.log
2016-05-19 13:35 - 2017-10-26 10:42 - 000018944 _____ () C:\Users\StephenDJButler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-25 14:31 - 2016-03-25 14:31 - 000090112 _____ () C:\Users\StephenDJButler\AppData\Local\dup2patcher.dll
2014-12-02 20:33 - 2014-12-02 20:33 - 000062988 _____ () C:\Users\StephenDJButler\AppData\Local\FLMobileAdd.bmp
2016-03-06 09:14 - 2016-03-06 09:14 - 000000000 ____N () C:\Users\StephenDJButler\AppData\Local\FXSAPIDebugLogFile.txt
2016-03-25 16:35 - 2016-03-25 16:35 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\FXSTIFFDebugLogFile.txt
2016-03-25 15:33 - 2014-05-13 01:36 - 525508520 ____N (Adobe Systems Incorporated) C:\Users\StephenDJButler\AppData\Local\gEzzEYDP.exe
2016-03-25 12:48 - 2016-03-25 12:48 - 000049208 _____ () C:\Users\StephenDJButler\AppData\Local\Guest.bmp
2016-03-25 12:48 - 2016-03-25 12:48 - 000049208 _____ () C:\Users\StephenDJButler\AppData\Local\HomeGroupUser$.bmp
2016-03-25 13:32 - 2016-03-25 13:32 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\isw_acc_80100000
2016-03-26 14:24 - 2016-02-11 19:38 - 001114112 _____ (Microsoft Corporation) C:\Users\StephenDJButler\AppData\Local\kernel32.dll
2016-03-22 18:53 - 2016-03-22 18:53 - 000098128 _____ () C:\Users\StephenDJButler\AppData\Local\MSIa286b.LOG
2016-03-25 08:12 - 2016-03-25 08:12 - 000000422 _____ () C:\Users\StephenDJButler\AppData\Local\NetFxUpdate_MagicISO_01D18665A2DA6CA4.log
2016-03-26 09:10 - 2016-03-30 18:54 - 001217182 _____ () C:\Users\StephenDJButler\AppData\Local\oobelib.log
2015-07-31 16:07 - 2015-07-31 16:07 - 000242864 ____R (Microsoft Corporation) C:\Users\StephenDJButler\AppData\Local\ose00000.exe
2016-03-25 10:39 - 2016-03-25 10:39 - 000000768 _____ () C:\Users\StephenDJButler\AppData\Local\PCW205.xml
2016-03-26 09:10 - 2016-03-30 18:54 - 000275632 _____ () C:\Users\StephenDJButler\AppData\Local\PDApp.log
2017-08-22 18:55 - 2017-08-22 18:55 - 000001309 _____ () C:\Users\StephenDJButler\AppData\Local\recently-used.xbel
2016-03-25 13:54 - 2016-03-25 13:54 - 000000018 _____ () C:\Users\StephenDJButler\AppData\Local\RemovalResult.txt
2016-08-02 11:39 - 2018-08-06 16:37 - 000007605 _____ () C:\Users\StephenDJButler\AppData\Local\Resmon.ResmonCfg
2016-03-25 12:12 - 2016-03-25 12:13 - 002564156 _____ () C:\Users\StephenDJButler\AppData\Local\SetupAdmin670.log
2016-03-24 19:47 - 2016-03-24 19:47 - 000015481 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603241847121168).log
2016-03-24 19:47 - 2016-03-24 19:47 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603241847191914).log
2016-03-24 19:47 - 2016-03-24 19:47 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603241847371354).log
2016-03-24 19:57 - 2016-03-24 19:57 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603241857251950).log
2016-03-25 08:48 - 2016-03-25 08:48 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603250748271D70).log
2016-03-25 08:48 - 2016-03-25 08:48 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603250748431678).log
2016-03-25 12:42 - 2016-03-25 12:42 - 000019370 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251141561778).log
2016-03-25 12:42 - 2016-03-25 12:42 - 000019370 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(20160325114244938).log
2016-03-25 12:46 - 2016-03-25 12:46 - 000019613 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251146451EF4).log
2016-03-25 13:15 - 2016-03-25 13:18 - 000067726 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(2016032512155022D0).log
2016-03-25 13:18 - 2016-03-25 13:18 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251218381CCC).log
2016-03-25 13:19 - 2016-03-25 13:24 - 000067733 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251219051FC0).log
2016-03-25 13:27 - 2016-03-25 13:27 - 000019613 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251227371894).log
2016-03-25 13:33 - 2016-03-25 13:33 - 000019362 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251233261884).log
2016-03-25 13:34 - 2016-03-25 13:34 - 000019366 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(20160325123423928).log
2016-03-25 13:34 - 2016-03-25 13:37 - 000066844 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251234491A60).log
2016-03-25 14:04 - 2016-03-25 14:31 - 000281676 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251304111778).log
2016-03-25 12:30 - 2016-03-25 12:33 - 042606592 _____ () C:\Users\StephenDJButler\AppData\Local\Skype.msi
2016-03-25 12:33 - 2016-03-25 12:34 - 005758976 _____ () C:\Users\StephenDJButler\AppData\Local\SkypeToolbars.msi
2016-03-25 09:23 - 2016-03-25 12:48 - 000031832 _____ () C:\Users\StephenDJButler\AppData\Local\StephenDJButler.bmp
2016-03-20 10:36 - 2016-03-20 10:36 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\TWAIN.LOG
2016-03-20 10:36 - 2016-03-20 10:36 - 000000002 _____ () C:\Users\StephenDJButler\AppData\Local\Twain001.Mtx
2016-03-25 12:01 - 2016-03-25 12:01 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{40A34BA2-F344-4932-9658-6E80A9B765CD} - OProcSessId.dat
2016-03-24 17:15 - 2016-03-24 17:15 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{4D121E73-1955-4016-9564-A480B490950F} - OProcSessId.dat
2016-03-25 12:01 - 2016-03-25 12:01 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{54CE436B-851B-4B03-815F-F18E639C8087} - OProcSessId.dat
2016-03-24 17:15 - 2016-03-24 17:15 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{7F166175-FAAB-4B96-8DE4-7D124F97F687} - OProcSessId.dat
2016-03-25 13:20 - 2016-03-25 13:20 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{B64E9B0B-E1A4-4FF3-A3B3-2B118FB2EF74} - OProcSessId.dat
2016-03-25 11:03 - 2016-03-25 11:03 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{C6DDC84D-5F70-4857-94D9-2F9CBE16B1EC} - OProcSessId.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-15 16:30

==================== End of FRST.txt ============================

Because the character limit of these messages is 110000 characters, I'm going to have to post ADDITION.txt in a separate post. Stand by your beds.

