Solved Very slow computer, CPU and Disk seem maxed out most of the time

Hi there,

My HP Laptop is running very slow, especially loading websites and typing emails and searches. When typing searches and emails, it seems to play catch up or find my self typing it again, one letter at a time, very frustrating, although typing this is fine.

I have used program manager to disable anything that is using too much CPU and RAM, its a little better but still very slow, especially on Yahoo websites. I also cleaned up my desktop and used CC cleaner to get rid of any trash etc. Any help would be much appreciated.

Regards

Andrew

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by chiefmissile (administrator) on DREW (09-09-2017 12:57:00)
Running from C:\Users\chiefmissile\AppData\Local\Microsoft\Windows\INetCache\IE\EB4X8JV3
Loaded Profiles: chiefmissile (Available Profiles: Andrew & chiefmissile)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-09] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1707632 2012-09-10] (CyberLink Corp.)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [695808 2014-09-10] (FileHippo.com)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [EPSON Stylus CX7800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAFA.EXE [211968 2007-01-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [Chromium] => c:\users\chiefmissile\appdata\local\chromium\application\chrome.exe [1043456 2016-01-26] (The Chromium Authors)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\RunOnce: [Uninstall 17.3.6943.0625_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\chiefmissile\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\RunOnce: [Uninstall 17.3.6943.0625_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\chiefmissile\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{20745ea2-fd18-4f8e-a663-f970727190d5}: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{c778119d-796f-43c9-bdac-47fd841a4e01}: [DhcpNameServer] 192.168.100.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/2
HKU\S-1-5-21-249715362-3715089036-736331460-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.co.uk/
SearchScopes: HKLM -> {00FFC827-6B2B-4007-91B2-D317BD4A2E22} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {00FFC827-6B2B-4007-91B2-D317BD4A2E22} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-249715362-3715089036-736331460-1004 -> {6BE3BFC0-6F38-4AA8-8850-79B535964028} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&intl=ca&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-249715362-3715089036-736331460-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-06] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-06] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: id0a5pwk.default
FF ProfilePath: C:\Users\chiefmissile\AppData\Roaming\Mozilla\Firefox\Profiles\id0a5pwk.default [2017-09-06]
FF NewTab: Mozilla\Firefox\Profiles\id0a5pwk.default -> hxxps://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p10_serp_ff_ca_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_abc6b219_1201_1401_20160401_CA_ff_nt_
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\id0a5pwk.default -> Search Provided by Yahoo
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\id0a5pwk.default -> Amazon
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\id0a5pwk.default -> Search Provided by Yahoo
FF Homepage: Mozilla\Firefox\Profiles\id0a5pwk.default -> hxxp://yahoo.co.uk/
FF Extension: (Firefox Hotfix) - C:\Users\chiefmissile\AppData\Roaming\Mozilla\Firefox\Profiles\id0a5pwk.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-28]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\chiefmissile\AppData\Roaming\Mozilla\Firefox\Profiles\id0a5pwk.default\features\{19737b49-929b-4369-b7fb-46c6183dc991}\malware-remediation@mozilla.org.xpi [2016-11-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://uk.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default [2017-09-06]
CHR Extension: (Google Slides) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-04]
CHR Extension: (Google Docs) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-04]
CHR Extension: (Google Drive) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-04]
CHR Extension: (YouTube) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-04]
CHR Extension: (Google Sheets) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-05]
CHR Extension: (Yahoo Partner) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibbfklbaljofpaanmpaeadejijfdddco [2017-04-23]
CHR Extension: (HP Network Check Launcher) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-04-25]
CHR Extension: (ThemeBeta.com) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodnijmalidaijhflljmplhpdcgmfkno [2016-11-05]
CHR Extension: (Skype) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-08-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-04]
CHR Extension: (Chrome Media Router) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR HKLM-x32\...\Chrome\Extension: [ibbfklbaljofpaanmpaeadejijfdddco] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-13] (Macrovision Corporation) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U5 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [645952 2012-07-31] (Intel Corporation)
R1 MpKsl10ec9985; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ABADD444-FAB5-4A6F-947E-1D7AF9F186FF}\MpKsl10ec9985.sys [44928 2017-09-09] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-04-11] (CACE Technologies, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 StkCMini; C:\WINDOWS\System32\Drivers\StkCMini.sys [1917576 2010-06-07] (Syntek)
S3 visctap0901; C:\WINDOWS\system32\DRIVERS\visctap0901.sys [38368 2012-12-12] (The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-09 12:31 - 2017-09-09 12:31 - 000000000 ____D C:\Users\chiefmissile\AppData\Roaming\HPPSDr
2017-09-09 12:30 - 2017-09-09 12:30 - 000961966 _____ C:\Users\chiefmissile\Desktop\F&C.pdf
2017-09-09 12:30 - 2017-09-09 12:30 - 000002081 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2017-08-21 20:06 - 2017-07-31 10:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-21 20:06 - 2017-07-31 10:15 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-21 19:59 - 2017-09-06 20:12 - 000088770 ____H C:\Users\chiefmissile\AppData\Local\IconCache.db.backup
2017-08-21 18:34 - 2017-07-31 21:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-21 18:34 - 2017-07-31 21:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-21 18:34 - 2017-07-31 21:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-21 18:34 - 2017-07-31 21:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-21 18:34 - 2017-07-31 21:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-21 18:34 - 2017-07-31 21:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-21 18:34 - 2017-07-31 21:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-21 18:34 - 2017-07-31 21:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-21 18:34 - 2017-07-31 21:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-21 18:34 - 2017-07-31 21:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-21 18:34 - 2017-07-31 21:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-21 18:34 - 2017-07-31 21:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-21 18:34 - 2017-07-31 21:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-21 18:34 - 2017-07-31 21:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-21 18:34 - 2017-07-31 21:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-21 18:34 - 2017-07-31 21:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-21 18:34 - 2017-07-31 21:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-21 18:34 - 2017-07-31 21:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-21 18:34 - 2017-07-31 21:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-21 18:34 - 2017-07-31 21:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-21 18:34 - 2017-07-31 21:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-21 18:34 - 2017-07-31 21:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-21 18:34 - 2017-07-31 21:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-21 18:34 - 2017-07-31 21:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-21 18:34 - 2017-07-31 21:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-21 18:34 - 2017-07-31 21:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-21 18:34 - 2017-07-31 21:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-21 18:34 - 2017-07-31 21:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-21 18:34 - 2017-07-31 21:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-21 18:34 - 2017-07-31 21:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-21 18:34 - 2017-07-31 21:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-21 18:34 - 2017-07-31 21:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-21 18:34 - 2017-07-31 21:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-21 18:34 - 2017-07-31 21:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-21 18:34 - 2017-07-31 21:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-21 18:34 - 2017-07-31 21:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-21 18:34 - 2017-07-31 21:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-21 18:34 - 2017-07-31 21:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-21 18:34 - 2017-07-31 21:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-21 18:34 - 2017-07-31 21:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-21 18:34 - 2017-07-31 21:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-21 18:34 - 2017-07-31 21:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-21 18:34 - 2017-07-31 21:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-21 18:34 - 2017-07-31 21:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-21 18:34 - 2017-07-31 21:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-21 18:34 - 2017-07-31 21:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-21 18:34 - 2017-07-31 20:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-21 18:34 - 2017-07-31 20:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-21 18:34 - 2017-07-31 20:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-21 18:34 - 2017-07-31 20:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-21 18:34 - 2017-07-31 20:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-21 18:34 - 2017-07-31 20:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-21 18:34 - 2017-07-31 20:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-21 18:34 - 2017-07-31 20:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-21 18:34 - 2017-07-31 20:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-21 18:34 - 2017-07-31 20:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-21 18:34 - 2017-07-31 20:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-21 18:34 - 2017-07-31 20:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-21 18:34 - 2017-07-31 20:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-21 18:34 - 2017-07-31 20:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-21 18:34 - 2017-07-31 20:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-21 18:34 - 2017-07-31 20:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-21 18:34 - 2017-07-31 20:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-21 18:34 - 2017-07-31 20:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-21 18:34 - 2017-07-31 20:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-21 18:34 - 2017-07-31 20:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-21 18:34 - 2017-07-31 20:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-21 18:33 - 2017-07-31 21:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-21 18:33 - 2017-07-31 21:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-21 18:33 - 2017-07-31 21:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-21 18:33 - 2017-07-31 21:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-21 18:33 - 2017-07-31 21:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-21 18:33 - 2017-07-31 20:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-21 18:33 - 2017-07-31 20:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-21 18:33 - 2017-07-31 20:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-21 18:33 - 2017-07-31 20:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-21 18:33 - 2017-07-31 20:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-21 18:33 - 2017-07-31 20:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-21 18:33 - 2017-07-31 20:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-21 18:33 - 2017-07-31 20:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-21 18:33 - 2017-07-31 20:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-21 18:33 - 2017-07-31 20:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-21 18:33 - 2017-07-31 20:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-21 18:33 - 2017-07-31 20:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-21 18:33 - 2017-07-31 20:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-21 18:33 - 2017-07-31 20:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-21 18:33 - 2017-07-31 20:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-21 18:33 - 2017-07-31 20:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-21 18:33 - 2017-07-31 20:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-21 18:33 - 2017-07-31 20:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-21 18:33 - 2017-07-31 20:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-21 18:33 - 2017-07-31 20:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-21 18:33 - 2017-07-31 20:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-21 18:33 - 2017-07-31 20:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-21 18:33 - 2017-07-31 20:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-21 18:32 - 2017-08-21 18:33 - 000000000 ____D C:\Users\chiefmissile\Desktop\Canada Tax Return 2017
2017-08-14 16:03 - 2017-08-14 16:03 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-08-14 16:02 - 2017-08-14 16:02 - 000000000 ____D C:\Users\chiefmissile\AppData\Local\DBG
2017-08-14 15:59 - 2017-08-14 15:59 - 000000020 ___SH C:\Users\chiefmissile\ntuser.ini
2017-08-14 14:58 - 2017-08-14 15:02 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2017-08-14 14:58 - 2017-08-14 15:02 - 000011433 _____ C:\WINDOWS\diagerr.xml
2017-08-14 14:47 - 2017-09-09 12:15 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-249715362-3715089036-736331460-1004
2017-08-14 14:47 - 2017-09-06 21:03 - 000003308 _____ C:\WINDOWS\System32\Tasks\IORRT
2017-08-14 14:47 - 2017-09-06 20:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-14 14:47 - 2017-08-14 16:52 - 000003290 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForchiefmissile
2017-08-14 14:47 - 2017-08-14 14:48 - 000002808 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-249715362-3715089036-736331460-1004
2017-08-14 14:47 - 2017-08-14 14:48 - 000002506 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8610
2017-08-14 14:47 - 2017-08-14 14:48 - 000002484 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2017-08-14 14:47 - 2017-08-14 14:48 - 000002036 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-08-14 14:47 - 2017-08-14 14:47 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-14 14:47 - 2017-08-14 14:47 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-14 14:47 - 2017-08-14 14:47 - 000003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-08-14 14:47 - 2017-08-14 14:47 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-14 14:47 - 2017-08-14 14:47 - 000003076 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4727A29D-35BA-4549-92C8-2001EA697545}
2017-08-14 14:47 - 2017-08-14 14:47 - 000002500 _____ C:\WINDOWS\System32\Tasks\UpdateTask
2017-08-14 14:47 - 2017-08-14 14:47 - 000002352 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2017-08-14 14:47 - 2017-08-14 14:47 - 000002340 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2017-08-14 14:47 - 2017-08-14 14:47 - 000002314 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2017-08-14 14:47 - 2017-08-14 14:47 - 000002108 _____ C:\WINDOWS\System32\Tasks\0
2017-08-14 14:47 - 2017-08-14 14:47 - 000002040 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2017-08-14 14:47 - 2017-08-14 14:47 - 000001994 _____ C:\WINDOWS\System32\Tasks\Hybrid
2017-08-14 14:47 - 2017-08-14 14:47 - 000001968 _____ C:\WINDOWS\System32\Tasks\{291124A0-BF46-4528-82D5-73ECCB1CE97C}
2017-08-14 14:47 - 2017-08-14 14:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-08-14 14:47 - 2017-08-14 14:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-08-14 14:47 - 2017-08-14 14:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-08-14 14:47 - 2017-08-14 14:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-08-14 14:47 - 2017-08-14 14:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-08-14 14:29 - 2017-08-14 14:29 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-08-14 14:01 - 2017-08-14 14:33 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-08-14 13:56 - 2017-08-14 13:56 - 000000000 ____D C:\ProgramData\USOShared
2017-08-14 13:54 - 2017-09-06 19:46 - 000000000 ____D C:\Users\chiefmissile
2017-08-14 13:54 - 2017-08-14 14:44 - 000000000 ____D C:\Users\Andrew
2017-08-14 13:52 - 2017-09-06 21:07 - 001032130 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-14 13:52 - 2017-08-14 14:33 - 000000000 ____D C:\Program Files\ATI Technologies
2017-08-14 13:52 - 2017-08-14 14:03 - 000000000 ____D C:\ProgramData\AMD
2017-08-14 13:52 - 2017-08-14 13:52 - 000939752 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-08-14 13:52 - 2017-08-14 13:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2017-08-14 13:51 - 2017-09-06 20:45 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-14 13:51 - 2017-08-14 13:52 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2017-08-14 13:51 - 2017-08-14 13:51 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-08-14 13:51 - 2017-08-14 13:51 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-08-14 13:51 - 2017-08-14 13:51 - 000000000 ____D C:\Program Files\Synaptics
2017-08-14 13:50 - 2017-08-14 13:50 - 000000000 _____ C:\WINDOWS\ativpsrm.bin
2017-08-14 13:49 - 2017-08-14 13:50 - 000000000 ____D C:\Program Files\AMD
2017-08-14 13:49 - 2017-03-18 15:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-08-14 13:44 - 2017-09-09 12:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-14 13:44 - 2017-08-21 20:05 - 000434384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-14 08:30 - 2017-09-09 12:09 - 000000000 ____D C:\Windows.old
2017-08-14 08:26 - 2017-08-14 08:26 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-14 08:26 - 2017-08-14 08:26 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-14 08:26 - 2017-08-14 08:26 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-14 08:08 - 2017-08-14 13:44 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-08-14 08:08 - 2017-08-14 08:08 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-08-14 08:03 - 2017-08-14 08:03 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-08-14 08:03 - 2017-08-14 08:03 - 000000000 ____D C:\Program Files\MSBuild
2017-08-14 08:03 - 2017-08-14 08:03 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-08-14 08:03 - 2017-08-14 08:03 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-08-14 08:03 - 2017-08-14 08:03 - 000000000 ____D C:\inetpub
2017-08-14 08:02 - 2017-02-10 06:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-08-14 08:02 - 2017-02-10 06:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-08-14 08:01 - 2017-02-10 06:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-08-14 08:01 - 2017-02-10 06:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-08-14 08:01 - 2017-02-10 06:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-08-14 08:01 - 2017-02-10 06:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

