[INACTIVE] Likely have a virus

3 posters

WiredWX Hobby Weather Tools :: Archive :: Technical Support

[INACTIVE] Likely have a virus9th November 2017, 1:26 pm

I have been getting a warning that I have used all my computer storage which I know is not true I don't have much on it at all so something is up with that too.

Sorry if this is double post, I did post this already but I could not find where it posted and when I checked via my profile only much older post came up.

Your help is always appreciated.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by Joann (administrator) on JOANN-PC (09-11-2017 07:51:04)
Running from C:\Users\Joann\aa Joann stuff\Computer stuff\Computer geeks repair stuff
Loaded Profiles: Joann (Available Profiles: Joann)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(MY.COM B.V.) C:\Users\Joann\AppData\Local\MyComGames\MyComGames.exe
(PamConsult GmbH) C:\Program Files (x86)\Pamela\Pamela.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Twitch Interactive, Inc.) C:\Users\Joann\AppData\Roaming\Twitch\Bin\Twitch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Portrait Displays, Inc) C:\Program Files (x86)\BenQ\Display Pilot\dthtml.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3Svc64.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Twitch Interactive, Inc.) C:\Users\Joann\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Joann\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Joann\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Joann\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9038856 2016-10-26] (Realtek Semiconductor)
HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1208320 2016-08-26] ()
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-06-13] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 2016-08-17] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [pamfax] => C:\ProgramData\SquirrelMachineInstalls\pamfax.exe [88206848 2017-01-29] (PamConsult GmbH.)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [112424 2013-06-18] ()
HKLM-x32\...\Run: [DT BEN] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122336 2014-08-12] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-08-04] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1767816 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1953688 2016-08-05] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-376763465-2706390899-476848016-1000\...\Run: [GoogleChromeAutoLaunch_2F642E33331905E4A86D7A1743933699] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1451352 2017-09-21] (Google Inc.)
HKU\S-1-5-21-376763465-2706390899-476848016-1000\...\Run: [MyComGames] => C:\Users\Joann\AppData\Local\MyComGames\MyComGames.exe [5864336 2017-11-07] (MY.COM B.V.)
HKU\S-1-5-21-376763465-2706390899-476848016-1000\...\Run: [pamela.exe] => C:\Program Files (x86)\Pamela\Pamela.exe [12152856 2017-01-29] (PamConsult GmbH)
HKU\S-1-5-21-376763465-2706390899-476848016-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-376763465-2706390899-476848016-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [19405824 2017-04-14] ()
HKU\S-1-5-21-376763465-2706390899-476848016-1000\...\MountPoints2: {cb479cc8-e4f4-11e6-9df3-806e6f6e6963} - D:\Bin\Instv2.exe
Startup: C:\Users\Joann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-08-30]
ShortcutTarget: Twitch.lnk -> C:\Users\Joann\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{9683ABA6-9723-4017-8565-74CA2D35441A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-01-27] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-01-27] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-01-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-01-27] (Google Inc.)
Handler-x32: intu-tt2016 - {D3619A28-0FAE-4AD2-A79F-BAD3CD6E8779} - C:\Program Files (x86)\TurboTax 2016\ic2016pp.dll [2016-11-23] (Intuit Canada, a general partnership/une société en nom collectif.)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-376763465-2706390899-476848016-1000: @my.com/Games -> C:\Users\Joann\AppData\Local\MyComGames\NPMyComDetector.dll [2017-10-27] (MY.COM B.V.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default [2017-11-09]
CHR Extension: (Slides) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Docs) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-27]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-07-04]
CHR Extension: (Skype Calling) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-01-27]
CHR Extension: (YouTube) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-27]
CHR Extension: (Adblock Plus) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
CHR Extension: (Block site) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2017-10-11]
CHR Extension: (Sheets) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-27]
CHR Extension: (AdBlock) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-09]
CHR Extension: (Pinterest Save Button) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-11-09]
CHR Extension: (Intel Hardware Auto Detection) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jigddhlnakpgpgodgbfhbfibcgcimaep [2017-01-27]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2017-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28]
CHR Extension: (Gmail) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-27]
CHR Extension: (Chrome Media Router) - C:\Users\Joann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-02]
CHR Profile: C:\Users\Joann\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3715208 2015-12-14] (Intel Corporation)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-08] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138720 2014-08-12] (Portrait Displays, Inc.)
R2 Dynamsoft WebTWAIN Service; C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe [1387600 2015-03-16] (Dynamsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2017-01-28] (Macrovision Europe Ltd.) [File not signed]
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [175344 2016-12-02] (Intel Corporation)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-06-13] ()
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2015-02-27] (Microsoft)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-06-13] (Intel® Corporation)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [144872 2016-03-30] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1546216 2016-07-21] (Motorola Solutions, Inc.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [511952 2016-07-26] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-06] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-30] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [32224 2016-09-18] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [214272 2016-11-19] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-06] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-11-09] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45504 2017-11-09] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-11-09] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-11-09] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199736 2016-09-06] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3465184 2013-06-27] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-03-31] (NVIDIA Corporation)
R3 RTLU3E8023-W7-64; C:\Windows\System32\DRIVERS\rtu30x64w7.sys [83160 2013-10-12] (Realtek )
R3 SGXEPC; C:\Windows\System32\DRIVERS\sgx_driver.sys [52816 2016-06-27] (Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2017-01-28] (Windows (R) Win 7 DDK provider)
R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-08-05] (Western Digital Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-09 07:49 - 2017-11-09 07:51 - 000000000 ____D C:\FRST
2017-10-30 16:51 - 2017-11-09 07:45 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-10-23 17:14 - 2017-10-10 20:05 - 000050624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-10-18 08:12 - 2017-10-18 08:12 - 000340149 _____ C:\Users\Joann\Documents\candlelight coupon jpg.pdf
2017-10-18 07:42 - 2017-10-18 07:42 - 000000000 ____D C:\ProgramData\VsTelemetry
2017-10-18 07:42 - 2017-10-18 07:42 - 000000000 ____D C:\Program Files (x86)\gs
2017-10-18 07:42 - 2017-10-18 07:40 - 000003099 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT Home & Student X8.lnk
2017-10-18 07:42 - 2017-10-18 07:40 - 000003051 _____ C:\Users\Public\Desktop\CorelDRAW Home & Student X8.lnk
2017-10-18 07:42 - 2017-10-18 07:40 - 000002840 _____ C:\Users\Public\Desktop\Corel CAPTURE X8.lnk
2017-10-18 07:42 - 2017-10-18 07:40 - 000002393 _____ C:\Users\Public\Desktop\Corel CONNECT X8.lnk
2017-10-18 07:40 - 2017-10-18 07:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Home & Student Suite X8
2017-10-17 13:35 - 2017-11-09 07:44 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-09 07:52 - 2009-07-13 23:45 - 000021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-09 07:52 - 2009-07-13 23:45 - 000021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-09 07:50 - 2009-07-14 00:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-09 07:50 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-11-09 07:48 - 2017-01-28 06:37 - 000000000 ____D C:\Users\Joann\AppData\Roaming\Skype
2017-11-09 07:45 - 2017-10-03 21:40 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-09 07:45 - 2017-10-03 21:40 - 000045504 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-09 07:45 - 2017-07-01 12:45 - 000000000 ____D C:\Users\Joann\AppData\Roaming\Twitch
2017-11-09 07:45 - 2017-01-27 21:43 - 000000000 ____D C:\Users\Joann\AppData\Local\MyComGames
2017-11-09 07:45 - 2017-01-27 21:28 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-09 07:44 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-09 07:37 - 2017-06-30 21:30 - 000000000 ____D C:\Users\Joann\AppData\Local\Battle.net
2017-11-08 17:55 - 2017-01-30 15:35 - 000000000 ____D C:\Users\Joann\AppData\Roaming\PamFax Office Integrations
2017-11-08 08:56 - 2017-06-30 21:32 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2017-11-08 08:56 - 2017-06-30 21:30 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-10-30 16:50 - 2009-07-14 00:08 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-10-28 06:51 - 2017-02-20 20:05 - 000000000 ____D C:\Users\Joann\Documents\Adam Stuff
2017-10-23 21:18 - 2017-01-27 21:24 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-10-23 17:16 - 2017-05-22 11:54 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:16 - 2017-02-14 22:07 - 000001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-10-23 17:16 - 2017-02-14 22:06 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:16 - 2017-01-27 21:24 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-10-23 17:16 - 2017-01-27 21:24 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-10-23 17:15 - 2017-02-14 22:06 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:15 - 2017-02-14 22:06 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:15 - 2017-02-14 22:06 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:15 - 2017-02-14 22:06 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:15 - 2017-02-14 22:06 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:15 - 2017-02-14 22:06 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 14:00 - 2017-01-28 05:46 - 000000000 ____D C:\Users\Joann\AppData\Local\CrashDumps
2017-10-18 11:32 - 2017-01-30 15:31 - 000000000 ____D C:\Users\Joann\Documents\Corel
2017-10-18 07:45 - 2017-01-27 22:08 - 000000000 ___RD C:\Users\Joann\Desktop\Orginial Downloads for setting up computer
2017-10-18 07:42 - 2017-01-27 20:43 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-18 07:42 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-10-18 07:41 - 2017-01-27 21:38 - 000000000 ____D C:\ProgramData\Corel
2017-10-18 07:40 - 2017-01-30 15:25 - 000000000 ____D C:\Users\Public\Documents\Corel
2017-10-18 07:40 - 2017-01-27 21:41 - 000000000 ____D C:\Users\Joann\AppData\Roaming\Corel
2017-10-18 07:39 - 2017-01-27 21:38 - 000000000 ____D C:\Program Files (x86)\Corel
2017-10-16 20:30 - 2017-01-28 04:31 - 000000000 ____D C:\Users\Joann\AppData\Roaming\HpUpdate
2017-10-13 02:00 - 2017-01-27 21:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-10-10 20:05 - 2017-05-22 11:53 - 000186304 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-10-10 20:05 - 2017-05-22 11:53 - 000152512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-10-10 20:05 - 2017-02-14 22:06 - 001796032 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-10-10 20:05 - 2017-02-14 22:06 - 001577920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-10-10 20:05 - 2017-02-14 22:06 - 000918976 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2017-10-10 18:26 - 2017-04-06 15:10 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat

==================== Files in the root of some directories =======

2017-01-28 04:24 - 2017-01-28 04:24 - 000000057 _____ () C:\ProgramData\Ament.ini
2017-01-27 20:47 - 2017-01-27 20:47 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-01-27 21:29 - 2017-03-31 20:36 - 000754168 _____ (NVIDIA Corporation) C:\Users\Joann\AppData\Local\Temp\nvSCPAPI.dll
2017-01-27 21:29 - 2017-03-31 20:36 - 000868152 _____ (NVIDIA Corporation) C:\Users\Joann\AppData\Local\Temp\nvSCPAPI64.dll
2017-03-09 19:46 - 2017-03-31 20:36 - 000369208 _____ (NVIDIA Corporation) C:\Users\Joann\AppData\Local\Temp\nvStInst.exe
2015-05-26 06:42 - 2015-05-26 06:42 - 002870240 _____ (PamConsult GmbH) C:\Users\Joann\AppData\Local\Temp\OfficeIntegrationsSetup.exe
2017-01-28 06:32 - 2017-01-29 11:22 - 088206848 _____ (PamConsult GmbH.) C:\Users\Joann\AppData\Local\Temp\PamFaxSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-31 00:19

==================== End of FRST.txt ============================

Re: [INACTIVE] Likely have a virus9th November 2017, 1:38 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by Joann (09-11-2017 07:52:55)
Running from C:\Users\Joann\aa Joann stuff\Computer stuff\Computer geeks repair stuff
Windows 7 Professional Service Pack 1 (X64) (2017-01-28 01:01:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-376763465-2706390899-476848016-500 - Administrator - Disabled)
Guest (S-1-5-21-376763465-2706390899-476848016-501 - Limited - Disabled)
Joann (S-1-5-21-376763465-2706390899-476848016-1000 - Administrator - Enabled) => C:\Users\Joann