Sorry if this is a bit awkward, I hope you can help.

Cheers,
Stephen Butler
 
Operating System
Windows 7
Infection date and initial symptoms
Approx. 17 September
Current issues and symptoms
Pop up keeps appearing in Google.
Steps taken in order to remove the infection
Followed advice on this website.
System logs
Yes, I've uploaded the FRST.txt logs, Yes, I've uploaded both FRST.txt and Addition.txt logs, Yes and I've also uploaded logs from other scans that I've performed
Last edited by a moderator:
Joined
Sep 21, 2018
Messages
2
Operating System
Windows 7
#2
Hello again:

This is the file ADDITION.txt from my previous post:

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018
Ran by StephenDJButler (21-09-2018 16:40:50)
Running from D:\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-12-09 22:57:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-410353808-276946841-1970485010-500 - Administrator - Disabled)
Gaming (S-1-5-21-410353808-276946841-1970485010-1007 - Administrator - Enabled) => C:\Users\Gaming
Guest (S-1-5-21-410353808-276946841-1970485010-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-410353808-276946841-1970485010-1002 - Limited - Enabled)
Recording (S-1-5-21-410353808-276946841-1970485010-1008 - Administrator - Enabled) => C:\Users\Recording
StephenDJButler (S-1-5-21-410353808-276946841-1970485010-1001 - Administrator - Enabled) => C:\Users\StephenDJButler