 

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-09 12:57 - 2015-03-26 09:26 - 000000000 ____D C:\FRST
2017-09-09 12:38 - 2016-07-06 16:42 - 000000000 ____D C:\ProgramData\HP
2017-09-09 12:23 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-09 12:23 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-09 12:16 - 2016-07-06 16:42 - 000000000 ____D C:\Program Files (x86)\HP
2017-09-09 12:12 - 2016-07-28 04:32 - 000002418 _____ C:\Users\chiefmissile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-09 12:12 - 2016-07-28 04:32 - 000000000 ___RD C:\Users\chiefmissile\OneDrive
2017-09-09 11:56 - 2013-01-24 06:00 - 000000000 ____D C:\Users\chiefmissile\AppData\Local\ElevatedDiagnostics
2017-09-06 22:38 - 2015-09-24 09:37 - 000000000 ____D C:\Users\chiefmissile\Desktop\Desktop PDF
2017-09-06 22:35 - 2015-09-24 09:39 - 000000000 ____D C:\Users\chiefmissile\Desktop\Desktop Word
2017-09-06 21:02 - 2015-03-26 09:58 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-06 20:58 - 2017-03-18 06:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-09-06 20:51 - 2012-10-10 14:12 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-09-06 20:51 - 2012-08-16 15:05 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-09-06 20:51 - 2012-08-16 15:04 - 000000000 ____D C:\Program Files (x86)\CyberLink
2017-09-06 20:45 - 2013-08-22 00:05 - 000000000 ____D C:\Program Files (x86)\Garmin
2017-09-06 20:45 - 2013-08-21 20:32 - 000000000 ____D C:\Users\chiefmissile\AppData\Roaming\Garmin
2017-09-06 20:45 - 2013-08-21 20:29 - 000000000 ____D C:\Users\chiefmissile\Documents\Garmin
2017-09-06 20:45 - 2013-08-21 20:28 - 000000000 ____D C:\Users\chiefmissile\AppData\Local\Garmin
2017-09-06 20:45 - 2013-08-21 20:27 - 000000000 ____D C:\ProgramData\Garmin
2017-09-06 20:44 - 2013-01-11 07:15 - 000000000 ____D C:\Users\chiefmissile\AppData\Local\Packages
2017-09-06 20:43 - 2012-08-16 15:02 - 000000000 ____D C:\ProgramData\install_clap
2017-09-06 20:41 - 2013-01-24 07:22 - 000000000 ____D C:\Program Files (x86)\Canon
2017-09-06 20:40 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-06 20:40 - 2013-02-04 06:27 - 000000000 ____D C:\Users\chiefmissile\AppData\Roaming\Canon
2017-09-06 20:36 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-06 20:26 - 2016-03-21 15:11 - 000000000 ____D C:\Users\chiefmissile\Desktop\Spanish Sale docs
2017-09-06 20:25 - 2016-02-06 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-09-06 20:25 - 2014-09-26 10:05 - 000000000 ____D C:\Program Files\Java
2017-09-06 20:23 - 2016-02-17 17:43 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-09-06 20:13 - 2013-09-18 22:08 - 000000000 ____D C:\Program Files (x86)\epson
2017-09-06 20:08 - 2016-03-21 15:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-06 20:07 - 2016-08-04 19:28 - 000000000 ____D C:\Users\chiefmissile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-09-06 20:06 - 2014-08-29 14:35 - 000000000 ____D C:\Program Files (x86)\Java
2017-08-29 21:24 - 2016-09-15 17:44 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-29 21:24 - 2016-09-15 17:44 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-29 21:21 - 2013-05-06 14:56 - 000000000 ____D C:\Users\chiefmissile\Documents\Cathie
2017-08-29 21:18 - 2015-11-02 11:27 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-21 20:06 - 2014-03-02 16:10 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-08-21 20:05 - 2017-03-25 14:22 - 000000370 _____ C:\WINDOWS\Tasks\HPCeeScheduleForchiefmissile.job
2017-08-21 18:57 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-21 18:52 - 2015-10-14 11:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-08-20 13:01 - 2013-01-14 09:16 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-15 17:01 - 2017-08-09 21:08 - 000000000 ____D C:\Users\chiefmissile\AppData\Local\EC43990E-7FFE-4242-94B2-3294D1D9690A.aplzod
2017-08-15 15:27 - 2017-08-09 21:08 - 000000000 ___RD C:\Users\chiefmissile\iCloudDrive
2017-08-15 13:42 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-08-14 16:11 - 2016-10-03 14:17 - 000000000 ____D C:\Users\chiefmissile\AppData\Local\ConnectedDevicesPlatform
2017-08-14 16:00 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-14 16:00 - 2016-04-27 00:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-14 15:58 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-14 15:57 - 2017-08-01 18:49 - 000000000 ___DC C:\WINDOWS\Panther
2017-08-14 15:03 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-08-14 15:03 - 2017-03-18 06:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-14 14:57 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Registration
2017-08-14 14:57 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-08-14 14:48 - 2017-03-19 22:44 - 000000000 ____D C:\WINDOWS\HoloShell
2017-08-14 14:47 - 2014-01-19 13:37 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-08-14 14:45 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-14 14:44 - 2017-03-18 16:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-08-14 14:39 - 2017-08-09 21:08 - 000000000 ____D C:\Users\chiefmissile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2017-08-14 14:33 - 2017-07-20 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-08-14 14:33 - 2017-07-20 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-08-14 14:33 - 2017-07-03 21:03 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-08-14 14:33 - 2016-10-08 01:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-08-14 14:33 - 2016-10-03 10:48 - 000000000 ____D C:\Program Files\IDT
2017-08-14 14:33 - 2016-09-07 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Program Uninstaller
2017-08-14 14:33 - 2016-07-06 16:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-08-14 14:33 - 2016-04-27 00:22 - 000000000 ____D C:\WINDOWS\ShellNew
2017-08-14 14:33 - 2015-12-14 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead VideoStudio SE DVD
2017-08-14 14:33 - 2015-04-15 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-08-14 14:33 - 2015-03-26 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-08-14 14:33 - 2015-02-13 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2017-08-14 14:33 - 2014-03-12 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-08-14 14:33 - 2013-09-18 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-08-14 14:33 - 2013-08-22 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2017-08-14 14:33 - 2013-08-01 02:53 - 000000000 ____D C:\Users\chiefmissile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2017-08-14 14:33 - 2013-08-01 02:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2017-08-14 14:33 - 2013-05-11 11:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars Battlefront II
2017-08-14 14:33 - 2013-04-07 04:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-08-14 14:33 - 2013-03-04 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WBFS Manager
2017-08-14 14:33 - 2013-01-31 14:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-08-14 14:33 - 2013-01-11 07:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2017-08-14 14:33 - 2012-10-10 14:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2017-08-14 14:33 - 2012-08-16 15:31 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-08-14 14:33 - 2012-08-16 15:26 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-08-14 14:33 - 2012-08-16 15:14 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-08-14 14:33 - 2012-08-16 15:14 - 000000000 ____D C:\WINDOWS\en
2017-08-14 14:13 - 2017-03-19 22:41 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-08-14 14:13 - 2017-03-19 22:41 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-08-14 14:13 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-14 14:12 - 2017-03-19 22:41 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-08-14 14:12 - 2017-03-19 22:41 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\IME
2017-08-14 14:12 - 2016-10-03 10:48 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2017-08-14 14:12 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-08-14 14:12 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-08-14 14:04 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-08-14 14:04 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Resources
2017-08-14 14:04 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\InputMethod
2017-08-14 14:03 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-14 14:03 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-14 14:03 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-14 14:03 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-14 14:03 - 2015-03-28 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amlogic
2017-08-14 14:03 - 2013-08-01 03:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2017-08-14 14:03 - 2013-05-30 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
2017-08-14 14:03 - 2012-08-16 15:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2017-08-14 14:03 - 2012-07-26 13:40 - 000000000 ____D C:\Program Files\Hewlett-Packard
2017-08-14 14:01 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-08-14 14:01 - 2013-08-22 10:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-08-14 13:58 - 2015-11-24 09:53 - 000000000 ____D C:\Users\chiefmissile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ABC Self Assessment
2017-08-14 13:56 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-08-14 13:51 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-08-14 13:50 - 2017-03-18 16:03 - 000000000 __RSD C:\WINDOWS\Media
2017-08-14 13:50 - 2013-07-22 09:48 - 000000000 ____D C:\AMD
2017-08-14 08:42 - 2017-03-18 16:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-08-14 08:31 - 2017-03-18 16:06 - 000000000 ____D C:\WINDOWS\Setup
2017-08-14 08:29 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-14 08:29 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-14 08:29 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-14 08:29 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-14 08:10 - 2017-03-19 22:43 - 000000000 ____D C:\WINDOWS\OCR
2017-08-14 08:03 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-08-14 08:03 - 2017-03-18 15:59 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-08-14 08:03 - 2017-03-18 15:59 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-08-14 08:03 - 2017-03-18 15:59 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-08-12 14:20 - 2013-08-03 06:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-12 14:19 - 2013-01-11 08:22 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2016-03-12 17:56 - 2016-04-08 12:56 - 000000138 _____ () C:\Users\chiefmissile\AppData\Roaming\WB.CFG
2013-09-09 17:51 - 2013-09-09 17:51 - 000000017 _____ () C:\Users\chiefmissile\AppData\Local\resmon.resmoncfg
2016-07-06 16:41 - 2016-07-06 16:41 - 000000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-09 11:55