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.61 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.33 - NVIDIA Corporation) Hidden
ApoDispatchConfigurator (HKLM\...\{EE69F441-C3C7-4983-B995-7C1070F37832}) (Version: 3.0.001 - ASUSTeKcomputer.Inc) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.38.1 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
Asus Sonic Radar 3 (HKLM-x32\...\{2ee41b62-6ea2-4a3d-8d26-9af8dd6e44fe}) (Version: 3.0.0.35752 - ASUSTeKcomputer.Inc)
Asus Sonic Studio 3 (HKLM-x32\...\{8e66dfd3-6971-4019-b3f6-86492e809591}) (Version: 3.0.0.35752 - ASUSTeKcomputer.Inc)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bloody6 (HKLM-x32\...\Bloody3) (Version: 17.04.0003 - Bloody)
Contents (HKLM-x32\...\{C8A4DA60-6A94-4627-B7C9-DB6223D531FE}) (Version: 1.0.0.101 - Corel Corporation) Hidden
Corel AfterShot 3 - ICA x64 (HKLM\...\{FE875B02-11A1-4D1E-B57A-8DE2C00C0B51}) (Version: 3.3 - Corel Corporation) Hidden
Corel AfterShot 3 - IPM Content x64 (HKLM\...\{3E064BED-C9D8-4BEF-A2EE-8D67E99C3932}) (Version: 3.3 - Corel Corporation) Hidden
Corel AfterShot 3 - IPM x64 (HKLM\...\{5059B47C-4D7B-46E9-9D7A-1E2FCF5DDBED}) (Version: 3.3.0.234 - Corel Corporation) Hidden
Corel AfterShot 3 x64 (HKLM\...\{1CC44D99-D0F5-4F25-8E72-58DD27DED43B}) (Version: 3.3 - Corel Corporation) Hidden
Corel AfterShot 3(64-bit) (HKLM\...\_{FE875B02-11A1-4D1E-B57A-8DE2C00C0B51}) (Version: 3.3.0.234 - Corel Corporation)
Corel AfterShot HDR (HKLM\...\{E871EA56-F403-4B5C-A90C-9A133F31E3AE}) (Version: 1.00.0000 - Corel Corporation)
Corel AfterShot Pro 2 - ICA x64 (HKLM\...\{FBBE376F-E586-449C-A521-B32A2DEC841E}) (Version: 2.2.2 - Corel Corporation) Hidden
Corel AfterShot Pro 2 - IPM Content x64 (HKLM\...\{556CA6F6-431C-44B2-924D-10B56A31EDB9}) (Version: 2.4.0 - Corel Corporation) Hidden
Corel AfterShot Pro 2 - IPM x64 (HKLM\...\{57A2DB66-77DB-47EB-9DD1-BAA6B69BA8D5}) (Version: 2.4.0 - Corel Corporation) Hidden
Corel AfterShot Pro 2 x64 (HKLM\...\{2608D95D-F113-41DB-A807-B0054F769F9A}) (Version: 2.4.0 - Corel Corporation) Hidden
Corel AfterShot Pro 2(64-bit) (HKLM\...\_{FBBE376F-E586-449C-A521-B32A2DEC841E}) (Version: 2.4.0.119 - Corel Corporation)
Corel FastFlick (HKLM-x32\...\_{10EC8494-8A92-49D8-9677-2483EB01F7F1}) (Version: 1.0.0.101 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{DA3BB5D6-55FE-4632-87E3-9E823C67B58B}) (Version: 18.1.0.690 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\{DA3BB5D6-55FE-4632-87E3-9E823C67B58B}) (Version: 18.1.690 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit Keys (HKLM\...\{69D1C50E-6E4D-416D-A632-875EB3C5EF8A}) (Version: 18.1.690 - Corel Corporation) Hidden
Corel KPT Collection (HKLM-x32\...\_{2E6E25E9-9BEE-4486-848B-92CC172B8FF8}) (Version: 1.0.0.131 - Corel Corporation)
Corel KPT Collection (HKLM-x32\...\{2E6E25E9-9BEE-4486-848B-92CC172B8FF8}) (Version: 1.0.0.131 - Corel Corporation) Hidden
Corel Painter Essentials 5 - IPM (HKLM\...\{7AE4E1DB-DD52-46DA-806C-30A10D3FDEA7}) (Version: 5.0 - Corel Corporation) Hidden
Corel Painter Essentials 5 - IPM Content (HKLM\...\{E7C117A5-E97D-487B-AEB6-1293FA0BF8E6}) (Version: 5.0 - Corel Corporation) Hidden
Corel Painter Essentials 5 (HKLM\...\_{7E35BD37-3F00-4FCB-A357-92F5D0CDEC2A}) (Version: 0.0 - Corel Corporation)
Corel PaintShop Pro 2018 (HKLM-x32\...\_{6000096B-318C-40F8-A450-043B6A602D16}) (Version: 20.0.0.132 - Corel Corporation)
Corel PaintShop Pro 2018 (HKLM-x32\...\{5A150D1D-326B-4C75-8984-2D2C602D1CA1}) (Version: 20.0.0.132 - Corel Corporation) Hidden
Corel PaintShop Pro X8 (HKLM-x32\...\_{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}) (Version: 18.2.0.61 - Corel Corporation)
Corel PaintShop Pro X9 (HKLM-x32\...\_{998717E5-1031-4D28-A143-48ADAF062E5F}) (Version: 19.1.0.29 - Corel Corporation)
Corel PaintShop Pro X9 (HKLM-x32\...\{93EE564E-9DA1-4655-8A90-4E816019B409}) (Version: 19.1.0.29 - Corel Corporation) Hidden
Corel ScreenCap (HKLM\...\{99642277-4695-438F-8F07-E59D3E8EDB26}) (Version: 1.0.0 - Corel Corporation)
Corel Update Manager (HKLM\...\{1E7AD2D2-EDD9-4334-992D-7F7ED9769217}) (Version: 2.3.110 - Corel corporation) Hidden
Corel Update Manager (HKLM\...\{67881956-8135-4804-9465-BA1419010638}) (Version: 2.3.180 - Corel corporation) Hidden
Corel Update Manager (HKLM\...\{B6C0FB43-0C9B-46E6-93E4-DF171ED80C53}) (Version: 2.3.111 - Corel corporation) Hidden
Corel Update Manager (HKLM\...\{B8C05FFE-C36F-4F17-AD20-739E4BC65AC9}) (Version: 2.3.160 - Corel corporation) Hidden
Corel Update Manager (HKLM-x32\...\{3F8C582C-B21D-49EC-AD5F-C9890041A0CC}) (Version: 2.3.180 - Corel corporation) Hidden
Corel Update Manager (HKLM-x32\...\{EE61B6C5-F017-4505-85D3-6D40B1797D32}) (Version: 2.3.160 - Corel corporation) Hidden
CorelDRAW Home & Student Suite X7 - BR (HKLM-x32\...\{204C9777-B2C9-4B88-87DD-C2AC35E79786}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - Capture (HKLM-x32\...\{8CCD62D0-57BB-44E9-9C93-330A68E3BD5B}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - Common (HKLM-x32\...\{BD30CB1C-0180-4153-80ED-B5AE197BE234}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - Connect (HKLM-x32\...\{62360B9B-4B45-4068-8D88-9DA12E0FB268}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - Custom Data (HKLM-x32\...\{3A665B39-A5A8-47FD-8C4C-D8D06D2BE102}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - DrawHome (HKLM-x32\...\{CE5BE087-7B19-43F4-950F-CE4BC6BBD4A3}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - EN (HKLM-x32\...\{3E72F3AF-7D58-417D-B175-B2790E96B9A1}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - ES (HKLM-x32\...\{9569BD01-502D-4286-BB4E-7FBF635030F8}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - Filters (HKLM-x32\...\{8DCF04B5-AE81-4070-BA78-6255A80069E3}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - FontNav (HKLM-x32\...\{6AAB0055-3642-434A-A0F6-842A9AFB1FE2}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - FR (HKLM-x32\...\{1EAD86EA-53EF-4947-AE2C-12A374A9888D}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - IPM (HKLM-x32\...\{C4C6CC00-3D4B-4006-A11B-FC2E4EB9672E}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - IPM Content (HKLM-x32\...\{8E09BAC6-D27D-49EB-B88D-FCE818E5476D}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - PPHome (HKLM-x32\...\{263B9543-61A9-4B0C-894F-088258AD2ED9}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - Redist (HKLM-x32\...\{AF2508E5-E1FC-49E2-97EE-3423521B930D}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - Setup Files (HKLM-x32\...\{39212C63-B2E9-4ECB-8F91-6E41990093E1}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - VideoBrowser (HKLM-x32\...\{E8B97713-99F8-4503-9644-83192ADB9357}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 - Writing Tools (HKLM-x32\...\{155E8961-3C9B-4BEF-B638-4AA1955435A2}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X7 (HKLM-x32\...\_{39212C63-B2E9-4ECB-8F91-6E41990093E1}) (Version: 17.1.0.572 - Corel Corporation)