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ZoneAlarm Extreme Security Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Extreme Security Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Extreme Security Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\uTorrent) (Version: 3.5.3.44428 - BitTorrent Inc.)
Ableton Live 9 Suite (HKLM\...\{7597F2DC-003A-476E-9281-774AB112B7BE}) (Version: 9.0.0.0 - Ableton)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Art Effects for PDR10 (HKLM\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)
Autodesk 3ds Max 2016 (HKLM\...\{52B37EC7-D836-0410-0464-3C24BCED2010}) (Version: 18.0.873.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 (HKLM\...\Autodesk 3ds Max 2016) (Version: 18.0.873.0 - Autodesk)
Autodesk 3ds Max 2016 Populate Data (HKLM\...\{57E92DED-DC7C-41E5-B9E1-76D83BD2EABE}) (Version: 18.0.0.0 - Autodesk)
Autodesk Civil View for 3ds Max 2016 64-bit (HKLM\...\{1C4FFAF0-6DBB-4F7A-A386-46747D060826}) (Version: 18.0.0.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2016 (HKLM\...\{9167CA34-4E58-49E3-8892-3C439739D2D3}) (Version: 18.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max (HKLM\...\{0BB716E0-1600-0610-0000-097DC2F354DF}) (Version: 16.0.394.0 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max (HKLM\...\Autodesk Revit Interoperability for 3ds Max ) (Version: 16.0.394.0 - Autodesk)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{54EFBCD2-A4FB-4C37-A720-9A8195EFC7B4}) (Version: 2.45.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{D7D0A0C9-6728-4FA3-B611-04FFDB739F97}) (Version: 2.83.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.1129a - CyberLink Corp.) Hidden
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
DirectX for Managed Code (HKLM\...\{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1) (Version: 1.0.0.0 - Sereby Corporation)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 399.07 - NVIDIA Corporation) Hidden
Driver Easy 5.5.6 (HKLM\...\DriverEasy_is1) (Version: 5.5.6 - Easeware)
dupeGuru (HKLM\...\{C11DACBD-8863-4AA4-94AD-708602F6F7EF}) (Version: 3.9.1 - Hardcoded Software)
EPSON XP-600 Series Printer Uninstall (HKLM\...\EPSON XP-600 Series) (Version: - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Java 8 Update 172 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
LatencyMon 6.51 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MediaInfo 0.7.99 (HKLM\...\MediaInfo) (Version: 0.7.99 - MediaArea.net)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10730.20102 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\OneDriveSetup.exe) (Version: 18.151.0729.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
MusicBee 3.2 (HKLM-x32\...\MusicBee) (Version: 3.2 - Steven Mayall)
MusicLab RealGuitar (64-bit) (HKLM\...\{C8B26887-0463-4441-8788-68496891D213}) (Version: 3.1.0.7127 - MusicLab, Inc.) Hidden
MusicLab RealLPC (HKLM\...\{38209080-8888-4418-8117-D190FC71BF58}) (Version: 3.0 - MusicLab, Inc.)
MusicLab Virtual Midi Driver (64-bit) (HKLM\...\{2B019162-86C7-4D14-AED0-2CB5110BA4FF}) (Version: 2.0.2.0 - MusicLab, Inc.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.11 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 399.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 399.07 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.15.0.164 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.15.0.164 - NVIDIA Corporation)
NVIDIA Graphics Driver 399.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.07 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
OpenIV (HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\OpenIV) (Version: 3.0.1004 - .black/OpenIV Team)
PowerDirector (HKLM\...\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}) (Version: 10.00.0000 - CyberLink Corp.) Hidden
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
Samsung Link 2.0.0.1603091618 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1603091618 - Samsung Electronics Co.,Ltd)
Spotify (HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
Universal CRT Tools x64 (HKLM\...\{4EE952FC-2888-39E8-75D5-E07FA9557985}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universe (HKLM\...\Universe Premium_is1) (Version: 1.6.0 CE - Team V.R)
WebM Project Directshow Filters (HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\webmdshow) (Version: - )
WhoCrashed 5.50 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows Media Player 64-bit Plug-in Fix (HKLM\...\{00a8ce68-cb2e-4652-aecd-c05c0d9d53a7}.sdb) (Version: - )
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
ZAR X (HKLM\...\{85DA9B81-D7F9-4165-8E62-F776B57213F8}_is1) (Version: - www.z-a-recovery.com)
ZoneAlarm Parental Controls (HKLM\...\{9D0D6B72-4C5C-498D-9A8A-DA53341E8BC1}) (Version: 7.2.6.1 - ContentWatch) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-410353808-276946841-1970485010-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-410353808-276946841-1970485010-1001_Classes\CLSID\{22A8794C-E808-52FA-40C1-F0D8F63A947A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-410353808-276946841-1970485010-1001_Classes\CLSID\{24734139-2E14-88F8-FDDF-194FDB2B19C4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-410353808-276946841-1970485010-1001_Classes\CLSID\{A2BF0F6E-3C7E-DEAE-4166-C94EDE356866}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-410353808-276946841-1970485010-1001_Classes\CLSID\{F57AEC8E-0F8D-F866-ABE0-8EC6A26B5B17}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\StephenDJButler\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\StephenDJButler\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\StephenDJButler\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\StephenDJButler\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\StephenDJButler\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\StephenDJButler\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\StephenDJButler\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-07-08] (Apple Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-23] (WinZip Computing, S.L.)
