Vert slow boot time

seane01

seane01

Well-known member
Joined
May 16, 2016
Posts
65
Hello,

Since a while my computer takes more than a minute to boot. I remember not that long ago it took like 15 seconds.
Is there a way i can fix this?

Thanks in advance.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2019 01
Ran by Sean (administrator) on MSI (16-04-2019 18:50:26)
Running from D:\Bewaren\bureaublad
Loaded Profiles: Sean (Available Profiles: Sean)
Platform: Windows 10 Pro Version 1803 17134.706 (X64) Language: Engels (Verenigde Staten)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\MsMpEng.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\NisSrv.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Sean\AppData\Roaming\Dashlane\Dashlane.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Sean\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
() [File not signed] C:\Program Files (x86)\DFX\DFX.exe
(Power Technology -> ) C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
(Power Technology -> ) C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [588872 2017-02-20] (Acronis International GmbH -> )
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17988216 2017-08-18] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [703488 2016-10-15] () [File not signed]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4956616 2017-02-20] (Acronis International GmbH -> )
HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [2373704 2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 4194304
HKLM\...\Policies\Explorer: [AllowOnlineTips] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1301745139-1219763072-805054973-1001\...\Run: [Dashlane] => C:\Users\Sean\AppData\Roaming\Dashlane\Dashlane.exe [391248 2019-04-02] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-1301745139-1219763072-805054973-1001\...\Run: [DashlanePlugin] => C:\Users\Sean\AppData\Roaming\Dashlane\DashlanePlugin.exe [413264 2019-04-02] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-1301745139-1219763072-805054973-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner.exe [13643880 2018-05-24] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-1301745139-1219763072-805054973-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5650384 2019-02-15] (GlassWire -> SecureMix LLC)
HKU\S-1-5-21-1301745139-1219763072-805054973-1001\...\Policies\system: [DisableLockWorkstation] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-10] (Google LLC -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.130.130.2 195.130.131.2
Tcpip\..\Interfaces\{054b5cbe-3117-4ea0-bda1-be439d85f330}: [DhcpNameServer] 195.130.130.2 195.130.131.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Sean\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2019-04-02] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Sean\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2019-04-02] (Dashlane USA, Inc. -> Dashlane, Inc.)
Toolbar: HKU\S-1-5-21-1301745139-1219763072-805054973-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: s_rousseau01@hotmail.com
FF ProfilePath: C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\7d5ui232.default-1465644564137 [2019-04-16]
FF Homepage: Mozilla\Firefox\Profiles\7d5ui232.default-1465644564137 -> hxxps://www.google.be/
FF Extension: (Disconnect) - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\7d5ui232.default-1465644564137\Extensions\2.0@disconnect.me.xpi [2019-04-03]
FF Extension: (eID Belgiƫ) - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\7d5ui232.default-1465644564137\Extensions\belgiumeid@eid.belgium.be.xpi [2018-11-07]
FF Extension: (eID Chrome Extension) - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\7d5ui232.default-1465644564137\Extensions\eid-chrome-extension@e-contract.be.xpi [2017-06-16] [UpdateUrl:hxxps://www.e-contract.be/eid-chrome/releases/eid-chrome-extension-updates.json]
FF Extension: (HTTPS Everywhere) - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\7d5ui232.default-1465644564137\Extensions\https-everywhere-eff@eff.org.xpi [2019-02-13] [UpdateUrl:hxxps://www.eff.org/files/https-everywhere-updates.json]
FF Extension: (Dashlane) - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\7d5ui232.default-1465644564137\Extensions\jetpack-extension@dashlane.com.xpi [2019-04-09] [UpdateUrl:hxxps://ws1.dashlane.com/5/binaries/query?logins=&platform=firefox&target=ff_web_extension&format=json&version=]
FF Extension: (No Name) - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\7d5ui232.default-1465644564137\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-04]
FF HKU\S-1-5-21-1301745139-1219763072-805054973-1001\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Sean\AppData\Roaming\Dashlane\5.5.0.14947\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-10] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-10] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-01-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default [2019-04-16]
CHR Extension: (Presentaties) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-28]
CHR Extension: (Documenten) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-28]
CHR Extension: (Google Drive) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-28]
CHR Extension: (YouTube) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-28]
CHR Extension: (Spreadsheets) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-28]
CHR Extension: (Offline Documenten) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-17]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-28]
CHR Extension: (Gmail) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-28]
CHR Extension: (Chrome Media Router) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\74.0.3729.56\remoting_host.exe [73200 2019-04-01] (Google LLC -> Google Inc.)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4461520 2019-02-15] (GlassWire -> SecureMix LLC)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (Hewlett-Packard Company -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-08-18] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4795288 2017-02-13] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [2908352 2017-01-06] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1612400 2017-02-20] (Acronis International GmbH -> )
S4 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2315960 2018-08-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [747800 2015-12-14] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\NisSrv.exe [3856504 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MsMpEng.exe [113992 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Power Technology -> Windows (R) Win 7 DDK provider)
R3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2015-11-15] (Power Technology -> Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes Corporation -> Malwarebytes)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [375136 2017-03-08] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-06-08] (Martin Malik - REALiX -> REALiX(tm))
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] (Intel(R) Smart Connect software -> )
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-12-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2019-04-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2019-04-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2019-04-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2019-04-16] (Malwarebytes Corporation -> Malwarebytes)
S3 mmpDrv; C:\WINDOWS\system32\Drivers\mmpDrv.sys [21008 2012-10-18] (SageTech -> <company name here>)
S3 mmpguidrv; C:\WINDOWS\system32\Drivers\MmpGuiDrv.sys [12304 2012-10-18] (SageTech -> )
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_37ec54c19854e219\nvlddmkm.sys [20747736 2019-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-09-20] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] (Intel(R) Code Signing External -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310560 2017-03-08] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [214360 2017-03-08] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [688864 2017-03-08] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [324448 2017-03-08] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343520 2019-04-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [68576 2019-04-09] (Microsoft Windows -> Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel(R) Software -> Intel Corporation)
S2 iocbios2; \??\C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-16 18:50 - 2019-04-16 18:50 - 000000000 ____D C:\FRST
2019-04-16 18:44 - 2019-04-09 13:56 - 000141384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2019-04-16 18:43 - 2019-04-16 18:43 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-04-16 18:41 - 2019-04-10 16:54 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-04-16 18:41 - 2019-04-10 16:54 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-04-16 18:41 - 2019-04-10 16:54 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-04-16 18:41 - 2019-04-10 16:54 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-04-16 18:41 - 2019-04-10 16:54 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-04-16 18:41 - 2019-04-10 16:54 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-04-16 18:41 - 2019-04-10 16:54 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-04-16 18:41 - 2019-04-10 16:54 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-04-16 18:41 - 2019-04-10 16:53 - 000552328 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-04-16 18:41 - 2019-04-10 16:53 - 000457096 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 040421064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 035268296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 005276064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 004625552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 002033112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 001734288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6442531.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 001536144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6442531.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 001465432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 001130584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 000752544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 000668664 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 000631896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 000611928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 000534936 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-04-16 18:41 - 2019-04-10 16:52 - 000522144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-04-16 18:41 - 2019-04-10 13:52 - 010320528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-04-16 18:41 - 2019-04-10 13:52 - 008785944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-04-16 18:41 - 2019-04-10 13:52 - 001169120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-04-16 18:41 - 2019-04-10 13:52 - 000915088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-04-16 18:41 - 2019-04-10 13:52 - 000822576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-04-16 18:41 - 2019-04-10 13:51 - 020107920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-04-16 18:41 - 2019-04-10 13:51 - 017432992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-04-16 18:41 - 2019-04-10 13:51 - 001462024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2019-04-16 18:41 - 2019-04-10 13:51 - 001145536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2019-04-16 18:41 - 2019-04-10 13:51 - 000794440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-04-16 18:41 - 2019-04-10 13:51 - 000638176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-04-14 07:20 - 2019-04-14 07:20 - 000000218 _____ C:\Users\Sean\AppData\Local\recently-used.xbel
2019-04-14 07:17 - 2019-04-14 07:17 - 000000000 ____D C:\Users\Sean\AppData\Local\gtk-3.0
2019-04-14 07:10 - 2019-04-14 14:04 - 000000000 ____D C:\Users\Sean\AppData\Roaming\gsmartcontrol