CorelDRAW Home & Student Suite X7 (HKLM-x32\...\{2D800669-1238-4C6B-AC3B-7DB71FD63CF2}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - BR (HKLM-x32\...\{1E6087A4-1715-4B43-9090-A3B1EFD55EF8}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - Capture (HKLM-x32\...\{32398CCC-C644-487E-B22B-58AE0BE0C7AE}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - Common (HKLM-x32\...\{796CC87C-5679-49D6-9054-FC56B9232A9A}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - Connect (HKLM-x32\...\{4454CFA8-C64D-4E4A-A085-18B16E0B8BB9}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - Custom Data (HKLM-x32\...\{9D72E2C7-CD9C-455C-A0DB-B4D3F7B5B9B1}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - DrawHome (HKLM-x32\...\{D1444571-9830-4967-A029-903551A49894}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - EN (HKLM-x32\...\{14F44A6C-3096-4C3F-9039-20741B443EC9}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - ES (HKLM-x32\...\{448BF8BB-3961-4A6F-80E3-B65B218DFC47}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - Filters (HKLM-x32\...\{289F11C5-B482-42B6-8CA8-FF7502E34A52}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - FR (HKLM-x32\...\{A850C65E-8029-4BBD-9DF8-2A178C51C4EB}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - IPM (HKLM-x32\...\{C4DF8B81-6925-4D29-8204-933667E127B4}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - IPM Content (HKLM-x32\...\{0EC6F0EB-64A9-4A69-B8A2-7CB0779CA7A0}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - PPHome (HKLM-x32\...\{04BBF42B-CCEC-44C6-8DE1-9B3F3ECB6181}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - Redist (HKLM-x32\...\{F6B3E5CE-2DCD-4663-9A21-B00872AE17D9}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - Setup Files (HKLM-x32\...\{3F0816AB-BA66-4B2F-933A-B533EFBC0098}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - VBA (HKLM-x32\...\{6268A84D-604F-4085-ADB1-634FCE8BA965}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - VideoBrowser (HKLM-x32\...\{A5E75F35-0DFB-4F1F-BB1E-C8B2B2F3B4BA}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 - Writing Tools (HKLM-x32\...\{7135E09C-980F-4373-B211-04B05C996113}) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X8 (HKLM-x32\...\_{3F0816AB-BA66-4B2F-933A-B533EFBC0098}) (Version: 18.1.0.690 - Corel Corporation)
CorelDRAW Home & Student Suite X8 (HKLM-x32\...\{05718EEC-DE09-454E-9D62-3152254742F1}) (Version: 18.1 - Corel Corporation) Hidden
Creative Content (HKLM-x32\...\_{9375898A-ED8E-4423-ADFA-75AF8E594769}) (Version: 1.0.0.130 - Corel Corporation) Hidden
Creative Content (HKLM-x32\...\_{CC5E4DDE-C3D8-4492-B306-B9587E7FD24F}) (Version: 1.0.0.143 - Corel Corporation) Hidden
Creative Content (HKLM-x32\...\{9375898A-ED8E-4423-ADFA-75AF8E594769}) (Version: 1.0.0.130 - Corel Corporation) Hidden
Creative Content (HKLM-x32\...\{CC5E4DDE-C3D8-4492-B306-B9587E7FD24F}) (Version: 1.0.0.143 - Corel Corporation) Hidden
DeviceRoutingConfigurator (HKLM\...\{75EBC822-7D61-4756-9CE4-E782383411C1}) (Version: 3.0.0.35752 - ASUSTeKcomputer.Inc) Hidden
Display Pilot (HKLM-x32\...\{6DD25D67-4339-47A1-950E-EEFC321CBB24}) (Version: 2.22.013 - Portrait Displays, Inc.)
Driver Booster 4.2 (HKLM-x32\...\Driver Booster_is1) (Version: 4.2.0 - IObit)
Dynamic Web TWAIN HTML5 Edition (HKLM-x32\...\{F7D4B5A4-4258-4A34-9D9E-C8D299EBBFA8}) (Version: 10.2.312 - Dynamsoft)
FINAL FANTASY XI (HKLM-x32\...\{678F6475-D227-432A-94FF-806178A34520}) (Version: 1.011.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI (HKLM-x32\...\InstallShield_{678F6475-D227-432A-94FF-806178A34520}) (Version: 1.011.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI Seekers of Adoulin (HKLM-x32\...\{E86A33A7-6C77-48F3-9D72-2D8F4C1AD5AC}) (Version: 1.50.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Chains of Promathia (HKLM-x32\...\{3C0619B4-4A2C-4244-8077-488E420DF907}) (Version: 1.28.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Chains of Promathia (HKLM-x32\...\InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}) (Version: 1.28.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Rise of the Zilart (HKLM-x32\...\{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}) (Version: 1.19.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Rise of the Zilart (HKLM-x32\...\InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}) (Version: 1.19.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Seekers of Adoulin (HKLM-x32\...\InstallShield_{E86A33A7-6C77-48F3-9D72-2D8F4C1AD5AC}) (Version: 1.50.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Treasures of Aht Urhgan (HKLM-x32\...\{A606C6FF-12E7-40BE-B777-D8F360FF00CD}) (Version: 1.36.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Treasures of Aht Urhgan (HKLM-x32\...\InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}) (Version: 1.36.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Wings of the Goddess (HKLM-x32\...\{5B037ED7-0755-48D4-9554-808E5AF50F17}) (Version: 1.43.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Wings of the Goddess (HKLM-x32\...\InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}) (Version: 1.43.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XIV (HKLM-x32\...\{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Drive (HKLM-x32\...\{AC117AF9-316B-4E1D-959E-F0EB85B0DC5F}) (Version: 2.34.7100.0000 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
ICA (HKLM-x32\...\{10EC8494-8A92-49D8-9677-2483EB01F7F1}) (Version: 1.0.0.101 - Corel Corporation) Hidden
ICA (HKLM-x32\...\{6000096B-318C-40F8-A450-043B6A602D16}) (Version: 20.0.0.132 - Corel Corporation) Hidden
ICA (HKLM-x32\...\{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}) (Version: 18.2.0.61 - Corel Corporation) Hidden
ICA (HKLM-x32\...\{998717E5-1031-4D28-A143-48ADAF062E5F}) (Version: 19.1.0.29 - Corel Corporation) Hidden
IconHandler 64 bit (HKLM\...\{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}) (Version: 2.0 - Corel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Network Connections 21.1.27.0 (HKLM\...\PROSetDX) (Version: 21.1.27.0 - Intel)
Intel(R) USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.0.32 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 19.30.1646.853) (HKLM\...\{302600C1-6BDF-4FD1-1609-148929CC1385}) (Version: 19.0.1609.0664 - Intel Corporation)
IntelÂ