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by chiefmissile (09-09-2017 13:02:23)
Running from C:\Users\chiefmissile\AppData\Local\Microsoft\Windows\INetCache\IE\EB4X8JV3
Windows 10 Home Version 1703 (X64) (2017-08-14 20:57:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-249715362-3715089036-736331460-500 - Administrator - Disabled)
Andrew (S-1-5-21-249715362-3715089036-736331460-1002 - Administrator - Enabled) => C:\Users\Andrew
chiefmissile (S-1-5-21-249715362-3715089036-736331460-1004 - Administrator - Enabled) => C:\Users\chiefmissile
DefaultAccount (S-1-5-21-249715362-3715089036-736331460-503 - Limited - Disabled)
Guest (S-1-5-21-249715362-3715089036-736331460-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABC SA100 Tax Return 2015 (HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\ABC Self Assessment ABC SA100 Tax Return 2015) (Version: 15.0.16.0 - ABC Self Assessment)
ABC SA100 Tax Return 2016 (HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\ABC Self Assessment ABC SA100 Tax Return 2016) (Version: 16.1.13.0 - ABC Self Assessment)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.138 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{FA378CD1-F32D-4610-9884-3902DF8AF826}) (Version: 2.3.8 - Amazon) <==== ATTENTION
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.4.19.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.7.27.15 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
ROBLOX Studio for chiefmissile (HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars Battlefront II (HKLM-x32\...\Star Wars Battlefront II_is1) (Version: - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Ulead VideoStudio SE DVD (HKLM-x32\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version: - Microsoft)
USB_Burning_Tool (HKLM-x32\...\{0F91E44C-2FAD-4298-8051-40E52C7E1341}_is1) (Version: 1.0.69 - Amlogic, Inc.)
USB2.0 Grabber (HKLM-x32\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.003 - Youyan)
USB2.0 Grabber (HKLM-x32\...\USB2.0 Grabber) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WBFS Manager 4.0 (HKLM\...\{D34C07CA-DCF0-4A5C-A4DD-55522B17F4F2}) (Version: 4.0 - WBFS)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - libusb-win32 WorldCup Device (02/23/2013 1.2.6.0) (HKLM\...\607E81836F3E58EDC7289F7B7047149AE2C7F301) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Wise Program Uninstaller 1.96 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.96 - WiseCleaner.com, Inc.)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ContextMenuHandlers1: [Arcsoft] -> {0572F6AE-950B-4ae1-80F4-9065417ABB21} => -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-06-22] (Cyberlink)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-07-14] (Apple Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-06-22] (Cyberlink)
ContextMenuHandlers2-x32: [Ulead UDF Driver] -> {DBD8E168-244D-448C-9922-25508950D1DC} => C:\Program Files (x86)\Common Files\Ulead Systems\DVD\USIShex.dll [2005-03-02] (Ulead Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [Arcsoft] -> {0572F6AE-950B-4ae1-80F4-9065417ABB21} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2013-08-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Arcsoft] -> {0572F6AE-950B-4ae1-80F4-9065417ABB21} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2013-08-06] (Piriform Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {026FEB2F-4CA2-4EAE-BE23-945C8976A679} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {05420A83-667B-447E-AE6E-190F73997830} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {0C3E79FD-7445-43F7-8DB6-D1EB730D9466} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {165A4148-E876-45C9-A47D-E599F5C47760} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2013-03-15] () <==== ATTENTION
Task: {1ABB0014-D763-460F-873F-DEDA3689692B} - System32\Tasks\{291124A0-BF46-4528-82D5-73ECCB1CE97C} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {1CF83ACB-72A5-460A-A02F-ED8503A5E6CC} - System32\Tasks\UpdateTask => C:\Users\CHIEFM~1\AppData\Local\{05E83~1\UNINST~1.EXE
Task: {217627ED-7155-46FA-9D0D-AF372549C35A} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2013-03-15] () <==== ATTENTION
Task: {22184229-FCB4-4071-BD57-D7071E7726E8} - System32\Tasks\HPCeeScheduleForchiefmissile => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {312D1346-6EAA-4C4E-81D4-D19368DDBC93} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {32D5ADF0-6982-4666-B860-CE9886068E55} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {445E4392-EE56-440D-8017-6AE09C453C3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {454B80EE-BD10-4D55-8A13-68E573F3CF27} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {53E1D019-1BE6-48E7-8C55-902841FDE67D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {577DF6FB-884A-4432-B559-AA5D3AE5408F} - \WPD\SqmUpload_S-1-5-21-249715362-3715089036-736331460-1004 -> No File <==== ATTENTION
Task: {5A3544E1-CC55-431D-8F78-4865E50039D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {603AF9EB-362B-41F8-B3CC-5312BF45FD72} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe <==== ATTENTION
Task: {7034E18D-47F6-4932-8007-CB82EE2BE80C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7617A0F9-B584-4365-B43A-B17873B24AD8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {776AC2C7-A585-4B70-A5D3-005331083B2B} - System32\Tasks\Microsoft\Windows\PLA\System\{E7340372-92D3-4EDE-B718-3DA3FA83D26D}_System Diagnostics => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {7A9B9162-332C-4F43-B4C3-809AF76DAEB6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-08-12] (Microsoft Corporation)
Task: {7CDBE0A6-6521-48B5-8E48-763B33BFEBDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN5AEF30CJ => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {7E054E96-45FC-453D-A72D-71970C9B468B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {87844B17-83A5-4EDA-A1BD-899925A255C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {8DEC89AD-2A1D-42EA-9AEB-142F3B53B576} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.)
Task: {9CB251C9-7571-4B03-A0A7-33D8438FD4E3} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {9E8F4846-67CD-4CDC-9025-AFBAAFB233A9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {AA00C2F6-5B22-42FD-B21C-F4A82D1B506D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B142D05A-0AC1-429D-864E-8FB27232E3B6} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {B76B698A-52DA-47DC-9192-A4248CE450D2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {BB77B5C3-57C7-49CF-9B14-8FD4A14A5511} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {C86A685B-0095-41C6-91B5-486DE92ED0E5} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-07-14] (Apple Inc.)
Task: {CE661CB5-0F6E-41B0-BDFA-5D4DC6489351} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CF0FFB16-7088-4756-B567-A5A885B11A8C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {CF7E6348-65C5-435D-BCB7-1E2B3FD876CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {D85845EB-47A4-4201-B3A5-458A543CA704} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D9C117E4-DD91-4D18-A3FD-DC7BAE3EF4D1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {DDEE955C-5A53-476E-90A2-944873DB1BD1} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {E2436B16-D46F-4F00-B04F-AB7DBC7920ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {E3F5CB51-DF88-471D-9CEC-8CB7A2E0DB0E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {F1FBCA53-9D72-4CCA-87F4-ABECB93677E2} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.)
Task: {FF05ABA1-E321-4374-8990-1123F8715AC7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {FFB61A8C-7E48-4911-9A32-838BE4E069F7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForchiefmissile.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\UpdateTask.job => C:\Users\CHIEFM~1\AppData\Local\{05E83~1\UNINST~1.EXE