ContextMenuHandlers1-x32: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2016-12-13] (Check Point Software Technologies Ltd.)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\StephenDJButler\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\StephenDJButler\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\StephenDJButler\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-23] (WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-08-21] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => D:\Program Files\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-23] (WinZip Computing, S.L.)
ContextMenuHandlers6-x32: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2016-12-13] (Check Point Software Technologies Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00AA7AE5-4309-42E8-8043-F4DFAAD78CF0} - System32\Tasks\{59457D45-B68B-45CF-8266-9E7B3F5B58C9} => C:\Windows\system32\pcalua.exe -a "H:\Install\PC\Superior2 Sound Installer.exe" -d H:\Install\PC
Task: {026DC887-D0FB-405D-BCCA-C55945C7CB04} - \Kodjumho -> No File <==== ATTENTION
Task: {079735A0-6521-4690-A96F-AAF0B44EBA37} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-09-12] (NVIDIA Corporation)
Task: {0CC98B24-517B-47A8-88C4-D4DD5C8DE47D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {1435724C-6FFA-4B03-AD05-A3B62261D3B2} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {1E240503-CC39-4E0F-B8F5-8D8C46715E4D} - System32\Tasks\{236335D2-3A55-42E4-A971-837296759A21} => C:\Windows\system32\pcalua.exe -a "G:\Programs\Studio Hardware\VSL.Horizon.Series.Saxophones.Giga.DVDR-DELiRiUM\Soprano Saxophone\01 SXS_SHORT-NOTES.exe" -d "G:\Programs\Studio Hardware\VSL.Horizon.Series.Saxophones.Giga.DVDR-DELiRiUM\Soprano Saxophone"
Task: {210C4210-AA22-442E-86CF-6F687D70C239} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {28442908-5506-430D-9FB3-75E47F434471} - \{047D0C47-780A-080F-0511-7A7F050F110A} -> No File <==== ATTENTION
Task: {2B84A9D3-C807-4593-98DE-2822AFF3ABCB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-09-12] (NVIDIA Corporation)
Task: {2C6486BB-592D-4AF0-A927-D7C2028AFC69} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-09-12] (NVIDIA Corporation)
Task: {31061FDF-91C8-4CA3-923C-6101161EF77D} - System32\Tasks\{ABA1E552-6574-4FF3-BC03-28D39C7539D7} => C:\Windows\system32\pcalua.exe -a "G:\Programs\Studio Hardware\VSL.Horizon.Series.Saxophones.Giga.DVDR-DELiRiUM\Soprano Saxophone\20 SXS_PERF-LEGATO.exe" -d "G:\Programs\Studio Hardware\VSL.Horizon.Series.Saxophones.Giga.DVDR-DELiRiUM\Soprano Saxophone"
Task: {375E39F3-5623-421F-AC48-CF0BF1C581B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {3792F492-07D4-4EF6-AB8C-62738D899274} - System32\Tasks\{EE8FF74A-9B2C-4495-821B-8DE3DD145A67} => C:\Windows\system32\pcalua.exe -a H:\Autorun.exe -d H:\
Task: {39F56DDD-4D9E-4904-90F3-CC26B6128D90} - \{E208AF12-66D7-432F-9045-B0FD50ECD83A} -> No File <==== ATTENTION
Task: {3B205672-E76B-4716-BD81-EF9396E075FC} - System32\Tasks\{DD5DBC33-9D37-40FC-97B1-2D165BBDE246} => C:\Windows\system32\pcalua.exe -a "G:\Programs\DAMN NFO Viewer v2.10.0032\DAMN_NFO_Viewer_v2.10.0032-RC3-SETUP.exe" -d "G:\Programs\DAMN NFO Viewer v2.10.0032"
Task: {3BE8F574-E839-497F-B75F-822D996C9A02} - System32\Tasks\{653E7597-3391-45CE-800D-8A80C9E1C388} => C:\Windows\system32\pcalua.exe -a "K:\Programs & Applications\Studio Hardware & Software\mp3gain-win-full-1_2_5.exe" -d "K:\Programs & Applications\Studio Hardware & Software"
Task: {4549D647-718A-4B2C-AF7B-9FD26ECC30ED} - System32\Tasks\{E11DA0A3-9760-4DC0-AC1C-2CC0667475F8} => C:\Program Files (x86)\Toontrack\Toontrack solo\Toontrack solo.exe [2008-06-09] ()
Task: {53CFDBC2-922C-44A3-9BA1-5AE0E2ADF197} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {54FC67E2-C676-41FB-A70E-8BF2DE5C71AA} - System32\Tasks\{C4E1566B-2C80-4F53-9A3F-5DAD14BBC5DD} => G:\Programs\Microsoft_Office_2016_Professional_Plus_X64-CYGiSO\setup.exe
Task: {58FAB717-5A52-478A-B04E-52B3C48BA2B6} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe
Task: {604A7C65-A4B0-40BB-94BA-2D11EF6B8FF6} - System32\Tasks\{2587172E-AABC-4630-AD18-E30ED5CDC2AD} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.0.103&LastError=12002
Task: {684DE866-A4BC-45FB-972A-B1206D29081A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-09-12] (NVIDIA Corporation)
Task: {68F0681E-4364-47A2-A649-B64D2860F3B6} - System32\Tasks\Games\UpdateCheck_S-1-5-21-410353808-276946841-1970485010-1001
Task: {6A391AAF-63DF-4F5F-BFBF-497F27124C58} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-09-16] (Microsoft Corporation)
Task: {6E8452CC-BE21-43D3-ABC7-2C94FA197AA5} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
Task: {7B986C97-60BC-4360-ACFC-86DCF4F28767} - \{22F1EA4C-C05C-4DC8-A11B-A18168359FE0} -> No File <==== ATTENTION
Task: {7F3D7981-765B-45C2-BF3D-3B662F472CF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-10] (Google Inc.)
Task: {85C7506D-8DB6-464F-8095-744B5DC39B1B} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-09-16] (Microsoft Corporation)
Task: {85FFE57D-F98B-4787-899F-D3A502BE145F} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
Task: {87F9125B-9362-4D75-9F84-8198004CA07A} - \{A3ECDC93-1E93-05F7-12DA-7BC870255262} -> No File <==== ATTENTION
Task: {89537E23-B5DF-4A3B-851F-10FA8BCFF758} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-09-12] (NVIDIA Corporation)
Task: {8B7F597A-FED3-451F-8DDA-40F933F71409} - System32\Tasks\Games\UpdateCheck_S-1-5-21-410353808-276946841-1970485010-1007
Task: {8CBC47FF-F947-43E5-914B-0A43C4FC849F} - System32\Tasks\{DA7E6DAB-D52E-4BE6-B6D8-639A57AB24EA} => C:\Windows\system32\pcalua.exe -a "G:\Programs\Studio Hardware\VSL.Horizon.Series.Saxophones.Giga.DVDR-DELiRiUM\Soprano Saxophone\00 SXS_BASIC_SET.exe" -d "G:\Programs\Studio Hardware\VSL.Horizon.Series.Saxophones.Giga.DVDR-DELiRiUM\Soprano Saxophone"
Task: {8E3629E3-0480-478A-8886-B08DF473A10A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {92938B5C-885D-4948-930F-8719DBA2EC6E} - System32\Tasks\{AF5B4091-E048-4B12-9F05-5F8DBA30ACE2} => C:\Windows\system32\pcalua.exe -a "D:\Program Files\Uninstall.exe" -c "D:\Program Files\install.log" -u
Task: {958DDA92-4345-46F1-93E8-5A6281809939} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-08] (Microsoft Corporation)
Task: {97D351B4-2BBD-4996-9140-EB3290185D51} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {99176077-4CCB-4F3A-9892-9B5E5F7C502C} - System32\Tasks\{272E233C-7F40-4E61-A706-976DEAC9E2C8} => C:\Windows\system32\pcalua.exe -a "G:\Programs\Studio Hardware\Spectrasonics Stylus RMX\DVD2\Windows\Setup.exe" -d "G:\Programs\Studio Hardware\Spectrasonics Stylus RMX\DVD2\Windows"