PROSet/Wireless Software (HKLM-x32\...\{fd9db181-00fa-4117-82e2-cf920d564253}) (Version: 16.1.0 - Intel Corporation)
IPM_PSP_COM (HKLM-x32\...\{9A86C6EE-2CCC-4A51-BCC8-AAF97C2F4615}) (Version: 19.1.0.29 - Corel Corporation) Hidden
IPM_PSP_COM (HKLM-x32\...\{E366C7D5-FD35-482C-AA33-38AE3BC48021}) (Version: 20.0.0.132 - Corel Corporation) Hidden
IPM_PSP_COM64 (HKLM\...\{2013AABB-7212-4D79-B13B-25E567C2D0E4}) (Version: 20.0.0.132 - Corel Corporation) Hidden
IPM_PSP_COM64 (HKLM\...\{842A3E2E-15B2-4D49-A50F-05964CA93374}) (Version: 18.2.0.61 - Corel Corporation) Hidden
IPM_PSP_COM64 (HKLM\...\{966E78A9-AB34-4FC6-BEDA-7D3F1F42121D}) (Version: 19.1.0.29 - Corel Corporation) Hidden
IPM_VS_Pro (HKLM-x32\...\{126FB9B0-85B6-476A-AF26-BE008D8DFC53}) (Version: 1.0 - Corel Corporation) Hidden
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (HKLM-x32\...\{91CA0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-376763465-2706390899-476848016-1000\...\MyComGames) (Version: 3.192 - My.com B.V.)
NahimicSettingsConfigurator (HKLM\...\{67BA90ED-106D-4AAE-BCFC-5A1AAB59B6D4}) (Version: 3.0.001 - ASUSTeKcomputer.Inc) Hidden
novaPDF 8 Printer Driver (HKLM\...\{48CFCB4B-0488-4711-B54E-E8E3F5929166}) (Version: 8.2.929 - Softland)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.33 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
Painter Essentials 5 - Contentx64 (HKLM\...\{F62567D5-C772-44A9-8197-3B16D42EB944}) (Version: 5.0 - Corel Corporation) Hidden
Painter Essentials 5 - Core (HKLM\...\{8E99D572-EE7E-4840-9C79-FA26C1FA08D2}) (Version: 5.0.1 - Corel Corporation) Hidden
Painter Essentials 5 - Corex64 (HKLM\...\{5A595A4C-E10E-4695-8914-317AE77CBB79}) (Version: 5.0 - Corel Corporation) Hidden
Painter Essentials 5 - CT (HKLM\...\{26489B02-A6F9-4F46-A59D-DB65FA8FD4F9}) (Version: 5.0 - Corel Corporation) Hidden
Painter Essentials 5 - DE (HKLM\...\{99211142-E2B0-4CE8-A35A-792A531BAD40}) (Version: 5.0.1 - Corel Corporation) Hidden
Painter Essentials 5 - EN (HKLM\...\{662D2525-13B4-41BF-824F-53A2E0D6FA82}) (Version: 5.0.1 - Corel Corporation) Hidden
Painter Essentials 5 - FR (HKLM\...\{B00BA6C2-FD72-4434-A82D-415C65DA359C}) (Version: 5.0 - Corel Corporation) Hidden
Painter Essentials 5 - JP (HKLM\...\{89BAB6D5-EA63-449B-A7AA-27E457C172C0}) (Version: 5.0 - Corel Corporation) Hidden
Painter Essentials 5 - Setup Files (HKLM\...\{7E35BD37-3F00-4FCB-A357-92F5D0CDEC2A}) (Version: 5.0 - Corel Corporation) Hidden
Pamela Pro 4.9 (HKLM-x32\...\Pamela) (Version: 4.9 - PamConsult GmbH)
PamFax (HKU\S-1-5-21-376763465-2706390899-476848016-1000\...\pamfax) (Version: 4.1.3 - PamConsult GmbH.)
PamFax PDF Printer (HKLM\...\{6E86C237-CCB6-4FBD-8280-00ABEFE803C9}) (Version: 8.2.929 - Softland)
ParticleShop - Core (HKLM\...\{539A8441-261C-42DA-8B4B-FB512F61D33B}) (Version: 1.5 - Corel Corporation) Hidden
ParticleShop - IPM (HKLM\...\{9E99AA1D-F1DC-442D-B9D9-8DD3EE529AE9}) (Version: 1.5 - Corel Corporation) Hidden
ParticleShop - IPM Content (HKLM\...\{67BDB811-383B-4D2B-870E-F27D2511F200}) (Version: 1.5 - Corel Corporation) Hidden
ParticleShop (HKLM\...\_{6F224046-E164-4B78-9867-3AE494271D29}) (Version: 1.5.0.108 - Corel Corporation)
ParticleShop (HKLM\...\{6F224046-E164-4B78-9867-3AE494271D29}) (Version: 1.5 - Corel Corporation) Hidden
ParticleShop (HKLM\...\{D4F483F8-71F1-457F-AB1B-31C61529B658}) (Version: 1.5 - Corel Corporation) Hidden
Perfect Effects 9 (HKLM-x32\...\Perfect Effects 9 STD) (Version: 9.5.0 - on1)
PhotoshopdotcomInspirationBrowser (HKLM-x32\...\{AFBBF30D-ADA9-4313-464E-14458B6BE034}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Pivot Pro Plugin (HKLM-x32\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.61.004 - Portrait Displays, Inc.) Hidden
PlayOnline Viewer & Tetra Master (HKLM-x32\...\{47004155-7376-403E-89E9-4C9F44AAF0D0}) (Version: 1.18.00 - SQUARE ENIX CO., LTD.) Hidden
PlayOnline Viewer & Tetra Master (HKLM-x32\...\InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}) (Version: 1.18.00 - SQUARE ENIX CO., LTD.)
ProductDaemonSetup (HKLM\...\{17A2D1AC-D9F5-4A46-A29E-75AAAA5E382D}) (Version: 3.0.001 - ASUSTeKcomputer.Inc) Hidden
PSPPContent (HKLM-x32\...\{91773E30-F29C-4381-854A-95281DEB8DA1}) (Version: 19.1.0.29 - Corel Corporation) Hidden
PSPPContent (HKLM-x32\...\{CC719875-8939-48D2-BA50-D5F5673C4C6A}) (Version: 20.0.0.132 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{9F087D85-EDDC-4DC4-B665-AFDD3734D987}) (Version: 19.1.0.29 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{BBF5A9A0-82BD-4C51-9EAD-624651FE765B}) (Version: 20.0.0.132 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{88CFC59F-1491-4359-819F-87DFAFF9CCF4}) (Version: 18.2.0.61 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{9722764A-D7C1-483A-931C-9C0A95D5F4EB}) (Version: 19.1.0.29 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{A8A7345E-0111-4A73-9F0F-560A837BF901}) (Version: 20.0.0.132 - Corel Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7962 - Realtek Semiconductor Corp.)
Revelation Online (HKU\S-1-5-21-376763465-2706390899-476848016-1000\...\Revelation Online) (Version: 1.42 - My.com B.V.)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.012 - Portrait Displays, Inc.) Hidden
Setup (HKLM-x32\...\{9E0054AB-F957-4177-850E-3541960DBD53}) (Version: 19.1.0.29 - Corel Corporation) Hidden
Setup (HKLM-x32\...\{C9C9ACD1-F275-45CB-B507-96486DB5E608}) (Version: 20.0.0.132 - Corel Corporation) Hidden
Setup (HKLM-x32\...\{F2BACD4C-71F0-487C-AC11-247833494E52}) (Version: 1.0.0.101 - Corel Corporation) Hidden
Share (HKLM-x32\...\{4AA35E5E-F12E-4CC9-92CD-049AF647841B}) (Version: 1.0.0.101 - Corel Corporation) Hidden
Skypeâ„¢ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SonicMapperConfigurator (HKLM\...\{CFD55484-F461-4F43-AC89-36F24FD3E12A}) (Version: 3.0.0.35740 - ASUSTeKcomputer.Inc) Hidden
SonicRadar3Setup (HKLM\...\{92E53B84-6861-405B-B966-8AB20FB090EB}) (Version: 3.0.0.35740 - ASUSTeKcomputer.Inc) Hidden
SonicStudio3Setup (HKLM\...\{BE705BF9-EFB8-49AB-94B0-412E963DEEC7}) (Version: 3.0.0.35752 - ASUSTeKcomputer.Inc) Hidden
TurboTax 2016 (HKLM-x32\...\{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}) (Version: 1.00.0000 - Intuit Canada)
Twitch (HKU\S-1-5-21-376763465-2706390899-476848016-1000\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
VSClassic (HKLM-x32\...\{3342D238-E332-43BB-B406-C6EE82273708}) (Version: 1.0.0.101 - Corel Corporation) Hidden
VSPro (HKLM-x32\...\{6AA550DB-4863-44C7-863F-4F4C7D13649F}) (Version: 1.0.0.101 - Corel Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WD Backup (HKLM-x32\...\{46162462-824f-4ea9-a312-38841e3dab7d}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc.)
WD Backup (HKLM-x32\...\{9669966E-5595-4820-A879-DD48B3DF05BF}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{06628A2D-167D-4F5E-8C98-60CFA0B161D1}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{7c73600b-2542-4641-a960-74bed274be03}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{A2D70EE4-2462-4F04-9955-5761E3F3F47A}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{f1fc402c-35fd-40c0-97e4-5bee07891caf}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
Windower (HKU\S-1-5-21-376763465-2706390899-476848016-1000\...\Windower) (Version: 4.0.0.0 - Windower Team)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (03/07/2013 2.4.0.0) (HKLM\...\FB6346ABC58E926B03FC05975B4A9232E5FD8F1D) (Version: 03/07/2013 2.4.0.0 - Cambridge Silicon Radio Ltd.)
WinRAR 5.50 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.4 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-09] (Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-06-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-06-30] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-09] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-18] (NVIDIA Corporation)
ContextMenuHandlers5: [PortraitDisplaysContextMenu] -> {8602BDD8-9780-4717-B89A-7F89AF75B2AB} => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\shellmenu64.dll [2013-06-18] (Portrait Displays, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-06-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-06-30] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00280293-B114-473B-A80F-30AEBAC2E3C0} - System32\Tasks\CorelUpdateHelperTask => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-07-05] (Corel Corporation)
Task: {00CCF706-F2F2-4C9B-AB67-5C3815AEC3FA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {1008535E-069C-4665-A84B-407197528087} - System32\Tasks\{4D4D952E-C9CD-4C9D-9F34-D5AF724C670D} => C:\Windows\system32\pcalua.exe -a C:\Users\Joann\AppData\Roaming\Twitch\Bin\UninstallTwitch.exe -c /X{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}
Task: {194401D1-A185-4899-981D-052E30CB92FE} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {1DD10853-B860-4678-AAD0-87938E79FDB5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {48068F56-2EE1-4167-B5FB-843619B5D57A} - System32\Tasks\SS3Svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3Svc64.exe [2016-08-26] ()
Task: {4B43859C-78D0-4C11-8E2C-8CBD8B95B44A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {51B4CC39-4581-4AA2-B935-57216D403E04} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {6964D1F9-BC2C-49D2-B38C-3FA834B1444F} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] ()
Task: {6C2A0704-FBAE-4C66-B70B-98C778956C47} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
Task: {6EE8A0FC-B044-483F-B3A1-D59669874B02} - System32\Tasks\{B4AD7CFA-3266-4942-A289-2144C6D62554} => C:\Windows\system32\pcalua.exe -a "C:\Users\Joann\aa Joann stuff\Utility stuff\TwitchSetup.exe" -d "C:\Users\Joann\aa Joann stuff\Utility stuff"
Task: {7FFC1DCD-8568-42D2-88EC-0D36A67DBC56} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-07-05] (Corel Corporation)
Task: {81DD5B97-DE71-4096-92BF-B13FF0307B9A} - System32\Tasks\SS3Svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe [2016-08-26] ()
Task: {8B0EC868-728B-425B-8C05-58C4B1A88934} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-27] (Google Inc.)