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-08-21 22:09 - 2015-08-21 22:09 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 15:59 - 2017-03-19 22:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-21 15:27 - 2015-07-21 15:27 - 000238248 _____ () C:\Program Files\Microsoft Office\Office15\IEAWSDC.DLL
2016-04-27 00:24 - 2016-04-27 00:24 - 003342848 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe\CallsCore.dll
2016-04-27 00:24 - 2016-04-27 00:24 - 000366592 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe\CallsPresenters.dll
2013-06-22 09:34 - 2012-06-07 22:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 05:34 - 2012-06-08 05:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-10-07 21:22 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-249715362-3715089036-736331460-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.100.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "CanonSolutionMenu"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP Quick Launch"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "CheckRun22find_uninstaller"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "UVS10 Preload"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "WiTopia"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "FileHippo.com"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "EPSON Stylus CX7800 Series"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "iLivid"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "NETGEARGenie"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CD935F03-B9A1-4996-B45A-B89C69155009}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{919DBD19-8033-43E7-A822-465022826134}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BF911831-E2C8-4E3A-B788-35B05B3E7EE7}] => (Allow) LPort=5357
FirewallRules: [{0B19A5D4-8084-4625-9070-F4C88AC4FA43}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{CDC35B42-D875-49ED-AAE2-9D0D62451629}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{7B4D9E65-2F9F-4060-BF69-8E511AA525D6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{02EB0D59-75AF-43BB-AF95-630B026FC9F8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{F40AF0D5-37B1-4BCA-87F4-B83ADA43E960}] => (Allow) C:\Users\chiefmissile\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{64724907-BF92-4D34-9244-43166E4C21A6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AFD786F1-2BCB-4DE1-9898-738C474BDBE9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2A68A6AA-3730-40FA-B9B5-8D5D3374B2EC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1266708D-0902-4083-A25B-E6538AF0EC42}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{A5ED820C-F8FE-4D58-A4B1-55CBAF6C4D77}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{EF289E61-6EE9-4F76-9436-E9125022FA2A}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{9922D39D-8207-43D6-BC1C-81841DA5AE82}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1BEF48EF-6072-421A-8229-D4CD8AFD3B5D}] => (Allow) LPort=2869
FirewallRules: [{BA6E5C22-B696-4FC1-B8CA-F85D1810CFBC}] => (Allow) LPort=1900
FirewallRules: [{A347DBE9-F04A-4C2F-A6CE-5AF7A21D616B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{83A405B6-8D27-4334-96EB-FF5A0DF0587E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{44A3EC5F-AD3D-4C67-8B88-6BD1EFBD9F34}] => (Allow) C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
FirewallRules: [{480F0BDA-7E77-4825-B103-877AA3DA6159}] => (Allow) C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
FirewallRules: [{4AE06243-B3DB-4D50-BC40-EA5A10525D04}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CFA53D13-C2C4-4813-9013-C06732351EC9}] => (Allow) C:\Users\chiefmissile\AppData\Local\Temp\7zS31C3\HPDiagnosticCoreUI.exe
FirewallRules: [{A60BA4F1-92A1-4B4B-83A3-F3A90CE8192C}] => (Allow) C:\Users\chiefmissile\AppData\Local\Temp\7zS31C3\HPDiagnosticCoreUI.exe

==================== Restore Points =========================

21-08-2017 18:36:31 Windows Update
06-09-2017 20:02:57 Removed Apple Application Support (32-bit)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2017 11:57:50 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/09/2017 11:54:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Drew)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/09/2017 11:54:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Drew)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/09/2017 11:54:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Drew)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/09/2017 11:54:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Drew)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/06/2017 08:34:59 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/06/2017 07:12:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: ntdll.dll, version: 10.0.15063.447, time stamp: 0xa329d3a8
Exception code: 0xc0000409
Fault offset: 0x00000000000aa020
Faulting process ID: 0x141c
Faulting application start time: 0x01d3276a1f5ec0ae
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 41707896-7428-446b-ae04-2d62188792d3
Faulting package full name:
Faulting package-relative application ID:

Error: (08/30/2017 04:23:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/29/2017 09:16:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPSF.exe, version: 8.4.14.41, time stamp: 0x58e71513
Faulting module name: KERNELBASE.dll, version: 10.0.15063.502, time stamp: 0x005405b5
Exception code: 0xe0434352
Fault offset: 0x0000000000069e08
Faulting process ID: 0xbe0
Faulting application start time: 0x01d32135d18b2baf
Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 3c088b31-3bad-4bc9-9b40-b83500b597c9
Faulting package full name:
Faulting package-relative application ID:

Error: (08/29/2017 09:16:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPSF.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at HP.SupportFramework.Common.SystemInformation.HPSystemInformation..ctor()
at HP.SupportAssistant.Engine.DeviceDetect.DeviceDetection..cctor()

Exception Info: System.TypeInitializationException
at HP.SupportAssistant.Engine.DeviceDetect.DeviceDetection.get_Instance()
at HP.SupportAssistant.HPSA_UI.App.SetProductType()
at HP.SupportAssistant.HPSA_UI.App.AppStartThread()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()


System errors:
=============
Error: (09/09/2017 11:54:58 AM) (Source: DCOM) (EventID: 10001) (User: Drew)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppX360dyffbd5crx5cph6sy881bkkccrbr0.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (09/09/2017 11:54:57 AM) (Source: DCOM) (EventID: 10001) (User: Drew)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppX04pd7c08vp6n3e61x3m3pwabbpcpjk5f.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (09/09/2017 11:54:57 AM) (Source: DCOM) (EventID: 10001) (User: Drew)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (09/09/2017 11:54:57 AM) (Source: DCOM) (EventID: 10001) (User: Drew)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppX6jbm6fjqte5wzzrf5807m7eq0z44q5gf.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (09/09/2017 11:54:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (09/09/2017 11:54:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2017 03:07:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2017 03:07:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (09/06/2017 10:31:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/06/2017 10:31:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error


CodeIntegrity:
===================================
Date: 2017-09-06 18:55:01.766
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-06 18:55:01.753
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-29 21:22:14.340
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-29 21:22:14.333
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-23 11:10:12.923
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-23 11:10:12.909
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-21 19:35:37.505
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-21 19:35:37.495
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-21 19:35:37.082
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-21 19:35:37.075
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD E2-1800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 7778.26 MB
Available physical RAM: 4832.79 MB
Total Virtual: 9698.26 MB
Available Virtual: 6807.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:909.94 GB) (Free:389.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.8 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E28E0A4)

Partition: GPT.

==================== End of Addition.txt ============================

 

Dear Broni,

Thanks very much for your comprehensive instructions. Since starting the process my computer is a little better, but not at full operational functionality. I have posted the requested logs, nothing standing out apart from the Malwarebytes where 13 items were removed, hope you can spot something that will resolve my issues.


RogueKiller V12.11.14.0 (x64) [Sep 11 2017] (Free) by Adlice Software
mail : Contact - Adlice Software
Feedback : Adlice forum - Home
Website : RogueKiller Anti-Malware Free Download - Official Website
Blog : Adlice Software - The Best Security Software, for FREE

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : chiefmissile [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 09/11/2017 20:21:13 (Duration : 02:32:02)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Reimage -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\IBUpdaterService -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\IBUpdaterService -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\IBUpdaterService -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\IBUpdaterService -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-249715362-3715089036-736331460-1004\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-249715362-3715089036-736331460-1004\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected

¤¤¤ Tasks : 2 ¤¤¤
[PUP.Gen0] %WINDIR%\Tasks\UpdateTask.job -- C:\Users\CHIEFM~1\AppData\Local\{05E83~1\UNINST~1.EXE (/Check) -> Not selected
[Suspicious.Path] \UpdateTask -- C:\Users\CHIEFM~1\AppData\Local\{05E83~1\UNINST~1.EXE (/Check) -> Not selected

¤¤¤ Files : 3 ¤¤¤
[PUP.Gen1][Folder] C:\Users\chiefmissile\AppData\Roaming\Gameo -> Deleted
[PUP.Gen1][File] C:\Users\chiefmissile\AppData\Roaming\Gameo\d3dcompiler_46.dll -> Deleted
[PUP.Gen1][File] C:\Users\chiefmissile\AppData\Roaming\Gameo\gameo.exe -> Deleted
[PUP.Gen1][File] C:\Users\chiefmissile\AppData\Roaming\Gameo\icudtl.dat -> Deleted
[PUP.Gen1][File] C:\Users\chiefmissile\AppData\Roaming\Gameo\libEGL.dll -> Deleted
[PUP.Gen1][File] C:\Users\chiefmissile\AppData\Roaming\Gameo\libGLESv2.dll -> Deleted
[PUP.Gen1][File] C:\Users\chiefmissile\AppData\Roaming\Gameo\nw.pak -> Deleted
[PUP.Gen1][Folder] C:\Users\chiefmissile\AppData\Local\YSearchUtil -> Deleted
[PUP.Gen1][Folder] C:\Users\chiefmissile\AppData\Local\YSearchUtil\CrashLogs -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\yset -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{C305CBA4-5AE4-3448-8677-7D29EF0AA816}\unset.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{C305CBA4-5AE4-3448-8677-7D29EF0AA816}\YSearchSetTool.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{C305CBA4-5AE4-3448-8677-7D29EF0AA816}\YSearchUtil.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{C305CBA4-5AE4-3448-8677-7D29EF0AA816}\YSearchUtilSVC.exe -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\yset\{C305CBA4-5AE4-3448-8677-7D29EF0AA816} -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUM.NewTab][Firefox:Config] id0a5pwk.default : user_pref("browser.newtab.url", "Amazon Web Search"); -> Not selected
[PUM.SearchEngine][Firefox:Config] id0a5pwk.default : user_pref("browser.search.selectedEngine", "Search Provided by Yahoo"); -> Not selected
[PUM.SearchEngine][Firefox:Config] id0a5pwk.default : user_pref("browser.search.defaultenginename", "Search Provided by Yahoo"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 SATA Disk Device +++++
--- User ---
[MBR] 1504d674c6b2dddf5ae31bd94d063999
[BSP] f21676c9aaf6833f61d6cc5f5b227a91 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 931783 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1909909504 | Size: 1024 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1912006656 | Size: 20272 MB
User = LL1 ... OK
User = LL2 ... OK

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/09/2017
Scan Time: 23:02
Logfile: log file 2.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.09.12.02
Rootkit Database: v2017.08.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: chiefmissile

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372791
Time Elapsed: 22 hr, 24 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

# AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 13 03:11:11 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: Customer Support & Help Center

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

Deleted: C:\Users\chiefmissile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: iorrt
Deleted: updateTask