2019-04-10 19:27 - 2019-04-02 14:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-10 19:27 - 2019-04-02 14:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-10 19:27 - 2019-04-02 11:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-10 19:27 - 2019-04-02 11:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-10 19:27 - 2019-04-02 11:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-10 19:27 - 2019-04-02 11:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-10 19:27 - 2019-04-02 11:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-10 19:27 - 2019-04-02 11:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-10 19:27 - 2019-04-02 10:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-10 19:27 - 2019-04-02 10:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-10 19:27 - 2019-04-02 10:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-10 19:27 - 2019-04-02 10:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-10 19:27 - 2019-04-02 10:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-10 19:27 - 2019-04-02 10:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-10 19:27 - 2019-04-02 09:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-10 19:27 - 2019-04-02 09:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-10 19:27 - 2019-04-02 09:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-10 19:27 - 2019-04-02 09:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-10 19:27 - 2019-04-02 09:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-10 19:27 - 2019-04-02 09:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-10 19:27 - 2019-04-02 09:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-10 19:27 - 2019-04-02 07:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-10 19:27 - 2019-04-02 07:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-10 19:27 - 2019-04-02 07:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-10 19:27 - 2019-04-02 07:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-10 19:27 - 2019-04-02 07:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-10 19:27 - 2019-04-02 06:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-10 19:27 - 2019-04-02 06:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-10 19:27 - 2019-04-02 06:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-10 19:27 - 2019-04-02 06:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-10 19:27 - 2019-03-16 11:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-10 19:27 - 2019-03-14 16:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-10 19:27 - 2019-03-14 16:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-10 19:27 - 2019-03-14 16:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-10 19:27 - 2019-03-14 16:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-10 19:27 - 2019-03-14 16:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-10 19:27 - 2019-03-14 15:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-10 19:27 - 2019-03-14 10:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-10 19:27 - 2019-03-14 10:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-10 19:27 - 2019-03-14 10:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-10 19:27 - 2019-03-14 10:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-10 19:27 - 2019-03-14 10:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-10 19:27 - 2019-03-14 10:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-10 19:27 - 2019-03-14 10:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-10 19:27 - 2019-03-14 10:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-10 19:27 - 2019-03-14 10:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-10 19:27 - 2019-03-14 10:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-10 19:27 - 2019-03-14 10:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-10 19:27 - 2019-03-14 10:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-10 19:27 - 2019-03-14 10:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-10 19:27 - 2019-03-14 10:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-10 19:27 - 2019-03-14 10:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-10 19:27 - 2019-03-14 10:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-10 19:27 - 2019-03-14 10:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-10 19:27 - 2019-03-14 10:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-10 19:27 - 2019-03-14 10:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-10 19:27 - 2019-03-14 10:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-10 19:27 - 2019-03-14 10:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-10 19:27 - 2019-03-14 10:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-10 19:27 - 2019-03-14 10:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-10 19:27 - 2019-03-14 09:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-10 19:27 - 2019-03-14 09:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-10 19:27 - 2019-03-14 09:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-10 19:27 - 2019-03-14 09:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-10 19:27 - 2019-03-14 09:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-10 19:27 - 2019-03-14 09:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-10 19:27 - 2019-03-14 09:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-10 19:27 - 2019-03-14 09:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-10 19:27 - 2019-03-14 09:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-10 19:27 - 2019-03-14 09:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-10 19:27 - 2019-03-14 09:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-10 19:27 - 2019-03-14 09:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-10 19:27 - 2019-03-14 09:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-10 19:27 - 2019-03-14 09:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-10 19:27 - 2019-03-14 09:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-10 19:27 - 2019-03-14 09:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-10 19:27 - 2019-03-14 09:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-10 19:27 - 2019-03-14 09:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-10 19:27 - 2019-03-14 09:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-10 19:26 - 2019-04-02 14:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-10 19:26 - 2019-04-02 14:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-10 19:26 - 2019-04-02 14:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-10 19:26 - 2019-04-02 14:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-10 19:26 - 2019-04-02 14:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-10 19:26 - 2019-04-02 14:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-10 19:26 - 2019-04-02 14:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-10 19:26 - 2019-04-02 14:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-10 19:26 - 2019-04-02 14:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-10 19:26 - 2019-04-02 14:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-10 19:26 - 2019-04-02 14:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-10 19:26 - 2019-04-02 14:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-10 19:26 - 2019-04-02 14:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-10 19:26 - 2019-04-02 14:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-10 19:26 - 2019-04-02 11:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-10 19:26 - 2019-04-02 11:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-10 19:26 - 2019-04-02 11:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-10 19:26 - 2019-04-02 10:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-10 19:26 - 2019-04-02 10:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-10 19:26 - 2019-04-02 10:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-10 19:26 - 2019-04-02 10:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-10 19:26 - 2019-04-02 10:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-10 19:26 - 2019-04-02 10:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-10 19:26 - 2019-04-02 10:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-10 19:26 - 2019-04-02 10:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-10 19:26 - 2019-04-02 10:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-10 19:26 - 2019-04-02 10:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-10 19:26 - 2019-04-02 10:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-10 19:26 - 2019-04-02 09:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-10 19:26 - 2019-04-02 09:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-10 19:26 - 2019-04-02 09:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-10 19:26 - 2019-04-02 09:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-10 19:26 - 2019-04-02 09:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-10 19:26 - 2019-04-02 09:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-10 19:26 - 2019-04-02 09:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-10 19:26 - 2019-04-02 09:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-10 19:26 - 2019-04-02 09:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-10 19:26 - 2019-04-02 09:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-10 19:26 - 2019-04-02 09:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-10 19:26 - 2019-04-02 08:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-10 19:26 - 2019-04-02 06:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-10 19:26 - 2019-04-02 06:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-10 19:26 - 2019-04-02 06:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-10 19:26 - 2019-04-02 06:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-10 19:26 - 2019-04-02 06:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-10 19:26 - 2019-04-02 06:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-10 19:26 - 2019-04-02 06:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-10 19:26 - 2019-03-16 14:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-10 19:26 - 2019-03-14 16:55 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-04-10 19:26 - 2019-03-14 16:53 - 001626928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-04-10 19:26 - 2019-03-14 16:53 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-04-10 19:26 - 2019-03-14 16:53 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-04-10 19:26 - 2019-03-14 16:53 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-04-10 19:26 - 2019-03-14 16:52 - 001424696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-04-10 19:26 - 2019-03-14 16:52 - 000954160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-04-10 19:26 - 2019-03-14 16:52 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-04-10 19:26 - 2019-03-14 16:52 - 000827704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-04-10 19:26 - 2019-03-14 16:52 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-04-10 19:26 - 2019-03-14 16:52 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-04-10 19:26 - 2019-03-14 16:52 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-04-10 19:26 - 2019-03-14 16:52 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-04-10 19:26 - 2019-03-14 16:52 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
2019-04-10 19:26 - 2019-03-14 16:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-10 19:26 - 2019-03-14 16:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-10 19:26 - 2019-03-14 16:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-10 19:26 - 2019-03-14 16:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-10 19:26 - 2019-03-14 16:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-10 19:26 - 2019-03-14 16:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-10 19:26 - 2019-03-14 16:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-10 19:26 - 2019-03-14 16:29 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2019-04-10 19:26 - 2019-03-14 16:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-10 19:26 - 2019-03-14 15:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-10 19:26 - 2019-03-14 15:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-10 19:26 - 2019-03-14 15:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-10 19:26 - 2019-03-14 15:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-10 19:26 - 2019-03-14 15:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-10 19:26 - 2019-03-14 10:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-10 19:26 - 2019-03-14 10:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-10 19:26 - 2019-03-14 10:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-10 19:26 - 2019-03-14 10:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-10 19:26 - 2019-03-14 10:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-10 19:26 - 2019-03-14 10:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-10 19:26 - 2019-03-14 10:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-10 19:26 - 2019-03-14 10:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-10 19:26 - 2019-03-14 10:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-10 19:26 - 2019-03-14 10:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-10 19:26 - 2019-03-14 10:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-10 19:26 - 2019-03-14 10:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-10 19:26 - 2019-03-14 10:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-10 19:26 - 2019-03-14 10:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-10 19:26 - 2019-03-14 10:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-10 19:26 - 2019-03-14 10:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-10 19:26 - 2019-03-14 10:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-10 19:26 - 2019-03-14 10:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-10 19:26 - 2019-03-14 10:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-10 