Task: {998107AF-F4A6-4FDC-A888-1C77C380CEA4} - System32\Tasks\{8ED19CC9-F77E-4BFE-B054-73D3DF538B86} => C:\Windows\system32\pcalua.exe -a "G:\Programs\Studio Hardware\VSL.Horizon.Series.Saxophones.Giga.DVDR-DELiRiUM\Soprano Saxophone\02 SXS_LONG-NOTES.exe" -d "G:\Programs\Studio Hardware\VSL.Horizon.Series.Saxophones.Giga.DVDR-DELiRiUM\Soprano Saxophone"
Task: {9BEBA379-338D-4DA2-BF2A-A0F9BA91EB19} - System32\Tasks\{2D637B00-9B4E-4B92-A20F-BB0580421494} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\STEINB~1\VSTPLU~1\\GROOVE~1\UNWISE.EXE -c C:\PROGRA~2\STEINB~1\VSTPLU~1\\GROOVE~1\INSTALL.LOG
Task: {A0A7F8E6-30A9-49D8-9F04-06EF358D8CCB} - System32\Tasks\{CED6B9FB-54D5-428B-8255-75DD83A2C4E4} => C:\Windows\system32\pcalua.exe -a "G:\Programs\Studio Hardware\Spectrasonics Stylus RMX\DVD1\Windows\Setup.exe" -d "G:\Programs\Studio Hardware\Spectrasonics Stylus RMX\DVD1\Windows"
Task: {A2123DF6-0494-4040-A5E7-927768D1978C} - System32\Tasks\{9C651694-524F-4C9F-8391-5BCE7BA1735F} => C:\Windows\system32\pcalua.exe -a "D:\Temp\wzfaaf\Brooks Wackerman Grooves SD2\Brooks Wackerman Grooves MIDI Library Installer TT.exe" -d "I:\Programs\Studio Hardware\ToonTrack Superior Drummer" <==== ATTENTION
Task: {A41550CD-3B7B-4F84-A384-69DD272D581B} - System32\Tasks\WiseCleaner\WDCSkipUAC => D:\Program Files\Wise Disk Cleaner\WiseDiskCleaner.exe [2017-07-28] (WiseCleaner.com)
Task: {A484FE3B-80DB-4192-9FC3-F53A75F2B6ED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {A4917308-D421-4F4C-82E0-AFF5C3396A53} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-09-12] (NVIDIA Corporation)
Task: {A63C6DE4-945B-42AF-A610-A2E2FCF68FD9} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2015-12-30] (Bitberry Software) <==== ATTENTION
Task: {A78A2D83-AB24-402F-B491-E89191F2D6E9} - System32\Tasks\{6CAEE919-7C0A-4430-B65C-01D4750B8ACA} => C:\Windows\system32\pcalua.exe -a "G:\Programs\Studio Hardware\Spectrasonics Omnisphere 1.0\Omn CD1\Windows\setup.exe" -d "G:\Programs\Studio Hardware\Spectrasonics Omnisphere 1.0\Omn CD1\Windows"
Task: {AE14BC9C-2AA8-40DE-8153-ED234F1502C0} - System32\Tasks\{A00650AD-3906-4E61-B76C-EB8E125E37D1} => C:\Installer\{90160000-0011-0000-1000-0000000FF1CE}\accicons.exe <==== ATTENTION
Task: {B14E6CB2-25E4-45DB-BD40-5927FDD7F966} - \{59C80A6B-1D6A-4D8C-8D43-598C599A3BB1} -> No File <==== ATTENTION
Task: {B914130D-A555-428C-B7ED-910777C68BCD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {B9311606-F1FD-49AF-9AEB-1054A326C954} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {B9476EE5-22D3-45F8-8FD4-B0ED4F77294A} - System32\Tasks\AdobeAAMUpdater-1.0-StephenButler-StephenDJButler => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {BA42DA6E-5B78-4B75-ABF7-569E3501CF88} - System32\Tasks\{D13FF914-A5AC-4334-947A-748F58BB0BDC} => C:\Windows\system32\pcalua.exe -a "G:\Programs\WinAVI iPod PSP 3GP MP4 Video Converter\winavi_ipod_video_converter.exe" -d "G:\Programs\WinAVI iPod PSP 3GP MP4 Video Converter"
Task: {BB2AFEC2-7BCB-4134-ABD3-A1A6ADE7E1F2} - \SMDCDPVEUTMSAHBG -> No File <==== ATTENTION
Task: {C0B1603B-768A-4F39-B801-3665E7C96273} - \{3B795F3C-9CDC-4C8A-B336-C2BF69055898} -> No File <==== ATTENTION
Task: {D048549C-FF5F-4DBB-939B-7947FCECEFE0} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-09-12] (NVIDIA Corporation)
Task: {D18B05C4-9C6C-4D63-A323-B714422F6497} - System32\Tasks\{8DC8517C-4498-4B84-9834-CCCC941181C1} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\MagicISO\MagicISO.exe -d "K:\Games\The Movies" -c K:\Games\The Movies\The Movies.iso
Task: {D2346F50-6969-4980-AC4A-64E7F731D4C1} - System32\Tasks\{284E4932-522E-4C17-AD3F-CF93395A0F51} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\DeskthemepackInstaller.exe" -d "C:\Program Files"
Task: {D421E98F-5680-44C5-8DAE-BF9D2437F893} - System32\Tasks\{F70A9E80-9D32-48BF-AFE8-E60CCBB72286} => C:\Windows\system32\pcalua.exe -a D:\Downloads\ASIO4ALL_2_14_English.exe -d D:\Downloads
Task: {D641C94F-29FA-480F-8D41-61C1FF5BAE40} - System32\Tasks\{F60C56C6-78A4-4748-A63A-3B50ED2B537F} => C:\Windows\system32\pcalua.exe -a C:\Users\StephenDJButler\AppData\Roaming\Modinstaller\MCModinstaller.exe -d C:\Users\StephenDJButler\AppData\Roaming\Modinstaller
Task: {DB193BC4-9918-4497-AF2B-F52A2F1D4EFE} - System32\Tasks\{0F88EB0B-608D-4B1E-888F-A26B0672C3D2} => C:\Windows\system32\pcalua.exe -a D:\Downloads\WM9Codecs.exe -d D:\Downloads
Task: {DF96CCC8-2F59-42E0-8003-AF2F5BF98790} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-10] (Google Inc.)
Task: {E34BC5D0-E9C2-4756-89DA-961779E211FB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {E4DCE070-B1FA-4443-B912-FF71C8C0DC66} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-09-16] (Microsoft Corporation)
Task: {E6EC356F-C895-4116-AA53-23743E61B1E3} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe
Task: {E790E07D-925E-463F-99F0-93EE464EF931} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-08] (Microsoft Corporation)
Task: {F61631DF-A27D-4968-A902-EEFB48BE5968} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2017-11-24] (Easeware)
Task: {FC68C3C1-E148-4BE4-B56E-763B1EA11ED9} - System32\Tasks\{02CEB6CD-82A0-4C79-8B9D-32DD08CDB707} => C:\Windows\system32\pcalua.exe -a "D:\Downloads\MC Modinstaller 5.0.8.exe" -d D:\Downloads
Task: {FE57AC17-3349-44B7-9BDF-226DE12EA266} - System32\Tasks\{68329553-A5CC-414E-A6F3-BC50D8716DD0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\MusicLab\MusicLab Virtual MIDI Driver\Uninstall.exe" -c "C:\Program Files\MusicLab\MusicLab Virtual MIDI Driver\install.log" -u
Task: {FF2EDAEA-5F18-44AA-8C51-2578A265561B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-09-16] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AdobeAAMUpdater-1.0-StephenButler-StephenDJButler.job => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\StephenDJButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Amazon Storywriter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmcnhpcghhifadgblhkonelnmbenkeep
ShortcutWithArgument: C:\Users\StephenDJButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\FLV Player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dhogabmliblgpadclikpkjfnnipeebjm
ShortcutWithArgument: C:\Users\StephenDJButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\MyMusicCloud.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=plaelelbkmommhmjlepigoiepmdaihbk