***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{2C09954F-CDA8-4BD1-8794-1D543E050378}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{2F137995-4D26-44AD-9C4E-91055090A817}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CheckRun22find_uninstaller
Deleted: [Value] - HKU\S-1-5-21-249715362-3715089036-736331460-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SDP
Deleted: [Value] - HKU\S-1-5-21-249715362-3715089036-736331460-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Pokki
Deleted: [Value] - HKU\S-1-5-21-249715362-3715089036-736331460-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SearchProtect
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|SearchProtectAll
Deleted: [Value] - HKU\S-1-5-21-249715362-3715089036-736331460-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|iLivid
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\Amazon1ButtonBrowserHelper.dll
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Deleted: [Key] - HKLM\SOFTWARE\Reimage
Deleted: [Key] - HKU\.DEFAULT\Software\IBUpdaterService
Deleted: [Key] - HKU\S-1-5-18\Software\IBUpdaterService
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\iLividSetup-r905-n-bi.exe


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [17563 B] - [2015/3/26 14:36:44]
C:/AdwCleaner/AdwCleaner[S1].txt - [5768 B] - [2017/9/13 3:9:23]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by chiefmissile (Administrator) on 13/09/2017 at 17:27:19.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/09/2017 at 18:15:24.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-09-2017 02
Ran by chiefmissile (administrator) on DREW (13-09-2017 21:06:52)
Running from C:\Users\chiefmissile\AppData\Local\Microsoft\Windows\INetCache\IE\WCWR9UOR
Loaded Profiles: chiefmissile (Available Profiles: Andrew & chiefmissile)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-09] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1707632 2012-09-10] (CyberLink Corp.)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [695808 2014-09-10] (FileHippo.com)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [EPSON Stylus CX7800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAFA.EXE [211968 2007-01-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [Chromium] => c:\users\chiefmissile\appdata\local\chromium\application\chrome.exe [1043456 2016-01-26] (The Chromium Authors)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-07-14] (Apple Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{20745ea2-fd18-4f8e-a663-f970727190d5}: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{c778119d-796f-43c9-bdac-47fd841a4e01}: [DhcpNameServer] 192.168.100.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/2
HKU\S-1-5-21-249715362-3715089036-736331460-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.co.uk/
SearchScopes: HKLM -> {00FFC827-6B2B-4007-91B2-D317BD4A2E22} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-249715362-3715089036-736331460-1004 -> {6BE3BFC0-6F38-4AA8-8850-79B535964028} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&intl=ca&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-06] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-06] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: id0a5pwk.default
FF ProfilePath: C:\Users\chiefmissile\AppData\Roaming\Mozilla\Firefox\Profiles\id0a5pwk.default [2017-09-06]
FF NewTab: Mozilla\Firefox\Profiles\id0a5pwk.default -> hxxps://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p10_serp_ff_ca_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_abc6b219_1201_1401_20160401_CA_ff_nt_
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\id0a5pwk.default -> Search Provided by Yahoo
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\id0a5pwk.default -> Amazon
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\id0a5pwk.default -> Search Provided by Yahoo
FF Homepage: Mozilla\Firefox\Profiles\id0a5pwk.default -> hxxp://yahoo.co.uk/
FF Extension: (Firefox Hotfix) - C:\Users\chiefmissile\AppData\Roaming\Mozilla\Firefox\Profiles\id0a5pwk.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-28]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\chiefmissile\AppData\Roaming\Mozilla\Firefox\Profiles\id0a5pwk.default\features\{19737b49-929b-4369-b7fb-46c6183dc991}\malware-remediation@mozilla.org.xpi [2016-11-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://uk.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default [2017-09-12]
CHR Extension: (Google Slides) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-04]
CHR Extension: (Google Docs) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-04]
CHR Extension: (Google Drive) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-04]
CHR Extension: (YouTube) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-04]
CHR Extension: (Google Sheets) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-05]
CHR Extension: (Yahoo Partner) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibbfklbaljofpaanmpaeadejijfdddco [2017-04-23]
CHR Extension: (HP Network Check Launcher) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-04-25]
CHR Extension: (ThemeBeta.com) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodnijmalidaijhflljmplhpdcgmfkno [2016-11-05]
CHR Extension: (Skype) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-08-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-04]
CHR Extension: (Chrome Media Router) - C:\Users\chiefmissile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR HKLM-x32\...\Chrome\Extension: [ibbfklbaljofpaanmpaeadejijfdddco] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-13] (Macrovision Corporation) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U5 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [645952 2012-07-31] (Intel Corporation)
R1 MpKsl09002da9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1052786F-C2E0-4763-98EC-7331C1EEFA5F}\MpKsl09002da9.sys [44928 2017-09-12] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-04-11] (CACE Technologies, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 StkCMini; C:\WINDOWS\System32\Drivers\StkCMini.sys [1917576 2010-06-07] (Syntek)
S3 visctap0901; C:\WINDOWS\system32\DRIVERS\visctap0901.sys [38368 2012-12-12] (The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-13 17:48 - 2017-09-13 17:48 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-09-12 22:27 - 2017-09-12 22:27 - 001790024 _____ (Malwarebytes) C:\Users\chiefmissile\Desktop\JRT.exe
2017-09-12 22:03 - 2017-09-12 22:03 - 008182736 _____ (Malwarebytes) C:\Users\chiefmissile\Desktop\AdwCleaner.exe
2017-09-11 21:22 - 2017-09-13 21:01 - 000000000 ____D C:\Users\chiefmissile\Desktop\log files
2017-09-11 20:21 - 2017-09-11 20:21 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-11 20:20 - 2017-09-11 22:58 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-11 20:20 - 2017-09-11 20:20 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-09-11 20:20 - 2017-09-11 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-09-11 20:20 - 2017-09-11 20:20 - 000000000 ____D C:\Program Files\RogueKiller
2017-09-11 20:17 - 2017-09-11 20:17 - 035835424 _____ (Adlice Software ) C:\Users\chiefmissile\Desktop\RogueKiller_setup_ref3.exe
2017-09-09 12:31 - 2017-09-09 12:31 - 000000000 ____D C:\Users\chiefmissile\AppData\Roaming\HPPSDr
2017-09-09 12:30 - 2017-09-09 12:30 - 000961966 _____ C:\Users\chiefmissile\Desktop\F&C.pdf
2017-09-09 12:30 - 2017-09-09 12:30 - 000002081 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2017-08-21 20:06 - 2017-09-02 10:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-21 20:06 - 2017-09-02 10:15 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-21 19:59 - 2017-09-06 20:12 - 000088770 ____H C:\Users\chiefmissile\AppData\Local\IconCache.db.backup
2017-08-21 18:34 - 2017-07-31 21:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-21 18:34 - 2017-07-31 21:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-21 18:34 - 2017-07-31 21:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-21 18:34 - 2017-07-31 21:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-21 18:34 - 2017-07-31 21:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-21 18:34 - 2017-07-31 21:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-21 18:34 - 2017-07-31 21:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-21 18:34 - 2017-07-31 21:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-21 18:34 - 2017-07-31 21:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-21 18:34 - 2017-07-31 21:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-21 18:34 - 2017-07-31 21:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-21 18:34 - 2017-07-31 21:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-21 18:34 - 2017-07-31 21:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-21 18:34 - 2017-07-31 21:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-21 18:34 - 2017-07-31 21:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-21 18:34 - 2017-07-31 21:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-21 18:34 - 2017-07-31 21:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-21 18:34 - 2017-07-31 21:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-21 18:34 - 2017-07-31 21:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-21 18:34 - 2017-07-31 21:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-21 18:34 - 2017-07-31 21:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-21 18:34 - 2017-07-31 21:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-21 18:34 - 2017-07-31 21:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-21 18:34 - 2017-07-31 21:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-21 18:34 - 2017-07-31 21:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-21 18:34 - 2017-07-31 21:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-21 18:34 - 2017-07-31 21:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-21 18:34 - 2017-07-31 21:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-21 18:34 - 2017-07-31 21:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-21 18:34 - 2017-07-31 21:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-21 18:34 - 2017-07-31 21:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-21 18:34 - 2017-07-31 21:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-21 18:34 - 2017-07-31 21:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-21 18:34 - 2017-07-31 21:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-21 18:34 - 2017-07-31 21:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-21 18:34 - 2017-07-31 21:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-21 18:34 - 2017-07-31 21:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-21 18:34 - 2017-07-31 21:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-21 18:34 - 2017-07-31 21:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-21 18:34 - 2017-07-31 21:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-21 18:34 - 2017-07-31 21:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-21 18:34 - 2017-07-31 21:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-21 18:34 - 2017-07-31 21:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-21 18:34 - 2017-07-31 21:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-21 18:34 - 2017-07-31 21:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-21 18:34 - 2017-07-31 21:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-21 18:34 - 2017-07-31 20:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-21 18:34 - 2017-07-31 20:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-21 18:34 - 2017-07-31 20:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-21 18:34 - 2017-07-31 20:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-21 18:34 - 2017-07-31 20:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-21 18:34 - 2017-07-31 20:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-21 18:34 - 2017-07-31 20:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-21 18:34 - 2017-07-31 20:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-21 18:34 - 2017-07-31 20:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-21 18:34 - 2017-07-31 20:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-21 18:34 - 2017-07-31 20:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-21 18:34 - 2017-07-31 20:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-21 18:34 - 2017-07-31 20:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-21 18:34 - 2017-07-31 20:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-21 18:34 - 2017-07-31 20:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-21 18:34 - 2017-07-31 20:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-21 18:34 - 2017-07-31 20:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-21 18:34 - 2017-07-31 20:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-21 18:34 - 2017-07-31 20:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-21 18:34 - 2017-07-31 20:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-21 18:34 - 2017-07-31 20:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-21 18:34 - 2017-07-31 17:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-21 18:33 - 2017-07-31 21:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-21 18:33 - 2017-07-31 21:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-21 18:33 - 2017-07-31 21:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-21 18:33 - 2017-07-31 21:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-21 18:33 - 2017-07-31 21:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-21 18:33 - 2017-07-31 20:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-21 18:33 - 2017-07-31 20:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-21 18:33 - 2017-07-31 20:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-21 18:33 - 2017-07-31 20:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-21 18:33 - 2017-07-31 20:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-21 18:33 - 2017-07-31 20:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-21 18:33 - 2017-07-31 20:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-21 18:33 - 2017-07-31 20:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-21 18:33 - 2017-07-31 20:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-21 18:33 - 2017-07-31 20:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-21 18:33 - 2017-07-31 20:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-21 18:33 - 2017-07-31 20:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-21 18:33 - 2017-07-31 20:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-21 18:33 - 2017-07-31 20:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-21 18:33 - 2017-07-31 20:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-21 18:33 - 2017-07-31 20:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-21 18:33 - 2017-07-31 20:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-21 18:33 - 2017-07-31 20:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-21 18:33 - 2017-07-31 20:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-21 18:33 - 2017-07-31 20:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-21 18:33 - 2017-07-31 20:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-21 18:33 - 2017-07-31 20:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-21 18:33 - 2017-07-31 20:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-21 18:32 - 2017-08-21 18:33 - 000000000 ____D C:\Users\chiefmissile\Desktop\Canada Tax Return 2017
2017-08-14 16:03 - 2017-08-14 16:03 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-08-14 16:02 - 2017-08-14 16:02 - 000000000 ____D C:\Users\chiefmissile\AppData\Local\DBG
2017-08-14 15:59 - 2017-08-14 15:59 - 000000020 ___SH C:\Users\chiefmissile\ntuser.ini
2017-08-14 14:58 - 2017-08-14 15:02 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2017-08-14 14:58 - 2017-08-14 15:02 - 000011433 _____ C:\WINDOWS\diagerr.xml
2017-08-14 14:47 - 2017-09-12 22:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-14 14:47 - 2017-09-12 20:25 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-08-14 14:47 - 2017-09-11 10:52 - 000003290 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForchiefmissile
2017-08-14 14:47 - 2017-09-09 12:15 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-249715362-3715089036-736331460-1004
2017-08-14 14:47 - 2017-08-14 14:48 - 000002808 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-249715362-3715089036-736331460-1004
2017-08-14 14:47 - 2017-08-14 14:48 - 000002506 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8610
2017-08-14 14:47 - 2017-08-14 14:48 - 000002484 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2017-08-14 14:47 - 2017-08-14 14:48 - 000002036 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-08-14 14:47 - 2017-08-14 14:47 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-14 14:47 - 2017-08-14 14:47 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-14 14:47 - 2017-08-14 14:47 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-14 14:47 - 2017-08-14 14:47 - 000003076 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4727A29D-35BA-4549-92C8-2001EA697545}
2017-08-14 14:47 - 2017-08-14 14:47 - 000002352 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2017-08-14 14:47 - 2017-08-14 14:47 - 000002340 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2017-08-14 14:47 - 2017-08-14 14:47 - 000002314 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2017-08-14 14:47 - 2017-08-14 14:47 - 000002040 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2017-08-14 14:47 - 2017-08-14 14:47 - 000001994 _____ C:\WINDOWS\System32\Tasks\Hybrid
2017-08-14 14:47 - 2017-08-14 14:47 - 000001968 _____ C:\WINDOWS\System32\Tasks\{291124A0-BF46-4528-82D5-73ECCB1CE97C}
2017-08-14 14:47 - 2017-08-14 14:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-08-14 14:47 - 2017-08-14 14:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-08-14 14:47 - 2017-08-14 14:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-08-14 14:47 - 2017-08-14 14:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-08-14 14:47 - 2017-08-14 14:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-08-14 14:29 - 2017-08-14 14:29 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-08-14 14:01 - 2017-08-14 14:33 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-08-14 13:56 - 2017-08-14 13:56 - 000000000 ____D C:\ProgramData\USOShared
2017-08-14 13:54 - 2017-09-06 19:46 - 000000000 ____D C:\Users\chiefmissile
2017-08-14 13:54 - 2017-08-14 14:44 - 000000000 ____D C:\Users\Andrew
2017-08-14 13:52 - 2017-09-12 22:20 - 001041222 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-14 13:52 - 2017-08-14 14:33 - 000000000 ____D C:\Program Files\ATI Technologies
2017-08-14 13:52 - 2017-08-14 14:03 - 000000000 ____D C:\ProgramData\AMD
2017-08-14 13:52 - 2017-08-14 13:52 - 000939752 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-08-14 13:52 - 2017-08-14 13:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2017-08-14 13:51 - 2017-09-06 20:45 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-14 13:51 - 2017-08-14 13:52 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2017-08-14 13:51 - 2017-08-14 13:51 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-08-14 13:51 - 2017-08-14 13:51 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-08-14 13:51 - 2017-08-14 13:51 - 000000000 ____D C:\Program Files\Synaptics
2017-08-14 13:50 - 2017-08-14 13:50 - 000000000 _____ C:\WINDOWS\ativpsrm.bin
2017-08-14 13:49 - 2017-08-14 13:50 - 000000000 ____D C:\Program Files\AMD
2017-08-14 13:49 - 2017-03-18 15:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-08-14 13:44 - 2017-09-13 20:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-14 13:44 - 2017-08-21 20:05 - 000434384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-14 08:26 - 2017-08-14 08:26 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-14 08:26 - 2017-08-14 08:26 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-14 08:26 - 2017-08-14 08:26 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-14 08:26 - 2017-08-14 08:26 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-14 08:26 - 2017-08-14 08:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-14 08:08 - 2017-08-14 13:44 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-08-14 08:08 - 2017-08-14 08:08 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-08-14 08:03 - 2017-08-14 08:03 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-08-14 08:03 - 2017-08-14 08:03 - 000000000 ____D C:\Program Files\MSBuild
2017-08-14 08:03 - 2017-08-14 08:03 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-08-14 08:03 - 2017-08-14 08:03 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-08-14 08:03 - 2017-08-14 08:03 - 000000000 ____D C:\inetpub
2017-08-14 08:02 - 2017-02-10 06:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-08-14 08:02 - 2017-02-10 06:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-08-14 08:01 - 2017-02-10 06:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-08-14 08:01 - 2017-02-10 06:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-08-14 08:01 - 2017-02-10 06:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-08-14 08:01 - 2017-02-10 06:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