19:26 - 2019-03-14 10:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-10 19:26 - 2019-03-14 10:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-10 19:26 - 2019-03-14 10:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-10 19:26 - 2019-03-14 10:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-10 19:26 - 2019-03-14 10:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-10 19:26 - 2019-03-14 10:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-10 19:26 - 2019-03-14 10:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-10 19:26 - 2019-03-14 10:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-10 19:26 - 2019-03-14 10:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-10 19:26 - 2019-03-14 09:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-10 19:26 - 2019-03-14 09:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-10 19:26 - 2019-03-14 09:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-10 19:26 - 2019-03-14 09:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-10 19:26 - 2019-03-14 09:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-10 19:26 - 2019-03-14 09:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-10 19:26 - 2019-03-14 09:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-10 19:26 - 2019-03-14 09:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-10 19:26 - 2019-03-14 09:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-10 19:26 - 2019-03-14 09:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-10 19:26 - 2019-03-14 09:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-10 19:26 - 2019-03-14 09:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-10 19:26 - 2019-03-14 09:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-10 19:26 - 2019-03-14 09:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-10 19:26 - 2019-03-14 09:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-10 19:26 - 2019-03-14 09:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-10 19:26 - 2019-03-14 09:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-10 19:26 - 2019-03-14 09:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-10 19:26 - 2019-03-14 09:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-10 19:26 - 2019-03-14 09:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-10 19:26 - 2019-03-14 09:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-10 19:26 - 2019-03-14 09:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-10 19:26 - 2019-03-14 09:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-10 19:26 - 2019-03-14 09:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-10 19:26 - 2019-03-14 09:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-10 19:26 - 2019-03-14 09:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-10 19:26 - 2019-03-14 09:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-10 19:26 - 2019-03-14 09:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-10 19:26 - 2019-03-14 09:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-10 19:26 - 2019-03-14 09:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-10 19:26 - 2019-03-14 09:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-10 19:26 - 2019-03-14 09:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-10 19:26 - 2019-03-14 03:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-10 19:26 - 2019-03-14 03:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-10 19:26 - 2019-03-14 03:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-10 19:26 - 2019-03-14 03:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-10 19:26 - 2019-03-14 03:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-10 09:08 - 2019-04-10 09:08 - 000000000 ____D C:\Users\Sean\AppData\Roaming\Kalypso Media
2019-04-10 09:08 - 2019-04-10 09:08 - 000000000 ____D C:\Users\Sean\AppData\Local\Kalypso Media
2019-04-10 09:07 - 2019-04-10 09:07 - 000001539 _____ C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tropico 6.lnk
2019-04-10 08:48 - 2019-04-10 08:48 - 000000000 ____D C:\Games
2019-04-09 18:27 - 2019-04-09 18:27 - 000000000 ____D C:\Users\Sean\AppData\Local\PlaceholderTileLogoFolder
2019-04-07 08:56 - 2019-04-07 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2019-04-07 08:56 - 2019-04-07 08:56 - 000000000 ____D C:\Program Files\qBittorrent
2019-03-27 09:44 - 2019-04-10 13:51 - 004304672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-03-27 09:44 - 2019-03-18 18:50 - 001734536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441967.dll
2019-03-27 09:44 - 2019-03-18 18:50 - 001467648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441967.dll
2019-03-23 10:23 - 2019-03-11 08:16 - 001734560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441935.dll
2019-03-23 10:23 - 2019-03-11 08:16 - 001468048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441935.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-16 18:49 - 2017-04-18 09:52 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-16 18:49 - 2016-11-18 19:23 - 000000000 ____D C:\Users\Sean\AppData\LocalLow\Mozilla
2019-04-16 18:47 - 2018-12-22 22:28 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-04-16 18:47 - 2018-12-22 22:28 - 000103648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-04-16 18:47 - 2018-12-22 22:28 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-04-16 18:47 - 2018-12-22 22:27 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-16 18:47 - 2018-05-11 14:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-16 18:47 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-16 18:45 - 2018-05-12 00:01 - 000784004 _____ C:\WINDOWS\system32\perfh013.dat
2019-04-16 18:45 - 2018-05-12 00:01 - 000153432 _____ C:\WINDOWS\system32\perfc013.dat
2019-04-16 18:45 - 2018-05-11 14:22 - 001767124 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-16 18:45 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-16 18:45 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-04-16 18:44 - 2017-04-18 09:52 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-04-16 18:37 - 2018-05-11 14:20 - 000004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{016D43A1-05A6-47F0-A5B1-6C724070C481}
2019-04-15 23:23 - 2018-05-11 14:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-15 21:36 - 2015-12-01 14:58 - 000000000 ____D C:\Users\Sean\AppData\Roaming\vlc
2019-04-15 19:17 - 2015-12-01 14:49 - 000000000 ____D C:\Users\Sean\AppData\Local\NVIDIA Corporation
2019-04-14 14:32 - 2016-06-03 15:47 - 000000000 ____D C:\Users\Sean\AppData\Roaming\qBittorrent
2019-04-14 07:04 - 2015-12-01 15:16 - 000000000 ____D C:\Users\Sean\AppData\LocalLow\Sun
2019-04-14 07:04 - 2015-12-01 15:15 - 000000000 ____D C:\Users\Sean\AppData\LocalLow\Oracle
2019-04-13 14:22 - 2017-02-12 14:52 - 000000000 ____D C:\ProgramData\WinaeroTweaker
2019-04-13 09:17 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-12 09:27 - 2017-01-28 10:52 - 000000000 ____D C:\Users\Sean\AppData\Roaming\Dashlane
2019-04-12 08:52 - 2017-12-04 19:20 - 000000000 ____D C:\Users\Sean\AppData\Local\ElevatedDiagnostics
2019-04-12 08:14 - 2018-05-12 13:51 - 000000000 ____D C:\Users\Sean\AppData\Local\D3DSCache
2019-04-12 07:46 - 2018-10-05 08:48 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-12 07:36 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-12 07:35 - 2017-04-09 18:53 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-04-12 07:35 - 2015-12-01 14:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-11 20:48 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-11 20:44 - 2018-05-11 14:08 - 000638448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-11 20:41 - 2018-04-12 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-04-11 20:41 - 2018-04-12 01:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-11 20:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-11 20:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-04-11 20:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-10 19:23 - 2015-12-01 19:30 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-04-10 19:21 - 2015-12-09 16:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-10 19:17 - 2015-12-09 16:50 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-10 13:51 - 2018-05-10 10:52 - 005045704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-04-10 09:43 - 2018-05-28 18:40 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-10 09:43 - 2018-05-28 18:40 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-10 09:43 - 2017-04-18 09:52 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-04-10 09:42 - 2018-05-28 18:40 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-10 09:42 - 2018-05-28 18:40 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-10 09:42 - 2018-05-28 18:40 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-10 09:42 - 2018-05-28 18:40 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-10 09:42 - 2018-05-28 18:40 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-10 09:42 - 2018-05-28 18:40 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-10 09:42 - 2018-05-28 18:40 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-10 09:42 - 2018-05-28 18:40 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-10 09:42 - 2018-05-28 18:40 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-10 09:42 - 2017-04-18 09:52 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-04-10 09:08 - 2016-02-15 17:32 - 000000000 ____D C:\Program Files (x86)\Steam
2019-04-10 09:07 - 2016-08-14 07:40 - 000000000 ____D C:\Users\Sean\AppData\Local\CrashDumps
2019-04-10 08:31 - 2015-10-30 09:24 - 000000167 _____ C:\WINDOWS\win.ini
2019-04-10 08:10 - 2018-05-28 18:59 - 000002321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-10 07:48 - 2018-05-11 14:20 - 000004672 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-10 07:48 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-04-10 07:48 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-04-09 18:11 - 2018-03-01 13:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-09 15:40 - 2018-05-10 10:52 - 000049910 _____ C:\WINDOWS\system32\nvinfo.pb
2019-04-09 13:43 - 2017-04-18 09:52 - 005365744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-04-09 13:43 - 2017-04-18 09:52 - 002624824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-04-09 13:43 - 2017-04-18 09:52 - 001767736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-04-09 13:43 - 2017-04-18 09:52 - 000651576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-04-09 13:43 - 2017-04-18 09:52 - 000450872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-04-09 13:43 - 2017-04-18 09:52 - 000124784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-04-09 13:43 - 2017-04-18 09:52 - 000082984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-04-09 12:08 - 2017-04-18 09:52 - 008530822 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-04-08 19:10 - 2017-04-29 18:37 - 000000000 ____D C:\Program Files (x86)\Google
2019-04-06 15:31 - 2016-11-12 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winaero Tweaker
2019-04-06 15:31 - 2016-11-12 17:08 - 000000000 ____D C:\Program Files\Winaero Tweaker
2019-04-06 15:30 - 2015-12-02 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
2019-04-06 15:30 - 2015-12-02 14:06 - 000000000 ____D C:\Program Files (x86)\TagScanner
2019-04-05 22:46 - 2018-11-16 12:51 - 000000000 ____D C:\Program Files\rempl
2019-04-02 19:00 - 2018-05-28 18:40 - 002769264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2019-04-02 19:00 - 2018-05-28 18:40 - 002149232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2019-04-02 19:00 - 2018-05-28 18:40 - 001322864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2019-04-02 17:25 - 2017-01-02 18:51 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2019-04-01 19:51 - 2018-04-12 01:41 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-01 19:51 - 2018-04-12 01:41 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-30 11:37 - 2018-05-28 18:40 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-03-30 08:05 - 2017-12-18 20:43 - 000000000 ____D C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-30 08:05 - 2017-12-18 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-30 08:05 - 2017-12-18 20:43 - 000000000 ____D C:\Program Files\WinRAR
2019-03-28 21:05 - 2018-05-11 14:20 - 000003574 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 21:05 - 2018-05-11 14:20 - 000003450 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-23 10:23 - 2017-10-11 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-03-23 09:25 - 2018-11-13 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2019-03-23 09:24 - 2015-12-10 18:14 - 000000000 ____D C:\JDownloader
2019-03-19 15:19 - 2018-05-28 18:40 - 000203632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2019-03-19 15:19 - 2018-05-28 18:40 - 000179568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2019-03-19 07:42 - 2018-05-28 18:40 - 000069840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys

==================== Files in the root of some directories =======

2019-03-24 10:30 - 2019-03-24 10:30 - 000000000 _____ () C:\Users\Sean\AppData\Local\oobelibMkey.log
2019-04-14 07:20 - 2019-04-14 07:20 - 000000218 _____ () C:\Users\Sean\AppData\Local\recently-used.xbel
2016-05-14 20:26 - 2016-10-07 19:32 - 000007597 _____ () C:\Users\Sean\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2019-03-27 09:47 - 2019-03-17 08:42 - 000731120 _____ (NVIDIA Corporation) C:\Users\Sean\AppData\Local\Temp\nvSCPAPI64.dll
2019-04-16 18:41 - 2019-03-17 08:42 - 000399344 _____ (NVIDIA Corporation) C:\Users\Sean\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-11 14:08

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2019 01
Ran by Sean (16-04-2019 18:51:31)
Running from D:\Bewaren\bureaublad
Windows 10 Pro Version 1803 17134.706 (X64) (2018-05-11 12:20:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1301745139-1219763072-805054973-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1301745139-1219763072-805054973-503 - Limited - Disabled)
Guest (S-1-5-21-1301745139-1219763072-805054973-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1301745139-1219763072-805054973-1003 - Limited - Enabled)
Sean (S-1-5-21-1301745139-1219763072-805054973-1001 - Administrator - Enabled) => C:\Users\Sean
WDAGUtilityAccount (S-1-5-21-1301745139-1219763072-805054973-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image (HKLM-x32\...\{1AA9622D-DF0E-4FFF-9538-FD40E1C9194E}) (Version: 20.0.8029 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{1AA9622D-DF0E-4FFF-9538-FD40E1C9194E}Visible) (Version: 20.0.8029 - Acronis)
Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Audacity 2.1.2 (HKLM-x32\...\AudacityĀ®_is1) (Version: 2.1.2 - Audacity Team)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version: 1.0.8.6128 - LeeGT-Games)
Belgium e-ID middleware 4.3.2 (build 3551) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A73551}) (Version: 4.3.3551 - Belgian Government)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.73.1083 - AB Team, d.o.o.)
CCleaner (HKLM-x32\...\{C39598EE-DE1E-4129-B8B4-A37246CADD97}) (Version: 5.43.6522 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{786E64DA-CDC1-432B-BCAB-5912C73A72E9}) (Version: 74.0.3729.56 - Google Inc.)
CPUID CPU-Z 1.86 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)
Crucial Storage Executive (HKU\S-1-5-21-1301745139-1219763072-805054973-1001\...\Crucial Storage Executive 3.24.082015.05) (Version: 3.58.062018.05 - Crucial)
CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
Dashlane (HKU\S-1-5-21-1301745139-1219763072-805054973-1001\...\Dashlane) (Version: 6.1914.0.19480 - Dashlane, Inc.)
Data Lifeguard Diagnostic for Windows 1.29 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Debloater (HKLM-x32\...\{2045C97A-8D9A-47E2-A76A-E6A69CB7030B}) (Version: 3.90 - Gatesjunior Developer)
DFX (HKLM-x32\...\DFX) (Version: 12.023.0.0 - Power Technology)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 425.31 - NVIDIA Corporation) Hidden
GlassWire 2.1 (remove only) (HKLM-x32\...\GlassWire 2.1) (Version: 2.1.152 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
HP Dropbox Plugin (HKLM-x32\...\{2E5A25A3-C329-40FB-9A09-E2C75B746935}) (Version: 36.0.41.58587 - HP)
HP ENVY 5640 series Basissoftware van het apparaat (HKLM\...\{283E450D-2C26-49AE-8B35-56208E43A802}) (Version: 40.2.1073.65539 - HP Inc.)
HP ENVY 5640 series Help (HKLM-x32\...\{A004A829-07F7-420A-BB1C-C6FACA6D0EF4}) (Version: 34.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{CF37027C-AA2E-46B8-B741-6205E001C4F4}) (Version: 36.0.41.58587 - HP)
HP Support Solutions Framework (HKLM-x32\...\{4CBA8ECF-0519-4583-91ED-F098522245EB}) (Version: 12.5.26.37 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.)
Malwarebytes versie 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Language Pack 2013 - Dutch/Nederlands (HKLM\...\Office15.OMUI.nl-nl) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - ŠšŠ¾Ń€ŠæŠ¾Ń€Š°Ń†Šøя ŠœŠ°Š¹ŠŗрŠ¾ŃŠ¾Ń„Ń‚)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiniAide Fat32 Formatter Home Edition version 1.05 (HKLM-x32\...\{C206CD7D-7CFE-4F0C-BC68-8873CDE3A5F5}_is1) (Version: 1.05 - MiniAide Tech Development Co., Ltd.)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version: - MixMeister Technology LLC)
Mozilla Firefox 66.0.3 (x64 nl) (HKLM\...\Mozilla Firefox 66.0.3 (x64 nl)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.39 - MSI)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision controllerstuurprogramma 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision stuurprogramma 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 425.31 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.18.0.102 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.102 - NVIDIA Corporation)
NVIDIA Grafisch stuurprogramma 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 425.31 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA PhysX Systeem Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
ON1 Photo 10 (HKLM\...\ON1 Photo 10 PE) (Version: 10.5.1 - ON1)
Outils de vƩrification linguistique 2013 de Microsoft Office - FranƧais (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Python 3.5.2 (32-bit) (HKU\S-1-5-21-1301745139-1219763072-805054973-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: - )
Revo Uninstaller Pro 4 PREACTIVATED (HKLM\...\Revo Uninstaller Pro 4 Pre-Activated by sharewbb.com_is1) (Version: 4.0.5 - VS Revo Group, Ltd.)
Software voor IntelĀ® Chipset-apparaten (HKLM-x32\...\{619e726e-d2b4-4e28-9568-c964fd81ee6c}) (Version: 10.1.1.14 - Intel(R) Corporation) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stuurprogrammapakket voor Windows - Fedict SmartCard (11/30/2016 4.1.9) (HKLM\...\A9FBB4D4E267FA9BF2CEBF564F02DB39E147B466) (Version: 11/30/2016 4.1.9 - Fedict)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
TagScanner 6.0.34 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TomTom MyDrive Connect 4.2.5.3734 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.5.3734 - TomTom)
Tropico 6 (HKLM-x32\...\Tropico 6_is1) (Version: - )
Update for Skype for Business 2015 (KB4462207) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E91507E0-38E5-4415-BAAB-932075CDE00C}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4462207) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E91507E0-38E5-4415-BAAB-932075CDE00C}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4462207) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E91507E0-38E5-4415-BAAB-932075CDE00C}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4462207) 64-Bit Edition (HKLM\...\{90150000-012B-0413-1000-0000000FF1CE}_Office15.OMUI.nl-nl_{E91507E0-38E5-4415-BAAB-932075CDE00C}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
User State Migration Tool (HKLM-x32\...\{F7AADEDA-233A-1079-CD15-03AEB050F0C6}) (Version: 10.1.14393.0 - Microsoft) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.14.0.0 - Winaero)
WinDirStat 1.1.2 (HKU\S-1-5-21-1301745139-1219763072-805054973-1001\...\WinDirStat) (Version: - )
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1301745139-1219763072-805054973-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1301745139-1219763072-805054973-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-FE7EDF6CD760} -> [] =>