==================== Loaded Modules (Whitelisted) ==============

2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-25 12:46 - 2018-09-12 12:45 - 001315024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-08-08 10:05 - 2010-08-19 17:43 - 000386344 ____C () C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
2016-07-24 16:43 - 2016-03-09 17:18 - 000025088 _____ () D:\Program Files\Samsung Link\JniSys.dll
2016-07-24 16:43 - 2016-03-09 17:18 - 002513920 _____ () D:\Program Files\Samsung Link\scone_proxy.dll
2016-07-24 16:43 - 2016-03-09 17:18 - 002436096 _____ () D:\Program Files\Samsung Link\scone_stub.dll
2013-12-21 11:25 - 2013-12-21 11:25 - 000036864 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll
2013-12-21 11:26 - 2013-12-21 11:26 - 000144384 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll
2013-12-21 11:27 - 2013-12-21 11:27 - 000018944 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll
2013-10-22 09:52 - 2013-10-22 09:52 - 000030720 _____ () C:\Windows\system32\MediaDB64.dll
2013-10-22 09:52 - 2013-10-22 09:52 - 000908800 _____ () C:\Windows\system32\ContentDirectoryPresenter64.dll
2013-12-21 11:27 - 2013-12-21 11:27 - 000521728 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\DMS_Manager.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 000049152 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 000016896 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 000058880 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 000299520 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2018-09-15 15:06 - 2018-08-06 14:20 - 002769768 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-09-15 15:06 - 2018-07-24 12:32 - 002681424 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-18 22:51 - 2017-10-18 22:51 - 000598528 ____N () C:\Users\StephenDJButler\AppData\Local\MEGAsync\ShellExtX64.dll
2015-04-15 21:13 - 2015-04-15 21:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-06-27 07:03 - 2018-09-12 12:45 - 101252304 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-06-27 07:03 - 2018-09-12 12:45 - 002673360 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-06-27 07:03 - 2018-09-12 12:45 - 000138960 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-09-18 05:04 - 2018-09-15 09:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-18 05:04 - 2018-09-15 09:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2018-09-11 16:26 - 2018-09-11 16:26 - 031305728 _____ () C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\PepperFlash\31.0.0.108\pepflashplayer.dll
2016-08-02 02:24 - 2016-08-02 02:24 - 000865232 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
2016-05-14 15:26 - 2016-03-23 11:02 - 000061968 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2016-05-14 15:26 - 2016-03-23 11:02 - 000110608 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 001114624 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-10-22 09:48 - 2013-10-22 09:48 - 000707072 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 000107008 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 000102400 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 000077312 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 000520234 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 000450560 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 005717504 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 000028672 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 000147456 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 000012288 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 004671488 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 000070656 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 000686080 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 000152064 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-10-25 19:49 - 2013-10-25 19:49 - 000028160 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 000064000 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 000366592 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 000289792 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 000023040 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 000017920 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 000117248 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 001033728 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 000134144 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 000290816 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 000024064 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 000012288 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 000024064 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 000399826 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 000013824 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 000032768 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 16:38 - 2013-04-19 16:38 - 000055808 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 000227840 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 000038912 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 000012800 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 000046592 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 000044032 ____C () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2017-01-27 17:57 - 2014-05-13 13:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-01-27 17:57 - 2014-05-13 13:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-01-27 17:57 - 2014-05-13 13:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-01-27 17:57 - 2012-08-23 11:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-01-27 17:58 - 2012-04-03 18:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-10-25 12:46 - 2018-09-12 12:45 - 001032912 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [122]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Fuunwyd => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-08-18 11:14 - 000001272 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 license.piriform.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-410353808-276946841-1970485010-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\StephenDJButler\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FAH.lnk => C:\Windows\pss\FAH.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk => C:\Windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Notifier.lnk => C:\Windows\pss\Update Notifier.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^StephenDJButler^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^StephenDJButler^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RemotePC.lnk => C:\Windows\pss\RemotePC.lnk.Startup
MSCONFIG\startupfolder: C:^Users^StephenDJButler^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ADSKAppManager => "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Clarus Drive Manager => D:\Program Files (x86)\Drive Manager.exe -Hide
MSCONFIG\startupreg: Dropbox =>
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: GoogleChromeAutoLaunch_AFE13420CF4FA7B6C35B1BB4F8D5F3CD => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: ISW => "C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe" /icon="hidden"
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: OneDrive => "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteView5 Tray => "D:\Program Files (x86)\Remote PC\rvagtray.exe" /background
MSCONFIG\startupreg: Samsung Link => "D:\Program Files\Samsung Link\Samsung Link Tray Agent.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\StephenDJButler\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\StephenDJButler\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\StephenDJButler\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5870EDF4-12D5-406B-99DC-E53D7B0656C5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F7503D7-5B42-4C3E-959A-695BC744BDA7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{43D959FD-3824-4C90-8104-BE054A1C2B55}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{03C05545-DB85-4568-B0DD-41BD1B26F404}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{606B1C6D-D12D-4B1B-B7FA-0CEE0775A6C8}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{D5440EA7-1177-4C7B-9F93-0EA16CD3AB6B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{1DB47914-895C-4064-94DE-0106D75C887F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{005820A5-2F4F-4B2F-B7FB-91A6C511FA3E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{73479C39-4E4E-4A87-914A-6AA8896DA0BD}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{E73252A7-4745-4150-92DE-FAB8127A1C34}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{50EF1966-A63C-4259-ADC9-B36466EEC917}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B262E06D-BB6A-494D-A0EC-5AC5B40DFFCE}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{7191BFBA-7F9D-4879-80E8-D03BCDD049AF}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{0CE811B4-9188-4F47-A4A6-CFE927135EC2}] => (Allow) LPort=7935
FirewallRules: [{9F99C7C1-F44B-4867-902B-0FAA9EB156F9}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{CCF7E9EA-2413-4D60-B532-2E4365E7CBD2}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{BE48206E-0271-45AB-80F1-04F27E249EF9}] => (Allow) LPort=7935
FirewallRules: [{B804A056-DF7E-4C4C-A3CD-956045978806}] => (Allow) C:\Program Files (x86)\Sibelius Software\Sibelius 6\RegTool.exe