 

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-13 21:06 - 2015-03-26 09:26 - 000000000 ____D C:\FRST
2017-09-13 19:01 - 2015-09-24 09:39 - 000000000 ____D C:\Users\chiefmissile\Desktop\Desktop Word
2017-09-13 18:31 - 2015-10-14 11:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-09-13 18:18 - 2013-08-03 06:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 18:10 - 2013-01-11 08:22 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-13 18:09 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-13 17:48 - 2012-07-26 00:26 - 000000167 _____ C:\WINDOWS\win.ini
2017-09-13 17:47 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-13 17:46 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-12 22:12 - 2017-03-25 14:22 - 000000370 _____ C:\WINDOWS\Tasks\HPCeeScheduleForchiefmissile.job
2017-09-12 22:12 - 2017-03-18 06:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-09-12 22:11 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-09-12 22:09 - 2015-03-26 09:27 - 000000000 ____D C:\AdwCleaner
2017-09-12 20:24 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-12 20:24 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-11 23:01 - 2015-03-26 09:58 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-11 22:54 - 2017-04-20 20:46 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-09-11 20:25 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-11 11:07 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-09 12:38 - 2016-07-06 16:42 - 000000000 ____D C:\ProgramData\HP
2017-09-09 12:16 - 2016-07-06 16:42 - 000000000 ____D C:\Program Files (x86)\HP
2017-09-09 12:12 - 2016-07-28 04:32 - 000002418 _____ C:\Users\chiefmissile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-09 12:12 - 2016-07-28 04:32 - 000000000 ___RD C:\Users\chiefmissile\OneDrive
2017-09-09 11:56 - 2013-01-24 06:00 - 000000000 ____D C:\Users\chiefmissile\AppData\Local\ElevatedDiagnostics
2017-09-06 22:38 - 2015-09-24 09:37 - 000000000 ____D C:\Users\chiefmissile\Desktop\Desktop PDF
2017-09-06 20:51 - 2012-10-10 14:12 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-09-06 20:51 - 2012-08-16 15:05 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-09-06 20:51 - 2012-08-16 15:04 - 000000000 ____D C:\Program Files (x86)\CyberLink
2017-09-06 20:51 - 2012-08-16 15:02 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-06 20:45 - 2013-08-22 00:05 - 000000000 ____D C:\Program Files (x86)\Garmin
2017-09-06 20:45 - 2013-08-21 20:32 - 000000000 ____D C:\Users\chiefmissile\AppData\Roaming\Garmin
2017-09-06 20:45 - 2013-08-21 20:29 - 000000000 ____D C:\Users\chiefmissile\Documents\Garmin
2017-09-06 20:45 - 2013-08-21 20:28 - 000000000 ____D C:\Users\chiefmissile\AppData\Local\Garmin
2017-09-06 20:45 - 2013-08-21 20:27 - 000000000 ____D C:\ProgramData\Garmin
2017-09-06 20:44 - 2013-01-11 07:15 - 000000000 ____D C:\Users\chiefmissile\AppData\Local\Packages
2017-09-06 20:43 - 2012-08-16 15:02 - 000000000 ____D C:\ProgramData\install_clap
2017-09-06 20:41 - 2013-02-04 06:27 - 000000000 ____D C:\Users\chiefmissile\AppData\Roaming\Canon
2017-09-06 20:41 - 2013-01-24 07:22 - 000000000 ____D C:\Program Files (x86)\Canon
2017-09-06 20:40 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-06 20:26 - 2016-03-21 15:11 - 000000000 ____D C:\Users\chiefmissile\Desktop\Spanish Sale docs
2017-09-06 20:25 - 2016-02-06 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-09-06 20:25 - 2014-09-26 10:05 - 000000000 ____D C:\Program Files\Java
2017-09-06 20:23 - 2016-02-17 17:43 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-09-06 20:13 - 2013-09-18 22:08 - 000000000 ____D C:\Program Files (x86)\epson
2017-09-06 20:08 - 2016-03-21 15:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-06 20:07 - 2016-08-04 19:28 - 000000000 ____D C:\Users\chiefmissile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-09-06 20:06 - 2014-08-29 14:35 - 000000000 ____D C:\Program Files (x86)\Java
2017-08-29 21:24 - 2016-09-15 17:44 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-29 21:24 - 2016-09-15 17:44 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-29 21:21 - 2013-05-06 14:56 - 000000000 ____D C:\Users\chiefmissile\Documents\Cathie
2017-08-29 21:18 - 2015-11-02 11:27 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-21 20:06 - 2014-03-02 16:10 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-08-20 13:01 - 2013-01-14 09:16 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-15 17:01 - 2017-08-09 21:08 - 000000000 ____D C:\Users\chiefmissile\AppData\Local\EC43990E-7FFE-4242-94B2-3294D1D9690A.aplzod
2017-08-15 15:27 - 2017-08-09 21:08 - 000000000 ___RD C:\Users\chiefmissile\iCloudDrive
2017-08-15 13:42 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-08-14 16:11 - 2016-10-03 14:17 - 000000000 ____D C:\Users\chiefmissile\AppData\Local\ConnectedDevicesPlatform
2017-08-14 16:00 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-14 16:00 - 2016-04-27 00:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-14 15:57 - 2017-08-01 18:49 - 000000000 ___DC C:\WINDOWS\Panther
2017-08-14 15:03 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-08-14 15:03 - 2017-03-18 06:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-14 14:57 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Registration
2017-08-14 14:48 - 2017-03-19 22:44 - 000000000 ____D C:\WINDOWS\HoloShell
2017-08-14 14:47 - 2014-01-19 13:37 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-08-14 14:45 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-14 14:44 - 2017-03-18 16:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-08-14 14:39 - 2017-08-09 21:08 - 000000000 ____D C:\Users\chiefmissile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2017-08-14 14:33 - 2017-07-20 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-08-14 14:33 - 2017-07-20 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-08-14 14:33 - 2017-07-03 21:03 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-08-14 14:33 - 2016-10-08 01:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-08-14 14:33 - 2016-10-03 10:48 - 000000000 ____D C:\Program Files\IDT
2017-08-14 14:33 - 2016-09-07 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Program Uninstaller
2017-08-14 14:33 - 2016-07-06 16:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-08-14 14:33 - 2016-04-27 00:22 - 000000000 ____D C:\WINDOWS\ShellNew
2017-08-14 14:33 - 2015-12-14 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead VideoStudio SE DVD
2017-08-14 14:33 - 2015-04-15 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-08-14 14:33 - 2015-03-26 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-08-14 14:33 - 2015-02-13 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2017-08-14 14:33 - 2014-03-12 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-08-14 14:33 - 2013-09-18 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-08-14 14:33 - 2013-08-22 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2017-08-14 14:33 - 2013-08-01 02:53 - 000000000 ____D C:\Users\chiefmissile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2017-08-14 14:33 - 2013-08-01 02:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2017-08-14 14:33 - 2013-05-11 11:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars Battlefront II
2017-08-14 14:33 - 2013-04-07 04:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-08-14 14:33 - 2013-03-04 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WBFS Manager
2017-08-14 14:33 - 2013-01-31 14:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-08-14 14:33 - 2013-01-11 07:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2017-08-14 14:33 - 2012-10-10 14:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2017-08-14 14:33 - 2012-08-16 15:31 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-08-14 14:33 - 2012-08-16 15:26 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-08-14 14:33 - 2012-08-16 15:14 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-08-14 14:33 - 2012-08-16 15:14 - 000000000 ____D C:\WINDOWS\en
2017-08-14 14:13 - 2017-03-19 22:41 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-08-14 14:13 - 2017-03-19 22:41 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-08-14 14:12 - 2017-03-19 22:41 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-08-14 14:12 - 2017-03-19 22:41 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-08-14 14:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\IME
2017-08-14 14:12 - 2016-10-03 10:48 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2017-08-14 14:12 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-08-14 14:12 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-08-14 14:04 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-08-14 14:04 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Resources
2017-08-14 14:04 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\InputMethod
2017-08-14 14:03 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-14 14:03 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-14 14:03 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-14 14:03 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-14 14:03 - 2015-03-28 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amlogic
2017-08-14 14:03 - 2013-08-01 03:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2017-08-14 14:03 - 2013-05-30 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
2017-08-14 14:03 - 2012-08-16 15:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2017-08-14 14:03 - 2012-07-26 13:40 - 000000000 ____D C:\Program Files\Hewlett-Packard
2017-08-14 14:01 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-08-14 14:01 - 2013-08-22 10:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-08-14 13:58 - 2015-11-24 09:53 - 000000000 ____D C:\Users\chiefmissile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ABC Self Assessment
2017-08-14 13:56 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-08-14 13:51 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-08-14 13:50 - 2017-03-18 16:03 - 000000000 __RSD C:\WINDOWS\Media
2017-08-14 13:50 - 2013-07-22 09:48 - 000000000 ____D C:\AMD
2017-08-14 08:42 - 2017-03-18 16:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-08-14 08:31 - 2017-03-18 16:06 - 000000000 ____D C:\WINDOWS\Setup
2017-08-14 08:29 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-14 08:29 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-14 08:29 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-14 08:29 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-14 08:10 - 2017-03-19 22:43 - 000000000 ____D C:\WINDOWS\OCR
2017-08-14 08:03 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-08-14 08:03 - 2017-03-18 15:59 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-08-14 08:03 - 2017-03-18 15:59 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-08-14 08:03 - 2017-03-18 15:59 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-08-14 08:03 - 2017-03-18 15:59 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll