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-02-10] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-02-10] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-02-10] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-02-10] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2018-09-06] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {015AF732-AE26-43FF-A41D-5574865CC90F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {04494B49-D1BE-44BE-92DD-DBD96C70A0FF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {19206FB2-C2DF-44C2-A98A-14CD9AE67DC7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {22BE72DB-C5DD-4FC6-9798-F9FF5B0FE857} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {25261521-4FDF-4372-9E97-A4CEF5811F79} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {26D612BC-5514-428D-8F6B-D2AA775400A1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {29CAA231-204A-4279-9E90-EC488C012FD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {2B635F4F-3E3F-4292-8EB0-DA7180DA2C86} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2D8B11EF-14AB-4677-BDCF-50352684B6F2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2E7E4BF2-2C06-4A82-AE8B-8C9933DEA813} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2EE92916-D4E0-4C2C-A9A9-EB0B22483828} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {32074F7F-DAF5-4D2A-9500-B10202E07725} - System32\Tasks\S-1-5-21-1301745139-1219763072-805054973-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {3281BB18-CB3C-40D4-82F2-2286B1ADFE9F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3862ADC6-4429-4F68-ACC5-150D39745C7A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BD48097-67E4-48E1-91AB-ABF443DF6C3E} - System32\Tasks\Microsoft\Windows\PLA\System\{6C18F713-2F38-4E7B-B8FE-875BDB7447D7}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {3BD48097-67E4-48E1-91AB-ABF443DF6C3E} - System32\Tasks\Microsoft\Windows\PLA\System\{6C18F713-2F38-4E7B-B8FE-875BDB7447D7}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{6C18F713-2F38-4E7B-B8FE-875BDB7447D7}_System Diagnostics"
Task: {520F7FC8-C0C4-4E53-B5CF-09C6F2343F9B} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-s_rousseau01@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {5F5CA0B2-033A-48B9-85FE-375C0997724A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {61AF5CC5-44D9-46AA-9016-C64974AF74E0} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6374E2AE-21B3-4311-8CEA-5A5A18AB27E2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {64838AC9-F689-4AD1-98BE-E728D9F1D6D5} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {65D5DE7D-CF87-4ADC-954A-6A1AC9414FD2} - System32\Tasks\Microsoft\Windows\PLA\System\{22B1985F-56BF-4F47-8CAF-8CFDD12EEC20}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {65D5DE7D-CF87-4ADC-954A-6A1AC9414FD2} - System32\Tasks\Microsoft\Windows\PLA\System\{22B1985F-56BF-4F47-8CAF-8CFDD12EEC20}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{22B1985F-56BF-4F47-8CAF-8CFDD12EEC20}_System Diagnostics"
Task: {6D2C4BB2-C983-4660-8284-BBF3A39CE188} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {7675AF6F-733B-4F7A-B654-9FF321ADB87F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {792A0B8B-56B8-420C-8EE1-3D37D25F7F76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (Hewlett Packard -> HP Inc.)
Task: {7BD28A77-7B7F-4A15-9491-39D23FACAC38} - System32\Tasks\Microsoft\Windows\PLA\System\{CCC646A3-B8C6-4B49-9901-EBDFA4C8624E}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {7BD28A77-7B7F-4A15-9491-39D23FACAC38} - System32\Tasks\Microsoft\Windows\PLA\System\{CCC646A3-B8C6-4B49-9901-EBDFA4C8624E}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{CCC646A3-B8C6-4B49-9901-EBDFA4C8624E}_System Diagnostics"
Task: {7D0761E6-0E60-4C13-B9BF-5A2C0F19D54F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (Hewlett-Packard Company -> HP Inc.)
Task: {813E4D30-1197-4A0D-AD82-940F4AF151D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {81AA8D1E-31C5-44E5-B556-AB041821B762} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {8236B509-E31A-4E60-B3F8-2C2144593AC8} - System32\Tasks\Microsoft\Windows\PLA\System\{30A1269C-72A0-4E6F-8CB5-5810F9388A5F}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {8236B509-E31A-4E60-B3F8-2C2144593AC8} - System32\Tasks\Microsoft\Windows\PLA\System\{30A1269C-72A0-4E6F-8CB5-5810F9388A5F}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{30A1269C-72A0-4E6F-8CB5-5810F9388A5F}_System Diagnostics"
Task: {84D1F7A3-7BAE-4CC1-B3F5-9E6C31F04B02} - System32\Tasks\{0FB5441B-2FFE-4009-9351-3A427EFCB988} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Package Cache\{a2199617-3609-410f-a8e8-e8806c73545b}\vcredist_x64.exe" -c /uninstall
Task: {8555A7F5-980F-4CD8-BB70-5027DFD14416} - System32\Tasks\HPCustParticipation HP ENVY 5640 series => C:\Program Files\HP\HP ENVY 5640 series\Bin\HPCustPartic.exe
Task: {9B4ED4F9-3664-487E-9862-35DBEA44C818} - System32\Tasks\Microsoft\Windows\PLA\System\{7FD5554E-014C-4079-B45B-2AEDB34ED4FF}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {9B4ED4F9-3664-487E-9862-35DBEA44C818} - System32\Tasks\Microsoft\Windows\PLA\System\{7FD5554E-014C-4079-B45B-2AEDB34ED4FF}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{7FD5554E-014C-4079-B45B-2AEDB34ED4FF}_System Diagnostics"
Task: {A4BA79DC-6750-41BE-97B9-47F1E2A89FD2} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A6E5F66A-91F3-42E6-9675-E5AD4B4F6E14} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {B951F297-785B-49AA-8109-4B36896F11B0} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {BC1947AE-650D-49E6-B59B-7110DF30175C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (Hewlett Packard -> HP Inc.)
Task: {BC3929CA-50F6-458D-84C4-747D84B797DD} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BF0526E3-ECCD-46E7-B38F-FAAD92B39D9C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C3AF1404-11CE-4762-B094-E876AFF3A355} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {D4B63546-8561-4DF7-A867-9B5E363AEB29} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D5CC2AAE-A321-49D8-9631-34601755C4F6} - System32\Tasks\Microsoft\Windows\PLA\System\{3EAC782B-FB56-480A-A8D6-164CBA1D2D7B}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {D5CC2AAE-A321-49D8-9631-34601755C4F6} - System32\Tasks\Microsoft\Windows\PLA\System\{3EAC782B-FB56-480A-A8D6-164CBA1D2D7B}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{3EAC782B-FB56-480A-A8D6-164CBA1D2D7B}_System Diagnostics"
Task: {D6FC5902-A5D7-4DD7-9F83-87A1DBC4B4EC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E1EAFA40-75E8-40E5-A643-33196539A39C} - System32\Tasks\Microsoft\Windows\PLA\System\{5BF2BADA-93AC-4C6D-BF8B-1CE4678D8141}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {E1EAFA40-75E8-40E5-A643-33196539A39C} - System32\Tasks\Microsoft\Windows\PLA\System\{5BF2BADA-93AC-4C6D-BF8B-1CE4678D8141}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{5BF2BADA-93AC-4C6D-BF8B-1CE4678D8141}_System Diagnostics"
Task: {EC85F07A-FE97-4A27-BBEF-3654F39AD13A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Inc. -> Adobe)
Task: {EF6EB782-A6EA-4C08-B358-88AF758CF8ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {F15F45C2-0E60-436F-9B17-7789E0829FFB} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe (Adobe Inc. -> Adobe)