FirewallRules: [{E0D9188C-7B51-47A2-8729-73155FB79338}] => (Allow) C:\Program Files (x86)\Sibelius Software\Sibelius 6\RegTool.exe
FirewallRules: [{78DB2176-194F-49DA-95C0-57B0CC081BE4}] => (Allow) C:\Program Files (x86)\Sibelius Software\Sibelius 6\Sibelius.exe
FirewallRules: [{882CCE61-575B-4FB1-92E9-3ADE722F1313}] => (Allow) C:\Program Files (x86)\Sibelius Software\Sibelius 6\Sibelius.exe
FirewallRules: [{07CF4D3B-F080-4188-897C-115A4572C563}] => (Allow) C:\Users\StephenDJButler\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{876DB049-B241-4458-958E-85A925FFF0B6}] => (Allow) C:\Users\StephenDJButler\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAAA4292-E3D4-4C0B-8256-4BC300B92CD2}] => (Allow) C:\Users\StephenDJButler\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B94FD6EB-471F-4673-8DF1-B7E014B77F5B}] => (Allow) C:\Users\StephenDJButler\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{786ED8F6-C628-4156-BE85-3407FB3D6D41}] => (Allow) C:\Users\StephenDJButler\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{063DC7C0-926D-4E48-9E5C-AB0D4C67B3CD}] => (Allow) C:\Users\StephenDJButler\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4465BBD9-9C36-423D-AEBF-3AF0B029DED3}] => (Allow) D:\Program Files\Common7\IDE\devenv.exe
FirewallRules: [{74F4A12F-8EFC-48A7-AA24-5C2CB8C3515D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AD2E3BFE-01E2-48C9-BE31-285D26096FD0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{068FE23A-A13B-4FFA-A891-C51DABB2F6FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E451E385-0D2A-4ACA-962D-9CC1A2814FFE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{DE576EB4-9F38-40A3-BA7D-97BD106D60F2}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{F62F13B4-899E-4951-9CA9-DDE35DB2D8A8}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{4597D40E-2816-47E8-9573-8A6FC6183432}] => (Allow) D:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{C46037A4-9540-4E1C-9FBA-237A7AB49742}] => (Allow) D:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{6600E596-D686-4411-BCA3-9D45A94BDFDE}] => (Allow) D:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{B621AF86-41D9-499C-855D-6A5962DB72C9}] => (Allow) D:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{4773CC73-C81E-4771-BB40-8EB336991803}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{8A9E3923-B731-4C62-B062-DF8D9B079D78}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{E9B0E072-981D-4D79-86E0-8072C28CF1A3}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Grand Theft Auto V\GTA5.exe
FirewallRules: [{2F909F99-8A84-4451-AF36-F082791C8B93}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Grand Theft Auto V\GTA5.exe
FirewallRules: [{5E495571-346C-4DF5-9615-32845EE14AE0}] => (Allow) D:\Program Files\Samsung Link\Samsung Link.exe
FirewallRules: [{E3AA751A-9F4A-460E-A57A-468F6141A449}] => (Allow) D:\Program Files\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{44D611A6-30A0-4883-939C-87B259FD7979}] => (Allow) D:\Program Files\Samsung Link\Samsung Link.exe
FirewallRules: [{0251E134-2431-4AD8-9165-DB5F50BF019F}] => (Allow) D:\Program Files\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{FD40B76E-E7D4-42B2-9817-10C7CF8F44FC}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{67F47649-9ACE-4C1F-A938-1E15018B5CC4}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{9230F8D5-8FB5-4A94-8AAB-FDACE3641885}] => (Allow) LPort=8743
FirewallRules: [{4E763FB2-4E84-4F1C-A3D2-BD19CE91329A}] => (Allow) LPort=8643
FirewallRules: [{DDBF9CFE-E682-4A67-A607-F3CA1D2B894F}] => (Allow) LPort=7676
FirewallRules: [{23E29820-8A21-49FD-9369-A5CDE6AA22AB}] => (Allow) LPort=7679
FirewallRules: [{DD10C6C5-B06E-4FAF-8118-C4AB23F1B77F}] => (Allow) LPort=24234
FirewallRules: [{62740960-2816-4570-AC9D-307A8C567C55}] => (Allow) LPort=7900
FirewallRules: [{B011DE0C-B6D6-453B-A866-4C682187B1EE}] => (Allow) LPort=1900
FirewallRules: [{FDCD8080-7C5C-4976-8402-513190BC2837}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{93682770-1DCC-4B2A-B2F6-9AFF4EAC7F95}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D7278831-126C-4E6A-A97A-8C81C4C8B257}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D763509F-483E-4CA8-93CF-FA43241ADD10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{002E78D6-6744-441F-A962-FCB4A84E787D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{924A0A3F-6A89-44D8-8101-4F62BBCFC8C3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0549CFA7-8427-4D5F-BD3B-311FF135D83F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{442945B3-B6C2-47F1-9710-47211C08615B}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{ED7CAE45-1175-4625-8CDD-C47B3BBCE521}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{17D9E8A9-380C-429F-9605-3F030613DDF8}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{B3645B20-CA0C-45B6-A04A-3B5F77244361}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{D199C8EA-9BBC-4B22-ACC9-2E9F9CD51322}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C9A3009B-ECCF-496A-ACC5-E9A0F422358E}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{E7253858-1600-4D8A-9ABD-2026139A31A7}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{559D1635-BD1E-42EE-ABF7-3B5BD2ADE6EC}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{9FA57F27-EB5A-4A14-8CE8-4CA754786774}] => (Allow) D:\Program Files\iTunes.exe
FirewallRules: [{6316E686-5EF7-4A7D-A6AC-127AA1A29CF0}] => (Allow) D:\Program Files\PowerDirector10\PDR10.EXE
FirewallRules: [{02A6048A-C1F9-45F4-8AB8-4A3BD1174B51}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Fernbus Simulator\Fernbus\Binaries\Win64\Fernbus-Win64-Shipping.exe
FirewallRules: [{C16111E4-51D8-423C-AA9E-D1EA7C4FD2E4}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Fernbus Simulator\Fernbus\Binaries\Win64\Fernbus-Win64-Shipping.exe
FirewallRules: [{8093957B-5554-4AC4-AB14-CABA88684867}] => (Allow) D:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{AAB33636-7B92-43AA-A68D-5341ACE7FC25}] => (Allow) D:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{BCEBCAEB-6FB7-4A49-B2F5-F0FAF7D973A7}] => (Allow) D:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{12831134-6200-465A-A39F-EC0E425FB7C7}] => (Allow) D:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{5C61A747-A367-4363-8F62-BE0B996023CD}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{6AAF160C-DE1F-4AD5-93D0-DCF4F8473ED6}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{CCC00415-403F-4480-A392-B4ECC0D590F4}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{71D1D4EE-3B09-4F0C-B177-671E2EE2F699}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
FirewallRules: [{69C03C8B-EE64-49E2-AB57-3730A09DBD9A}] => (Allow) K:\SteamLibrary\steamapps\common\FSX\fsx.exe
FirewallRules: [{FB4E6F38-D6B2-4A1A-987A-277A4E62A080}] => (Allow) K:\SteamLibrary\steamapps\common\FSX\fsx.exe
FirewallRules: [{284AEA07-A5FA-46ED-A73A-FD6D45D4295A}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\FSX\fsx.exe
FirewallRules: [{250C3E90-4725-4F99-885B-CFC99FE21BAE}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\FSX\fsx.exe
FirewallRules: [{354F7DFD-84F8-492A-80F6-0DBC9F711154}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\SCS Workshop Uploader\bin\win_x86\mod_tools.exe
FirewallRules: [{5F365FB6-B5C9-426D-BF4E-85DB6CE2D63A}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\SCS Workshop Uploader\bin\win_x86\mod_tools.exe
FirewallRules: [{CE3A7B06-C620-4406-801E-99316AB69318}] => (Allow) C:\Users\StephenDJButler\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AD77D355-7265-42D7-AA84-94DC30F7E0F4}] => (Allow) C:\Users\StephenDJButler\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7A282F70-2293-4309-819A-65A68FC4AA04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{1F9A2715-F5FE-43DC-8329-768D3228C2D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{71E432F1-BF4F-478F-9F1A-87740D143B6E}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{7A68DD59-7622-4DB9-B66D-C7346918E043}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{F70DCAD4-84D0-4D8B-B672-D08002ABB1A2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{F683F9F6-BD61-446A-95EB-86C5B5EF6830}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{777B26A1-AF1A-43B3-A208-91EDCC07D5C5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3035ED98-F541-4EB9-B957-B42CB96B798B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6313F37A-9CE9-4048-B44B-31FD48D63B74}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D6627B84-A3B1-490C-9E4C-A567BDB17272}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DDF33E1B-7641-4EA9-BECA-29D30F366AB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{688491FE-A2A1-40E1-982E-E1CDA83A3B47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FC7B31EA-2AD4-465D-B8A0-DC9B03A98891}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{0C801797-33F9-4C1D-A1A4-FB3B66934B00}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{6F3B10B5-E7BB-4D28-8D3C-01A0B2906531}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{082228CC-3160-42E5-B42F-64E1DBF47B38}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{5B0A2006-725B-46C7-A30A-00F7228E3757}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{0E1ABAEA-A1E4-4361-BBD3-9E38219EE58F}] => (Allow) D:\Euro Truck Simulator 2\Euro Truck Simulator 2\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