==================== Files in the root of some directories =======

2016-03-12 17:56 - 2016-04-08 12:56 - 000000138 _____ () C:\Users\chiefmissile\AppData\Roaming\WB.CFG
2013-09-09 17:51 - 2013-09-09 17:51 - 000000017 _____ () C:\Users\chiefmissile\AppData\Local\resmon.resmoncfg
2016-07-06 16:41 - 2016-07-06 16:41 - 000000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
2017-09-11 20:20 - 2017-07-10 19:33 - 001930320 _____ (Microsoft Corporation) C:\Users\chiefmissile\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-11 22:55

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-09-2017 02
Ran by chiefmissile (13-09-2017 21:11:06)
Running from C:\Users\chiefmissile\AppData\Local\Microsoft\Windows\INetCache\IE\WCWR9UOR
Windows 10 Home Version 1703 (X64) (2017-08-14 20:57:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-249715362-3715089036-736331460-500 - Administrator - Disabled)
Andrew (S-1-5-21-249715362-3715089036-736331460-1002 - Administrator - Enabled) => C:\Users\Andrew
chiefmissile (S-1-5-21-249715362-3715089036-736331460-1004 - Administrator - Enabled) => C:\Users\chiefmissile
DefaultAccount (S-1-5-21-249715362-3715089036-736331460-503 - Limited - Disabled)
Guest (S-1-5-21-249715362-3715089036-736331460-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABC SA100 Tax Return 2015 (HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\ABC Self Assessment ABC SA100 Tax Return 2015) (Version: 15.0.16.0 - ABC Self Assessment)
ABC SA100 Tax Return 2016 (HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\ABC Self Assessment ABC SA100 Tax Return 2016) (Version: 16.1.13.0 - ABC Self Assessment)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.138 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.4.19.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.7.27.15 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
ROBLOX Studio for chiefmissile (HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
RogueKiller version 12.11.14.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.14.0 - Adlice Software)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars Battlefront II (HKLM-x32\...\Star Wars Battlefront II_is1) (Version: - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Ulead VideoStudio SE DVD (HKLM-x32\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
USB_Burning_Tool (HKLM-x32\...\{0F91E44C-2FAD-4298-8051-40E52C7E1341}_is1) (Version: 1.0.69 - Amlogic, Inc.)
USB2.0 Grabber (HKLM-x32\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.003 - Youyan)
USB2.0 Grabber (HKLM-x32\...\USB2.0 Grabber) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WBFS Manager 4.0 (HKLM\...\{D34C07CA-DCF0-4A5C-A4DD-55522B17F4F2}) (Version: 4.0 - WBFS)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - libusb-win32 WorldCup Device (02/23/2013 1.2.6.0) (HKLM\...\607E81836F3E58EDC7289F7B7047149AE2C7F301) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Wise Program Uninstaller 1.96 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.96 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ContextMenuHandlers1: [Arcsoft] -> {0572F6AE-950B-4ae1-80F4-9065417ABB21} => -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-06-22] (Cyberlink)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-07-14] (Apple Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-06-22] (Cyberlink)
ContextMenuHandlers2-x32: [Ulead UDF Driver] -> {DBD8E168-244D-448C-9922-25508950D1DC} => C:\Program Files (x86)\Common Files\Ulead Systems\DVD\USIShex.dll [2005-03-02] (Ulead Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [Arcsoft] -> {0572F6AE-950B-4ae1-80F4-9065417ABB21} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2013-08-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Arcsoft] -> {0572F6AE-950B-4ae1-80F4-9065417ABB21} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2013-08-06] (Piriform Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {026FEB2F-4CA2-4EAE-BE23-945C8976A679} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {05420A83-667B-447E-AE6E-190F73997830} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {0C3E79FD-7445-43F7-8DB6-D1EB730D9466} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {1ABB0014-D763-460F-873F-DEDA3689692B} - System32\Tasks\{291124A0-BF46-4528-82D5-73ECCB1CE97C} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {217627ED-7155-46FA-9D0D-AF372549C35A} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2013-03-15] () <==== ATTENTION
Task: {22184229-FCB4-4071-BD57-D7071E7726E8} - System32\Tasks\HPCeeScheduleForchiefmissile => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {312D1346-6EAA-4C4E-81D4-D19368DDBC93} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {32D5ADF0-6982-4666-B860-CE9886068E55} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {445E4392-EE56-440D-8017-6AE09C453C3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {454B80EE-BD10-4D55-8A13-68E573F3CF27} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {53E1D019-1BE6-48E7-8C55-902841FDE67D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {577DF6FB-884A-4432-B559-AA5D3AE5408F} - \WPD\SqmUpload_S-1-5-21-249715362-3715089036-736331460-1004 -> No File <==== ATTENTION
Task: {5A3544E1-CC55-431D-8F78-4865E50039D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {7034E18D-47F6-4932-8007-CB82EE2BE80C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7617A0F9-B584-4365-B43A-B17873B24AD8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {776AC2C7-A585-4B70-A5D3-005331083B2B} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{E7340372-92D3-4EDE-B718-3DA3FA83D26D}_System Diagnostics => Command(1): C:\Windows\system32\rundll32.exe -> C:\Windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {776AC2C7-A585-4B70-A5D3-005331083B2B} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{E7340372-92D3-4EDE-B718-3DA3FA83D26D}_System Diagnostics => Command(2): C:\Windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{E7340372-92D3-4EDE-B718-3DA3FA83D26D}_System Diagnostics"
Task: {7A9B9162-332C-4F43-B4C3-809AF76DAEB6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-13] (Microsoft Corporation)
Task: {7CDBE0A6-6521-48B5-8E48-763B33BFEBDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN5AEF30CJ => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {7E054E96-45FC-453D-A72D-71970C9B468B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {87844B17-83A5-4EDA-A1BD-899925A255C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {8DEC89AD-2A1D-42EA-9AEB-142F3B53B576} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.)
Task: {9CB251C9-7571-4B03-A0A7-33D8438FD4E3} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {9E8F4846-67CD-4CDC-9025-AFBAAFB233A9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {AA00C2F6-5B22-42FD-B21C-F4A82D1B506D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ABBC14D3-EA5F-48AA-A511-983DC92C3351} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {B142D05A-0AC1-429D-864E-8FB27232E3B6} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {BB77B5C3-57C7-49CF-9B14-8FD4A14A5511} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {C86A685B-0095-41C6-91B5-486DE92ED0E5} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-07-14] (Apple Inc.)
Task: {CE661CB5-0F6E-41B0-BDFA-5D4DC6489351} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CF0FFB16-7088-4756-B567-A5A885B11A8C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {CF7E6348-65C5-435D-BCB7-1E2B3FD876CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {D85845EB-47A4-4201-B3A5-458A543CA704} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D9C117E4-DD91-4D18-A3FD-DC7BAE3EF4D1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {DDEE955C-5A53-476E-90A2-944873DB1BD1} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {E2436B16-D46F-4F00-B04F-AB7DBC7920ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {E3F5CB51-DF88-471D-9CEC-8CB7A2E0DB0E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {F1FBCA53-9D72-4CCA-87F4-ABECB93677E2} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.)
Task: {FF05ABA1-E321-4374-8990-1123F8715AC7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {FFB61A8C-7E48-4911-9A32-838BE4E069F7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForchiefmissile.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-08-21 22:09 - 2015-08-21 22:09 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-03-18 15:59 - 2017-03-19 22:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-06 20:10 - 2017-09-06 20:11 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-09-06 20:10 - 2017-09-06 20:11 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-09-06 20:10 - 2017-09-06 20:11 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-09-06 20:10 - 2017-09-06 20:11 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-09-13 17:44 - 2017-09-13 17:44 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-13 17:44 - 2017-09-13 17:44 - 010634752 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-09-13 17:44 - 2017-09-13 17:44 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-08-14 08:26 - 2017-08-14 08:26 - 004125088 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-09-13 17:44 - 2017-09-13 17:44 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.21.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-10-07 21:22 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-249715362-3715089036-736331460-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.100.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "CanonSolutionMenu"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP Quick Launch"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "UVS10 Preload"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "WiTopia"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "FileHippo.com"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "EPSON Stylus CX7800 Series"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "NETGEARGenie"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-249715362-3715089036-736331460-1004\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CD935F03-B9A1-4996-B45A-B89C69155009}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{919DBD19-8033-43E7-A822-465022826134}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BF911831-E2C8-4E3A-B788-35B05B3E7EE7}] => (Allow) LPort=5357
FirewallRules: [{0B19A5D4-8084-4625-9070-F4C88AC4FA43}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{CDC35B42-D875-49ED-AAE2-9D0D62451629}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{7B4D9E65-2F9F-4060-BF69-8E511AA525D6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{02EB0D59-75AF-43BB-AF95-630B026FC9F8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{F40AF0D5-37B1-4BCA-87F4-B83ADA43E960}] => (Allow) C:\Users\chiefmissile\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{64724907-BF92-4D34-9244-43166E4C21A6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AFD786F1-2BCB-4DE1-9898-738C474BDBE9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2A68A6AA-3730-40FA-B9B5-8D5D3374B2EC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1266708D-0902-4083-A25B-E6538AF0EC42}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{A5ED820C-F8FE-4D58-A4B1-55CBAF6C4D77}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{EF289E61-6EE9-4F76-9436-E9125022FA2A}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{9922D39D-8207-43D6-BC1C-81841DA5AE82}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1BEF48EF-6072-421A-8229-D4CD8AFD3B5D}] => (Allow) LPort=2869
FirewallRules: [{BA6E5C22-B696-4FC1-B8CA-F85D1810CFBC}] => (Allow) LPort=1900
FirewallRules: [{A347DBE9-F04A-4C2F-A6CE-5AF7A21D616B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{83A405B6-8D27-4334-96EB-FF5A0DF0587E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{44A3EC5F-AD3D-4C67-8B88-6BD1EFBD9F34}] => (Allow) C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
FirewallRules: [{480F0BDA-7E77-4825-B103-877AA3DA6159}] => (Allow) C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
FirewallRules: [{4AE06243-B3DB-4D50-BC40-EA5A10525D04}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CFA53D13-C2C4-4813-9013-C06732351EC9}] => (Allow) C:\Users\chiefmissile\AppData\Local\Temp\7zS31C3\HPDiagnosticCoreUI.exe
FirewallRules: [{A60BA4F1-92A1-4B4B-83A3-F3A90CE8192C}] => (Allow) C:\Users\chiefmissile\AppData\Local\Temp\7zS31C3\HPDiagnosticCoreUI.exe