Task: {FAC24A51-9C70-4C49-880E-3EF53EE8A295} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {FD76CAB0-8652-4974-8CA7-027FAF3DD1F5} - System32\Tasks\Microsoft\Windows\PLA\System\{C9B1B2A1-5127-4E65-B743-DBC85CE7C765}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {FD76CAB0-8652-4974-8CA7-027FAF3DD1F5} - System32\Tasks\Microsoft\Windows\PLA\System\{C9B1B2A1-5127-4E65-B743-DBC85CE7C765}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{C9B1B2A1-5127-4E65-B743-DBC85CE7C765}_System Diagnostics"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-22 22:27 - 2018-05-01 12:10 - 001677824 _____ (Igor Pavlov) [File not signed] C:\PROGRAM FILES (X86)\MALWAREBYTES\ANTI-MALWARE\7z.dll
2016-06-22 18:04 - 2016-10-15 04:06 - 000703488 _____ () [File not signed] C:\Program Files (x86)\DFX\DFX.exe
2016-12-01 20:06 - 2017-01-18 23:21 - 001482240 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll
2018-12-22 22:27 - 2018-01-18 17:24 - 000206336 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-12-22 22:27 - 2018-01-18 17:18 - 002522112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-12-22 22:27 - 2018-01-18 17:12 - 005100032 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-12-22 22:27 - 2018-01-18 17:20 - 002570752 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-12-22 22:27 - 2018-01-18 17:14 - 004482048 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-12-22 22:27 - 2018-01-18 17:10 - 002012672 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-12-22 22:27 - 2018-05-09 10:35 - 004809728 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\Qt5Core.dll
2018-12-22 22:27 - 2018-01-18 17:15 - 000993792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2018-12-22 22:27 - 2018-01-18 17:15 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\imageformats\qgif.dll
2018-12-22 22:27 - 2018-01-18 17:16 - 000031232 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\imageformats\qicns.dll
2018-12-22 22:27 - 2018-01-18 17:15 - 000025088 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\imageformats\qico.dll
2018-12-22 22:27 - 2018-01-18 17:15 - 000242688 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll
2018-12-22 22:27 - 2018-01-18 17:16 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-12-22 22:27 - 2018-01-18 17:16 - 000247808 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\Qt5Svg.dll
2018-12-22 22:27 - 2018-01-18 17:16 - 000018944 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\imageformats\qtga.dll
2018-12-22 22:27 - 2018-01-18 17:16 - 000318976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\imageformats\qtiff.dll
2018-12-22 22:27 - 2018-01-18 17:16 - 000017920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll
2018-12-22 22:27 - 2018-01-18 17:16 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\imageformats\qwebp.dll
2018-12-22 22:27 - 2018-01-18 17:22 - 000013824 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2018-12-22 22:27 - 2018-01-18 17:27 - 000698368 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-12-22 22:27 - 2018-01-18 17:26 - 000069632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-12-22 22:27 - 2018-01-18 17:27 - 000173056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2018-12-22 22:27 - 2018-01-18 17:22 - 000013312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2018-12-22 22:27 - 2018-01-18 17:22 - 000013312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2018-12-22 22:27 - 2018-01-18 17:27 - 000097280 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2018-07-15 08:03 - 2019-04-02 18:06 - 001240064 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\libeay32.dll
2018-07-15 08:03 - 2019-04-02 18:06 - 000281600 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\ssleay32.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000163840 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\Qt5Sql.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000190976 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\Qt5WebEngineWidgets.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 001088512 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\Qt5Network.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 004590592 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\Qt5Widgets.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000092160 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\Qt5WebChannel.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 004994048 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\Qt5Core.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 003637248 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\Qt5Gui.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 055062528 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\Qt5WebEngineCore.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000048640 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\Qt5QuickWidgets.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000278016 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\Qt5PrintSupport.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 002796032 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\Qt5Quick.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000280576 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\Qt5Positioning.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 002966016 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\Qt5Qml.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 001126400 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\platforms\qwindows.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000122368 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\styles\qwindowsvistastyle.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\imageformats\qgif.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000034816 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\imageformats\qicns.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\imageformats\qico.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000298496 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\imageformats\qjpeg.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\imageformats\qsvg.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000268288 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\Qt5Svg.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\imageformats\qtga.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\imageformats\qtiff.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\imageformats\qwbmp.dll
2019-04-12 08:50 - 2019-04-02 18:06 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Sean\AppData\Roaming\Dashlane\6.1914.0.19480\bin\Qt\imageformats\qwebp.dll
2015-07-08 17:54 - 2015-07-08 17:54 - 002056704 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuin54.dll
2015-07-08 17:54 - 2015-07-08 17:54 - 001425408 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuuc54.dll
2015-07-08 17:54 - 2015-07-08 17:54 - 025338368 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icudt54.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2018-12-22 22:43 - 000000938 _____ C:\WINDOWS\system32\drivers\etc\hosts