Task: {8BAF575F-2B48-4697-87D3-4E5CBB37A495} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {D0F5AB2C-B4B4-4EE0-9A51-B53E789DBC8C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {E1BD6953-DA06-44F9-AF17-4AB5C4B42DE4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {E270A928-F704-4F2D-83DE-46E4552F19D3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {FB44E941-A749-4DB6-9572-3864FC17E8A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-01-27 21:28 - 2017-05-18 00:48 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-03 13:33 - 2014-08-12 14:26 - 000098272 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook64.dll
2016-08-26 17:34 - 2016-08-26 17:34 - 000472248 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll
2015-05-08 01:26 - 2015-05-08 01:26 - 000936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2017-02-03 13:32 - 2014-08-12 14:26 - 000275936 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll
2017-01-27 20:46 - 2016-10-26 04:08 - 000105312 _____ () C:\Windows\system32\audioLibVc.dll
2017-01-27 20:45 - 2014-04-24 01:29 - 001360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2016-08-26 17:32 - 2016-08-26 17:32 - 001208320 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe
2015-02-27 12:49 - 2015-02-27 12:49 - 000137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2017-02-14 22:06 - 2017-10-10 20:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-10-03 21:38 - 2017-10-06 09:43 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-10-03 21:38 - 2017-10-06 09:43 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-08-15 22:52 - 2016-08-15 22:52 - 000387128 ____R () C:\Program Files\Intel\NCS2\WmiProv\Ncs2Provider.dll
2016-08-15 22:52 - 2016-08-15 22:52 - 000206904 ____R () C:\Program Files\Intel\NCS2\Agent\AdapterAgnt.DLL
2017-09-26 17:11 - 2017-09-21 02:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 17:11 - 2017-09-21 02:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2016-08-26 17:34 - 2016-08-26 17:34 - 000792576 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe
2016-08-26 17:43 - 2016-08-26 17:43 - 000175288 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\x64\SonicStudio3SystrayDaemon.dll
2016-08-26 17:39 - 2016-08-26 17:39 - 001697976 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\x64\SonicRadar3SystrayDaemon.dll
2016-08-26 17:34 - 2016-08-26 17:34 - 000286904 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3OSD.dll
2017-02-03 13:09 - 2013-06-18 12:26 - 000677160 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
2017-02-03 13:09 - 2013-06-18 12:26 - 000714024 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
2017-02-03 13:10 - 2014-08-12 14:26 - 000163296 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
2017-02-03 13:10 - 2014-08-12 14:26 - 000197088 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
2017-01-27 20:45 - 2017-11-09 07:44 - 000041768 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2017-01-27 20:45 - 2015-05-08 01:26 - 000104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2016-08-26 17:41 - 2016-08-26 17:41 - 000326328 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\DeviceRoutingDaemon.dll
2016-08-26 17:41 - 2016-08-26 17:41 - 000317624 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\SonicStudio3SystrayDaemon.dll
2016-08-26 17:37 - 2016-08-26 17:37 - 001010360 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicCursor3DDaemonModule.dll
2016-08-26 17:37 - 2016-08-26 17:37 - 001056440 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicEnhancerDaemonModule.dll
2016-08-26 17:37 - 2016-08-26 17:37 - 001161400 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicRadarDaemonModule.dll
2016-08-26 17:36 - 2016-08-26 17:36 - 000488120 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicEnhancerAutomationDaemon.dll
2016-08-26 17:36 - 2016-08-26 17:36 - 000644280 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicSMProfileDaemonModule.dll
2016-08-26 17:37 - 2016-08-26 17:37 - 000617656 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicSMShortcutsDaemonModule.dll
2016-08-26 17:37 - 2016-08-26 17:37 - 001851064 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\SonicRadar3SystrayDaemon.dll
2016-08-26 17:32 - 2016-08-26 17:32 - 000240312 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3OSD.dll
2016-08-26 17:32 - 2016-08-26 17:32 - 000391352 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3DevProps.dll
2017-02-03 13:10 - 2014-08-12 14:26 - 000093664 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook.dll
2017-01-27 21:43 - 2017-10-27 13:52 - 000144896 _____ () C:\Users\Joann\AppData\Local\MyComGames\zlib1.dll
2017-01-27 21:43 - 2017-10-27 13:52 - 000076176 _____ () C:\Users\Joann\AppData\Local\MyComGames\pxd.dll
2017-01-27 21:43 - 2017-10-27 13:52 - 000249744 _____ () C:\Users\Joann\AppData\Local\MyComGames\LightUpdate.dll
2017-01-27 21:43 - 2017-10-27 13:52 - 002495376 _____ () C:\Users\Joann\AppData\Local\MyComGames\BigUp2.dll
2017-10-03 16:18 - 2017-10-03 16:18 - 071411712 _____ () C:\Users\Joann\AppData\Local\MyComGames\Chrome\3.3202.1673\libcef.dll
2017-01-28 06:32 - 2017-01-29 11:21 - 000053760 _____ () C:\Program Files (x86)\Pamela\zlib.dll
2017-08-17 15:51 - 2017-08-17 15:51 - 001993184 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-08-30 14:08 - 2017-08-30 14:08 - 000393608 _____ () C:\Users\Joann\AppData\Roaming\Twitch\Bin\opus.dll
2017-08-30 14:08 - 2017-11-02 12:37 - 000535872 _____ () C:\Users\Joann\AppData\Roaming\Twitch\Bin\Curse.Presto.Interface.dll
2017-02-03 13:09 - 2014-08-12 14:26 - 000191968 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
2017-02-14 22:06 - 2017-10-10 20:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-08-30 14:08 - 2017-08-30 14:08 - 001950528 _____ () C:\Users\Joann\AppData\Roaming\Twitch\Bin\Electron\ffmpeg.dll
2017-08-30 14:08 - 2017-08-30 14:08 - 002270528 _____ () C:\Users\Joann\AppData\Roaming\Twitch\Bin\Electron\libglesv2.dll
2017-08-30 14:08 - 2017-08-30 14:08 - 000088384 _____ () C:\Users\Joann\AppData\Roaming\Twitch\Bin\Electron\libegl.dll
2016-09-14 20:25 - 2016-09-14 20:25 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-02-20 20:42 - 000000828 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-376763465-2706390899-476848016-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joann\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{3C64641B-7E30-4883-A937-A1CC364AEE0A}C:\users\joann\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\joann\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{79635D4E-2077-47CF-9602-87C8B851D40F}C:\users\joann\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\joann\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{5D5FD4F8-2552-44C4-BAC5-397ABA30F23F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{897336CC-20AE-44F2-A780-4BC238689D81}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{ED1C6060-9EB3-4135-9B64-8396D65CCA61}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{47844577-2F0B-49AF-AD38-B03986CFECD9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{8F21940E-A36C-4C24-955C-C78E37B9B5C4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{280BED65-F6F8-42E4-B955-B4935A9ACEDB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4C770F1C-A76F-4CA4-A8AE-0507C97EB0B3}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{80D87659-274D-49D2-9FE6-34EE6E4CEE11}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{EEFFA74A-3A0A-415B-A643-A76924840D1E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9B86BA12-7A7B-4D22-9062-9F17FBB770EC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3CF46E46-6242-41E8-80C2-9F90E0204240}] => (Allow) LPort=8501
FirewallRules: [{0CCA4E79-A8D2-4259-9630-18CEDB0A31DD}] => (Allow) LPort=8501
FirewallRules: [{B090F071-EC06-4043-9516-A4C733ECEE41}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Home & Student Suite X7\Programs\DrawHome.exe
FirewallRules: [{149D1114-3196-4BB7-A62F-2F07AEDEA71C}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Home & Student Suite X7\Programs\PPHome.exe
FirewallRules: [{D6EEC7CB-E228-43E3-AA4D-318BAF0790E2}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{8B392780-9FE8-48B8-87E7-26679C5F9A41}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{2A0BA717-CC98-4FB8-AA9A-962BD12A9064}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{F21DCCAA-A842-4A22-8E29-D26F1FAA9A8C}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{1CE75C3D-A833-4FCA-9ABC-294F0064B38B}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV\ffxivboot.exe
FirewallRules: [{1967E3B3-33F7-43A6-8FDE-EAF68BF8EF4E}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV\ffxivboot.exe
FirewallRules: [{5B61E778-6AC3-4A9E-BA4D-0D526C51CB60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{44268E4B-25EA-428F-8FCE-781B90B4D35A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BC104550-A94E-4898-A908-596FE18229BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{DB94ED0A-CD68-476A-B838-F4415A3C43EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F4FC6731-01E0-4C97-9EBB-F50051482A5C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{07CF8688-27A4-40D4-B85D-99AAEDA0ACDA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{64ED6A50-7AF7-4F2A-8A95-D8F2E8992EA8}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Home & Student Suite X8\Programs\DrawHome.exe
FirewallRules: [{7E311C70-A24F-4227-A1AA-C1F757862433}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Home & Student Suite X8\Programs\PPHome.exe
FirewallRules: [{79E9D72E-E426-434A-AF12-95A3A6BE7F18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{280A71F1-B931-44D8-A80E-42DC5FAF08BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{CC5EB628-B0F2-43CC-9CD9-382CA17AD05B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DDF8E678-841F-4A75-AF0A-E8507FDD92CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{38DFB80F-559E-46E5-9DE9-5D7A7746902F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2017 07:44:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/09/2017 07:37:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbamtray.exe version 3.0.0.1208 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e74