==================== Restore Points =========================

13-09-2017 17:44:29 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2017 08:58:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Drew)
Description: Package Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (09/13/2017 05:29:42 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (09/13/2017 05:21:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/13/2017 05:21:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (09/12/2017 10:37:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (09/12/2017 10:22:13 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/11/2017 10:45:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Drew)
Description: Package Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (09/09/2017 11:57:50 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/09/2017 11:54:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Drew)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/09/2017 11:54:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Drew)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (09/13/2017 08:58:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (09/13/2017 08:58:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2017 07:58:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (09/13/2017 06:29:52 PM) (Source: DCOM) (EventID: 10010) (User: Drew)
Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.

Error: (09/13/2017 05:17:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (09/13/2017 05:17:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/12/2017 10:18:18 PM) (Source: DCOM) (EventID: 10010) (User: Drew)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (09/12/2017 10:16:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (09/12/2017 10:16:17 PM) (Source: DCOM) (EventID: 10010) (User: Drew)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (09/12/2017 10:14:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error


CodeIntegrity:
===================================
Date: 2017-09-13 18:21:08.686
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-09 13:39:59.282
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-06 18:55:01.766
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-06 18:55:01.753
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-29 21:22:14.340
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-29 21:22:14.333
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-23 11:10:12.923
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-23 11:10:12.909
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-21 19:35:37.505
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-21 19:35:37.495
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD E2-1800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 33%
Total physical RAM: 7778.26 MB
Available physical RAM: 5207.15 MB
Total Virtual: 8994.26 MB
Available Virtual: 6459.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:909.94 GB) (Free:392.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.8 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E28E0A4)

Partition: GPT.

==================== End of Addition.txt ============================

 

Ok will do as you requested soon. I have noticed a couple of bugs since I started this process: computer plugged in but not charging, tried to reload the ACPI but no joy.

Computer requested that windows updates be installed, computer tried to install updates, but couldn't complete the process so is stuck on undoing changes?

 

Although the update informed me it could not complete the update all updates apart from 2017-09 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4038788) were updated?

Still not charging when plugged in?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-09-2017 02
Ran by chiefmissile (13-09-2017 22:47:25) Run:1
Running from C:\Users\chiefmissile\Desktop
Loaded Profiles: chiefmissile (Available Profiles: Andrew & chiefmissile)
Boot Mode: Normal
==============================================

fixlist content:
*****************
2016-03-12 17:56 - 2016-04-08 12:56 - 000000138 _____ () C:\Users\chiefmissile\AppData\Roaming\WB.CFG
2013-09-09 17:51 - 2013-09-09 17:51 - 000000017 _____ () C:\Users\chiefmissile\AppData\Local\resmon.resmoncfg
2016-07-06 16:41 - 2016-07-06 16:41 - 000000057 _____ () C:\ProgramData\Ament.ini
2017-09-11 20:20 - 2017-07-10 19:33 - 001930320 _____ (Microsoft Corporation) C:\Users\chiefmissile\AppData\Local\Temp\dllnt_dump.dll
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ContextMenuHandlers1: [Arcsoft] -> {0572F6AE-950B-4ae1-80F4-9065417ABB21} => -> No File
ContextMenuHandlers4: [Arcsoft] -> {0572F6AE-950B-4ae1-80F4-9065417ABB21} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Arcsoft] -> {0572F6AE-950B-4ae1-80F4-9065417ABB21} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Task: {026FEB2F-4CA2-4EAE-BE23-945C8976A679} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {217627ED-7155-46FA-9D0D-AF372549C35A} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2013-03-15] () <==== ATTENTION
C:\IORRT
Task: {577DF6FB-884A-4432-B559-AA5D3AE5408F} - \WPD\SqmUpload_S-1-5-21-249715362-3715089036-736331460-1004 -> No File <==== ATTENTION
Task: {9CB251C9-7571-4B03-A0A7-33D8438FD4E3} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AA00C2F6-5B22-42FD-B21C-F4A82D1B506D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B142D05A-0AC1-429D-864E-8FB27232E3B6} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D85845EB-47A4-4201-B3A5-458A543CA704} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DDEE955C-5A53-476E-90A2-944873DB1BD1} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {FFB61A8C-7E48-4911-9A32-838BE4E069F7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

*****************

C:\Users\chiefmissile\AppData\Roaming\WB.CFG => moved successfully
C:\Users\chiefmissile\AppData\Local\resmon.resmoncfg => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\Users\chiefmissile\AppData\Local\Temp\dllnt_dump.dll => moved successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Arcsoft => key removed successfully
HKLM\Software\Classes\CLSID\{0572F6AE-950B-4ae1-80F4-9065417ABB21} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Arcsoft => key removed successfully
HKLM\Software\Classes\CLSID\{0572F6AE-950B-4ae1-80F4-9065417ABB21} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => key removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Arcsoft => key removed successfully
HKLM\Software\Classes\CLSID\{0572F6AE-950B-4ae1-80F4-9065417ABB21} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => key removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{026FEB2F-4CA2-4EAE-BE23-945C8976A679} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{026FEB2F-4CA2-4EAE-BE23-945C8976A679} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{217627ED-7155-46FA-9D0D-AF372549C35A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{217627ED-7155-46FA-9D0D-AF372549C35A} => key removed successfully
C:\WINDOWS\System32\Tasks\Hybrid => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hybrid => key removed successfully
C:\IORRT => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{577DF6FB-884A-4432-B559-AA5D3AE5408F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{577DF6FB-884A-4432-B559-AA5D3AE5408F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-249715362-3715089036-736331460-1004 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CB251C9-7571-4B03-A0A7-33D8438FD4E3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CB251C9-7571-4B03-A0A7-33D8438FD4E3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA00C2F6-5B22-42FD-B21C-F4A82D1B506D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA00C2F6-5B22-42FD-B21C-F4A82D1B506D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B142D05A-0AC1-429D-864E-8FB27232E3B6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B142D05A-0AC1-429D-864E-8FB27232E3B6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D85845EB-47A4-4201-B3A5-458A543CA704} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D85845EB-47A4-4201-B3A5-458A543CA704} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DDEE955C-5A53-476E-90A2-944873DB1BD1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDEE955C-5A53-476E-90A2-944873DB1BD1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOONotify => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFB61A8C-7E48-4911-9A32-838BE4E069F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFB61A8C-7E48-4911-9A32-838BE4E069F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.

==== End of Fixlog 22:48:48 ====

 

charging issue resolved

 

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
Adobe Flash Player 27.0.0.130
Google Chrome (60.0.3112.113)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

Farbar Service Scanner Version: 27-01-2016
Ran by chiefmissile (administrator) on 15-09-2017 at 17:57:48
Running from "C:\Users\chiefmissile\AppData\Local\Microsoft\Windows\INetCache\IE\WCWR9UOR"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****