0.0.0.0 keystone.mwbsys.com
0.0.0.0 serius.mwbsys.com
127.0.0.1 activation.acronis.com web-api-tih.acronis.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Crucial\Crucial Storage Executive;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-1301745139-1219763072-805054973-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sean\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\mountain range 4k (5120x2880).jpg
DNS Servers: 195.130.130.2 - 195.130.131.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0974CD76-B9DC-4DA7-82BA-AF3D52DB515F}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{B41CF77F-9225-47CD-8C3F-7135921E6D88}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{4BD29A4B-BED8-4511-8597-71D447456757}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [{13C9A6D6-EED0-445E-BC12-6BD4B1157B20}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C244246F-0649-457D-AD34-56DD4E975315}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{54414BA0-6944-4A45-93B8-32938E519065}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{5A8D0A3A-640B-4117-9155-2DAA1402D195}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{678B3A25-14AB-4D18-8A58-A83FDCFA927D}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
FirewallRules: [{99243AFE-C87D-444D-8BA9-F4143AC946AE}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{60A2EE66-058F-4EA9-94F9-D6F288908A1E}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{9D182916-5BCD-491F-9274-6B4A51558202}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> )
FirewallRules: [{113B9887-E4CD-4E2B-BC9F-64BD336FE96D}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> )
FirewallRules: [{28094823-57A5-4F3E-B633-DD84E58EAA32}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{B75ED77E-D47E-49C5-B108-6710ADEBF02A}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{24B3DCF1-A067-4603-9146-64EBF6BA33A6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{909A07E4-5106-43B5-AD88-D86090D0C525}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [UDP Query User{094D7E17-A8B7-42EE-9C33-345E47180044}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Block) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{3B1B045D-6019-4D1C-8F7C-30F2FB621025}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Block) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [{BEB78FCD-1312-4D7B-8071-DD2F8FF91C27}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{14FFDC58-70F6-4402-AE20-B66E8734E651}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1010BE8C-E1F0-4E76-A261-E4EDD50E95F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{82A82C85-E87B-4A7C-9D16-0B70CD8C6345}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A4391415-380A-4CC1-83F8-51935602C5B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{76CDEB99-4F98-4342-BEA4-DA32703D814C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{35F13BB3-E324-4332-A452-ADE6AB83BB1A}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{2453F863-649A-4197-BF8E-D6C2167B56D5}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{D93903FB-11A6-4446-BDCE-DA6769BA1A28}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [TCP Query User{05C0B656-35F0-4CBA-96C8-FF135725A5CC}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [{6EF389CE-E12A-4586-8E73-5D64ECE0303F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4B738E41-F6C4-4520-A07B-C20875CAD443}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1142BC78-36DE-45A9-A631-B41B08E4EDBF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{345AC520-D595-4066-A149-E47F0CDEF2FE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0724DE2A-9131-4A41-B91F-6F84A3964EA5}C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [UDP Query User{2F6AE33A-E78B-4097-B5AB-FA1A2AF13AC6}C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [TCP Query User{8DC51718-85D3-41AF-AE44-3FC9C757565B}C:\program files\on1\on1 photo 10\on1 photo 10.exe] => (Block) C:\program files\on1\on1 photo 10\on1 photo 10.exe (ON1, Inc. -> ON1, Inc.)
FirewallRules: [UDP Query User{EBE9BA36-8559-497F-AFFE-3A81329515AA}C:\program files\on1\on1 photo 10\on1 photo 10.exe] => (Block) C:\program files\on1\on1 photo 10\on1 photo 10.exe (ON1, Inc. -> ON1, Inc.)
FirewallRules: [{B401465E-4055-4A7B-AA95-9E4BE80250CF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{DE19AF09-984A-4CBB-A238-B2A3E045DD67}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{693DEDE6-F016-49E2-B245-14255B5D707C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{40737378-D506-463A-A108-8A8B6E068006}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{1B232260-6218-43EA-9B2A-722A4A5AF4D4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{E952799F-2CC2-42F4-952D-86AE03D6B0D4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{FA3B100A-C222-4426-AD10-C80B9A1A5FE1}D:\wondershare mobilego portable\data\mobilego\local\stubexe\0x91c27d093622b891\mobilegoservice.exe] => (Allow) D:\wondershare mobilego portable\data\mobilego\local\stubexe\0x91c27d093622b891\mobilegoservice.exe (Code Systems Corporation -> Code Systems Corporation)
FirewallRules: [UDP Query User{57D6D742-ACE1-4DF4-A7B6-CE4A746D7B1A}D:\wondershare mobilego portable\data\mobilego\local\stubexe\0x91c27d093622b891\mobilegoservice.exe] => (Allow) D:\wondershare mobilego portable\data\mobilego\local\stubexe\0x91c27d093622b891\mobilegoservice.exe (Code Systems Corporation -> Code Systems Corporation)
FirewallRules: [{A0FD6A8C-0E06-4FA3-BA96-5BAC57F836D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8FAF578B-08FC-4B5D-A4D9-99273BAA9437}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B95E5622-4D5B-4918-A0B2-CE897F0BE4C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E6532F8B-98BE-4952-BD45-49A61D332C17}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B49DF510-7EA2-457C-900C-41DED0A97C3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2005E3EF-8CE7-48D3-B8F3-B1361E3F38BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AABF0C1F-BEA0-44AC-8C66-CB8293A8BB34}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F60E959-6DD2-48FF-BA6D-C806CF3B4B39}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{68048A25-8764-461A-AA5C-86717FC4860F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B2202174-FF7C-478A-8B5D-4A0237575D24}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7E97B28F-D575-4120-B96E-373B9BC088F4}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{8DDF20DB-9A0F-47E5-A3E1-66922074ECB3}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{D95E9C19-1FF0-4DA9-A48F-F2E972423D7E}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\74.0.3729.56\remoting_host.exe (Google LLC -> Google Inc.)
FirewallRules: [{6242E2A2-6DDB-486E-B02F-2CA5602BDBFB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{DF4B32FF-6ADA-49CF-B0A8-B3232CE78D97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{284BB2D3-0B82-45F7-A5CE-EF19368FD47C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{44689AEE-0667-48A0-86C9-F25DFBF119FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A720B0A8-0DF5-4F0C-B76A-497699CA4338}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