Start Time: 01d3584a9f5089aa

Termination Time: 60000

Application Path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

Report Id: 8bf747a1-c54a-11e7-b064-7c5cf8eedfc6

Error: (11/09/2017 03:37:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\corel\corel paintshop pro 2018\setup\{6000096b-318c-40f8-a450-043b6a602d16}\Setup.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/09/2017 03:37:23 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/08/2017 12:17:16 AM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (11/08/2017 12:17:16 AM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (11/07/2017 11:30:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/07/2017 04:51:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: mbae-api-na.dll, version: 1.9.4.245, time stamp: 0x599f0b2f
Exception code: 0xc0000417
Fault offset: 0x00000000001247c5
Faulting process id: 0x12e0
Faulting application start time: 0x01d35759b09fa252
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbae-api-na.dll
Report Id: 2b5d5f60-c3a1-11e7-b0a8-7c5cf8eedfc6

Error: (11/07/2017 04:33:58 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\corel\corel paintshop pro 2018\setup\{6000096b-318c-40f8-a450-043b6a602d16}\Setup.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/07/2017 04:33:26 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (11/09/2017 07:50:31 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/07/2017 11:37:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/07/2017 04:51:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/06/2017 06:54:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/03/2017 04:03:42 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/02/2017 12:44:44 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/31/2017 11:01:08 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/31/2017 12:27:39 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/30/2017 05:31:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (10/30/2017 04:56:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 35%
Total physical RAM: 16186.17 MB
Available physical RAM: 10382.15 MB
Total Virtual: 32370.52 MB
Available Virtual: 26301.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.29 GB) (Free:3.46 GB) NTFS
Drive j: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1818.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F2F05F19)

Partition: GPT.

========================================================
Disk: 6 (Size: 1863 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==================== End of Addition.txt ============================

Re: [INACTIVE] Likely have a virus9th November 2017, 3:59 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
While I'm checking over your logs please run these scans and post the logs here.

Please download AdwareCleaner onto your Desktop. AdwCleaner

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.

If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.

[INACTIVE] Likely have a virus Untitled

AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.

[INACTIVE] Likely have a virus 3

AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
[INACTIVE] Likely have a virus Mbamicontw5

[INACTIVE] Likely have a virus Mbamicontw5

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

It should update automatically if the computer is connected to the internet.
Click on Threat Scan and click on Scan Now.
The scan may take some time to finish,so please be patient.
When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
When disinfection is completed you can click on "Copy to Clipboard".
Paste the log in you next reply (CTRL+ V)

*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Security Check

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Re: [INACTIVE] Likely have a virus9th November 2017, 7:27 pm

You should turn on Windows Defender. It's will be another layer of protection against Spyware/Ransomware.
The log shows that you only have 3.46 GB of space left on your C drive. Ideally, you should have 15% (140 GB) in order for Windows to run effectively. You will need to free up more space. You can do this by uninstalling un-used/Unwanted programs by doing so in the Control Panel. You can also transfer videos, music, pictures to your J drive or save them on DVD's.

Re: [INACTIVE] Likely have a virus17th November 2017, 12:52 am

The Adware rebooted and did not save any text.

Below is Malaware which I use regularly.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/16/17
Scan Time: 7:32 PM
Log File: cdfeafa0-cb2e-11e7-8e9f-002427fe8997.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3276
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joann-PC\Joann

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 453289
Threats Detected: 1
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 15 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.ASK, C:\USERS\JOANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, No Action By User, [526], [454825],1.0.3276

Physical Sector: 0
(No malicious items detected)

(end)

Re: [INACTIVE] Likely have a virus17th November 2017, 1:01 am

My Malwarebytes Anti-Malware program keeps freezing and resetting all by itself to not being protected. I turn it on and it turns off somehow. I am also having a lot of problems opening it too.