19-09-2018 20:05:27 Windows Update
20-09-2018 19:36:09 Windows Update
21-09-2018 15:59:19 Checkpoint by HitmanPro
21-09-2018 16:00:52 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MusicLab Virtual MIDI Device
Description: MusicLab Virtual MIDI Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: MusicLab,Inc.
Service: mlkumidi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2018 04:34:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Program Files\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (09/21/2018 04:14:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Program Files\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (09/21/2018 04:05:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24231, time stamp: 0x5b6db2d4
Exception code: 0x0eedfade
Fault offset: 0x0000c54f
Faulting process id: 0x41b8
Faulting application start time: 0x01d451bc7f86dc12
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: bdfd8050-bdaf-11e8-897b-2c41389bbf7c

Error: (09/21/2018 04:03:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003f4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000001FCEF50.72). hr = 0x80070005, Access is denied.
.

Error: (09/21/2018 04:03:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000015cc,(null),0,REG_BINARY,000000000B6AE2A0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {4bceb2d0-52fe-4977-841c-598a8e06c69f}

Error: (09/21/2018 04:03:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000118,(null),0,REG_BINARY,000000000236E200.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {69cf6434-c521-4a38-b895-6a8a4b07f8a1}

Error: (09/21/2018 04:03:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000880,(null),0,REG_BINARY,000000000475E540.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {97be7f1b-e3bc-4206-89a5-0167f9ffb22d}

Error: (09/21/2018 04:03:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000200,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0000000002B8EBD0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {2591f64c-fd1e-4a55-b053-437578d2d768}


System errors:
=============
Error: (09/21/2018 04:19:40 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (09/21/2018 04:16:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (09/21/2018 04:16:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/21/2018 04:16:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/21/2018 04:16:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/21/2018 04:16:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/21/2018 04:16:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/21/2018 04:16:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SNMP Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Windows Defender:
===================================
Date: 2018-09-03 12:35:40.266
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2018-09-03 05:47:54.841
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2018-09-02 06:51:47.230
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2017-01-16 11:42:17.073
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-16 11:42:17.041
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-16 11:42:16.999
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-16 11:42:16.966
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-16 11:42:16.931
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-16 11:40:52.074
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-16 11:40:52.042
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-16 11:40:51.995
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Xeon(R) CPU W3565 @ 3.20GHz
Percentage of memory in use: 37%
Total physical RAM: 12271.22 MB
Available physical RAM: 7657.7 MB
Total Virtual: 24540.59 MB
Available Virtual: 18965.15 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:107.23 GB) (Free:3.48 GB) NTFS
Drive d: (Stephen Butler) (Fixed) (Total:931.51 GB) (Free:166.82 GB) NTFS
Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive f: (SAMSUNG) (Fixed) (Total:596.02 GB) (Free:119.72 GB) FAT32
Drive g: (SAMSUNG) (Fixed) (Total:2794.51 GB) (Free:16.35 GB) NTFS
Drive i: (TOSHIBA EXT) (Fixed) (Total:1863.01 GB) (Free:1671.63 GB) NTFS
Drive j: (Maxtor) (Fixed) (Total:931.51 GB) (Free:689.8 GB) NTFS
Drive k: (Maxtor) (Fixed) (Total:3725.9 GB) (Free:658.9 GB) NTFS

\\?\Volume{b24946ad-9ec6-11e5-baef-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) NTFS
\\?\Volume{b24946ac-9ec6-11e5-baef-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:11.72 GB) (Free:0.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: FD48F03B)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 7C972B0F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 34AD9374)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.

========================================================
Disk: 4 (Size: 596.2 GB) (Disk ID: B26DC721)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=0C)

========================================================
Disk: 5 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: C0EC1FA9)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 3726 GB) (Disk ID: 6A07B77A)

Partition: GPT.

==================== End of Addition.txt ============================
 

TwinHeadedEagle

Removal Expert
MalwareTips Team
Verified
Joined
Mar 8, 2013
Messages
22,397
Operating System
Windows 10
Antivirus
ESET
#3
Hello,

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.


  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.