==================== Restore Points =========================

13-04-2019 09:17:19 Windows Update
14-04-2019 07:02:56 Removed Java 8 Update 201
14-04-2019 07:21:17 14/04/2019

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2019 06:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 13 7.7.B.0.3.2.6.B.2.0.3.0.0.3.D.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR msi-2.local.

Error: (04/16/2019 06:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.208:5353 11 7.7.B.0.3.2.6.B.2.0.3.0.0.3.D.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR msi.local.

Error: (04/16/2019 06:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 13 208.0.168.192.in-addr.arpa. PTR msi-2.local.

Error: (04/16/2019 06:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.208:5353 11 208.0.168.192.in-addr.arpa. PTR msi.local.

Error: (04/16/2019 06:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname msi.local already in use; will try msi-2.local instead

Error: (04/16/2019 06:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 msi.local. AAAA FE80:0000:0000:0000:3D30:0302:B623:0B77

Error: (04/16/2019 06:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.208:5353 16 msi.local. AAAA 2A02:1812:1130:DF00:3D30:0302:B623:0B77

Error: (04/16/2019 06:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 msi.local. Addr 192.168.0.208


System errors:
=============
Error: (04/16/2019 06:49:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Starten niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
Windows.SecurityCenter.WscDataProtection
en APPID
Niet beschikbaar
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (04/16/2019 06:49:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Starten niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
Windows.SecurityCenter.WscBrokerManager
en APPID
Niet beschikbaar
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (04/16/2019 06:47:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De NVIDIA Display Container LS-service is onverwacht gestopt. Dit is 3 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Het geconfigureerde herstelprogramma uitvoeren.

Error: (04/16/2019 06:47:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De NVIDIA Display Container LS-service is gestopt met de volgende foutcode:
Een algemeen uitvoerbaar bestand heeft een resultaat geretourneerd dat een probleem aangeeft.
.

Error: (04/16/2019 06:47:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
en APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (04/16/2019 06:47:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
en APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (04/16/2019 06:47:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De NVIDIA Display Container LS-service is onverwacht gestopt. Dit is 2 keer gebeurd. De volgende herstelbewerking zal over 8000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (04/16/2019 06:47:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De NVIDIA Display Container LS-service is gestopt met de volgende foutcode:
Een algemeen uitvoerbaar bestand heeft een resultaat geretourneerd dat een probleem aangeeft.
.


Windows Defender:
===================================
Date: 2019-04-14 07:38:47.979
Description:
Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid.
Scan-id: {C2EEFA9F-2A70-4555-B588-CA03D6C490B8}
Type scan: Antimalware
Scanparameters: Snelle scan
Gebruiker: NT AUTHORITY\SYSTEM

Date: 2019-04-08 19:15:52.536
Description:
Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid.
Scan-id: {F879AEFB-C186-4F80-A886-F9861686CFCD}
Type scan: Antimalware
Scanparameters: Snelle scan
Gebruiker: NT AUTHORITY\SYSTEM

Date: 2019-04-04 20:59:14.353
Description:
Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid.
Scan-id: {BF1829BF-CBCD-4CA3-8572-E7E4F543B112}
Type scan: Antimalware
Scanparameters: Snelle scan
Gebruiker: NT AUTHORITY\SYSTEM

Date: 2019-04-03 19:26:31.011
Description:
Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid.
Scan-id: {6EBB3288-9565-4655-95C2-34E3242360F8}
Type scan: Antimalware
Scanparameters: Snelle scan
Gebruiker: NT AUTHORITY\SYSTEM

Date: 2019-04-01 20:21:08.217
Description:
Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid.
Scan-id: {8644BB91-5AA9-4431-9095-8F3FFB5F8344}
Type scan: Antimalware
Scanparameters: Snelle scan
Gebruiker: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2018-06-03 18:09:57.801
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-03 18:09:40.273
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-03 18:09:40.038
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-03 18:09:25.344
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-03 18:09:24.848
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-03 18:09:24.844
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-28 18:58:17.683
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-28 18:58:17.483
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 26%
Total physical RAM: 16312.03 MB
Available physical RAM: 11961.65 MB
Total Virtual: 17592.03 MB
Available Virtual: 12634.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:213.62 GB) (Free:101.55 GB) NTFS
Drive d: (Lokale Schijf) (Fixed) (Total:931.39 GB) (Free:870.27 GB) NTFS
Drive g: (Turbo Desk Pro) (Fixed) (Total:3726.01 GB) (Free:2369.15 GB) NTFS
Drive h: (My Book) (Fixed) (Total:3725.99 GB) (Free:1835.41 GB) NTFS

\\?\Volume{48841191-bb93-4053-a555-afde4e056f4f}\ (Herstel) (Fixed) (Total:0.29 GB) (Free:0.08 GB) NTFS
\\?\Volume{4ba2d6e6-09a1-486e-a4d3-915dc215e407}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
\\?\Volume{e5ca8cc2-cde0-4b43-92ab-99acaf3a7df8}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 04097812)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 096AC2D4)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.

==================== End of Addition.txt ============================
 
Hi, sean301.

Please do the following:
  • Open a search, and enter Command into the search field.
  • Click on Command Prompt or cmd.exe (whichever is found)
  • This will open a Command Window ...
    • Enter slmgr -dlv at the command prompt and hit Enter
    • After a few seconds a Windows Script Host Window will open.
    • Hit Ctrl + C to copy the contents of that window.
  • Open a search, and enter Notepad into the search field.
  • Click on Notepad or notepad.exe (whichever is found)
  • This will open an empty Notepad file ...
    • Hit Ctrl + V to paste the contents of Windows Script Host into the empty Notepad file.
    • Save to your Desktop.
    • In your next reply, please post the contents of the Notepad file that you've just created.

Note that support for Office Professional Plus 2013 ended April 15, 2015. Without security updates, your computer is in serious jeopardy for infection. Note that you can use the free Office Online. There is a nice write-up about it here: A Free Microsoft Office: Is Office Online Worth Using?
 
---------------------------
Windows Script Host
---------------------------
Versie van Software Licensing-service: 10.0.17134.590



Naam: Windows(R), Professional edition

Beschrijving: Windows(R) Operating System, VOLUME_KMSCLIENT channel

Activerings-id: 2de67392-b7a7-462a-b1ca-108dd189f588

Toepassings-id55c92734-d682-4d71-983e-d6ec3f16059f

Uitgebreide PID: 03612-03311-000-000001-03-1033-17134.0000-1312018

Kanaal van productcode: Volume:GVLK

Installatie-id476545677548410951050287430190878215922802954475626027456980560

Gedeeltelijke productcode: T83GX

Licentiestatus: licentie

Verlooptijd van volumeactivering: 247495 minu(u)t(en) (172 dag(en))

Resterend aantal nieuwe Windows-activeringen: 1001

Resterend aantal nieuwe SKU-activeringen: 1001

Vertrouwde tijd: 16/04/2019 21:52:28

Geconfigureerd activeringstype: Alle



Meest recente activeringsgegevens:

Key Management Service-clientgegevens

Id van clientcomputer (CMID): 90d46a02-690c-43d8-96b2-66f1e84bd9ee

Geregistreerde KMS-computernaam: 10.3.0.1:1688

IP-adres van de KMS-computer: 10.3.0.1

Uitgebreide PID van KMS-computer: 03612-00206-514-369336-03-1033-14393.0000-1882018

Interval voor activeren: 120 minuten

Vernieuwingsinterval: 43200 minuten

Opslaan in cache is ingeschakeld voor KMS




---------------------------
OK
---------------------------
 
I'm sorry, seane01, you are using a method to bypass activation of licensed Microsoft and another vendor's software. Doing so is contrary to Sysnative's Forum rules as well as my personal standards and I cannot provide further assistance.

In addition, your use of qBittorrent places your computer in continuing jeopardy for infection due to the fact that with P2P file sharing, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files.

My advice is to puchase a valid license and discontinue the use of P2P programs.
 
As far as I know, you'll run into the same situation at all tech help forums.
 
Strange,

It didn't used to be a problem, but i understand.

Thanks anyway!
 
Perhaps others hadn't seen what is in your HOSTs file with regard to licensed vendor software or the results with regard to your use of AutoKMS.exe. With regard to the U.S., from Legal Penalties for Software Piracy | Legalbeagle.com:
Software piracy is any unauthorized use and/or distribution of software. This includes anything from music, movies, and video games, to document software such as Microsoft Office, Adobe, and imaging programs. Something as innocent as installing a program on more than one computer, if the copy was intended for only one computer, can constitute piracy. Peer sharing networks are extremely common on the Internet, and they make sharing files very simple. However, even providing unauthorized files that are copied by others is piracy. Software piracy usually results in a huge loss of profits for the original owners of the material, so there are harsh civil and criminal penalties for piracy involving fines and prison time.
Click to expand...
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top