Re: [INACTIVE] Likely have a virus17th November 2017, 1:30 am

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by Joann (Administrator) on 16/11/2017 at 20:26:58.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 42

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Joann\Documents\add-in express (Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1372O2QM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4TXU8VO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1H27K8B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E8DXDVBB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0N33FLW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISH1Q0KS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JH8R5O6U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJG5KSAE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFAFC1UP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N2BD2C8Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RP68P5LY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RRJ71HXX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDBM846U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRSC1MQL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIVB8LN1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X09C0TB6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1372O2QM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4TXU8VO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1H27K8B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E8DXDVBB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0N33FLW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISH1Q0KS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JH8R5O6U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJG5KSAE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFAFC1UP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N2BD2C8Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RP68P5LY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RRJ71HXX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDBM846U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRSC1MQL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIVB8LN1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X09C0TB6 (Temporary Internet Files Folder)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_2F642E33331905E4A86D7A1743933699 (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/11/2017 at 20:29:16.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: [INACTIVE] Likely have a virus17th November 2017, 1:35 am

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Malwarebytes
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 10 Flash Player out of Date!
Google Chrome (62.0.3202.94)
Google Chrome (SetupMetrics...)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Re: [INACTIVE] Likely have a virus17th November 2017, 1:37 am

"You should turn on Windows Defender. It's will be another layer of protection against Spyware/Ransomware.
The log shows that you only have 3.46 GB of space left on your C drive. Ideally, you should have 15% (140 GB) in order for Windows to run effectively. You will need to free up more space. You can do this by uninstalling un-used/Unwanted programs by doing so in the Control Panel. You can also transfer videos, music, pictures to your J drive or save them on DVD's.

This is the main reason I am contacting you, I had tons of space on C drive and I have been saving stuff to J drive mostly and then all the sudden it says I have no space and the mBam problem is freezing and most of the time it wont load.

Re: [INACTIVE] Likely have a virus17th November 2017, 2:25 am

Please run MBAM again and clear the infection. It appears that you don't have any AV on your computer. Please download and install one from the list below. I recommend MicroSoft Security Essentials.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) MicroSoft Security Essentials All versions and all languages.
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
*************************************************
Double-click on My Computer and right-click on the C drive. It should show you how much used and free space you have on that drive.

Re: [INACTIVE] Likely have a virus20th November 2017, 4:45 pm

Do you still need help with this?

Re: [INACTIVE] Likely have a virus22nd November 2017, 4:17 pm

Yes I do I am sorry I was away for couple of days. My computer keeps shutting overnight all the google chrome windows I have open when I go to bed and MBam keeps not wanting to open when I click on the icon. I had to wait overnight for log to post here. I believe this is the same PUP that is showing up everyday too even though I clean it, it keeps coming back.
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/22/17
Scan Time: 2:51 AM
Log File: 011466da-cf5a-11e7-94af-002427fe8997.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3318
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 449274
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 8 min, 5 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.ASK, C:\USERS\JOANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Replaced, [526], [454825],1.0.3318

Physical Sector: 0
(No malicious items detected)

(end)

Re: [INACTIVE] Likely have a virus22nd November 2017, 4:48 pm

My computer keeps shutting overnight all the google chrome windows I have open when I go to bed

The best thing you can do for your computer is to shut it down on a regular basis.

ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.

    Download and execute ESET OnlineScan (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
    Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :

        Enable detection of potentially unwanted applications;
        Scan archives;
        Scan for potentially unsafe applications;
        Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;

   [INACTIVE] Likely have a virus Lilp6C2_1

[INACTIVE] Likely have a virus Lilp6C2_1

After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;

[INACTIVE] Likely have a virus PbI6QoP_1

[INACTIVE] Likely have a virus PbI6QoP_1

Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;

[INACTIVE] Likely have a virus IYk249p_1

[INACTIVE] Likely have a virus IYk249p_1

After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;

[INACTIVE] Likely have a virus SQWS56I

Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;

[INACTIVE] Likely have a virus OkgGDKc_1

[INACTIVE] Likely have a virus OkgGDKc_1

Once you're done, click on the Back button;
Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;

Re: [INACTIVE] Likely have a virus23rd November 2017, 12:18 am

I dont have enough space to download I am going to take my computer into repair shop and have them look at things so I will be unable to reply for a few days

Re: [INACTIVE] Likely have a virus23rd November 2017, 1:15 am

Joann Anderson wrote:

I dont have enough space to download I am going to take my computer into repair shop and have them look at things so I will be unable to reply for a few days

If you don't free up some space you will continue to have problems. Just unload some of the stuff on your C drive as in my earlier suggest and you will save a few dollars.

[INACTIVE] Likely have a virus

description[INACTIVE] Likely have a virus9th November 2017, 1:26 pm

descriptionRe: [INACTIVE] Likely have a virus9th November 2017, 1:38 pm

descriptionRe: [INACTIVE] Likely have a virus9th November 2017, 3:59 pm

descriptionRe: [INACTIVE] Likely have a virus9th November 2017, 7:27 pm

descriptionRe: [INACTIVE] Likely have a virus17th November 2017, 12:52 am

descriptionRe: [INACTIVE] Likely have a virus17th November 2017, 1:01 am

descriptionRe: [INACTIVE] Likely have a virus17th November 2017, 1:30 am

descriptionRe: [INACTIVE] Likely have a virus17th November 2017, 1:35 am

descriptionRe: [INACTIVE] Likely have a virus17th November 2017, 1:37 am

descriptionRe: [INACTIVE] Likely have a virus17th November 2017, 2:25 am

descriptionRe: [INACTIVE] Likely have a virus20th November 2017, 4:45 pm

descriptionRe: [INACTIVE] Likely have a virus22nd November 2017, 4:17 pm

descriptionRe: [INACTIVE] Likely have a virus22nd November 2017, 4:48 pm

descriptionRe: [INACTIVE] Likely have a virus23rd November 2017, 12:18 am

descriptionRe: [INACTIVE] Likely have a virus23rd November 2017, 1:15 am

descriptionRe: [INACTIVE] Likely have a virus

[INACTIVE] Likely have a virus9th November 2017, 1:26 pm

Re: [INACTIVE] Likely have a virus9th November 2017, 1:38 pm

Re: [INACTIVE] Likely have a virus9th November 2017, 3:59 pm

Re: [INACTIVE] Likely have a virus9th November 2017, 7:27 pm

Re: [INACTIVE] Likely have a virus17th November 2017, 12:52 am

Re: [INACTIVE] Likely have a virus17th November 2017, 1:01 am

Re: [INACTIVE] Likely have a virus17th November 2017, 1:30 am

Re: [INACTIVE] Likely have a virus17th November 2017, 1:35 am

Re: [INACTIVE] Likely have a virus17th November 2017, 1:37 am

Re: [INACTIVE] Likely have a virus17th November 2017, 2:25 am

Re: [INACTIVE] Likely have a virus20th November 2017, 4:45 pm

Re: [INACTIVE] Likely have a virus22nd November 2017, 4:17 pm

Re: [INACTIVE] Likely have a virus22nd November 2017, 4:48 pm

Re: [INACTIVE] Likely have a virus23rd November 2017, 12:18 am

Re: [INACTIVE] Likely have a virus23rd November 2017, 1:15 am

Re: [INACTIVE] Likely have a virus