Jump to content

Idle Buddy - New threat I can't unstall!


Recommended Posts

  • Root Admin

Hello @Bess and :welcome:

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-24.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-24-2018
# Duration: 00:00:37
# OS:       Windows 10 Home
# Cleaned:  65
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\BrowseSafer
Deleted       C:\ProgramData\ByteFence
Deleted       C:\Program Files\WinZip Smart Monitor
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
Deleted       C:\Program Files (x86)\AnonymizerGadget
Deleted       C:\Users\WeeLiam\AppData\Local\avg web tuneup
Deleted       C:\Users\Family\AppData\LocalLow\avg web tuneup

***** [ Files ] *****

Deleted       C:\Users\Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|BrowseSafer
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|BrowseSafer
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|BrowseSafer
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Run|BrowseSafer
Deleted       HKLM\Software\BSTab
Deleted       HKU\S-1-5-18\Software\ByteFence
Deleted       HKU\.DEFAULT\Software\ByteFence
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AnonymizerGadget
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebDiscoverBrowser
Deleted       HKCU\Software\browsersafer
Deleted       HKU\S-1-5-21-1834738719-3827053571-2362594928-1004\Software\browsersafer
Deleted       HKLM\Software\browsersafer
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKU\S-1-5-21-1834738719-3827053571-2362594928-1004\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKCU\Software\PRODUCTSETUP

***** [ Chromium (and derivatives) ] *****

Deleted       Amazon Assistant for Chrome
Deleted       Amazon Assistant for Chrome
Deleted       Google Tasks (by Google)
Deleted       Google Tasks (by Google)
Deleted       Search Manager

***** [ Chromium URLs ] *****

Deleted       http://start.mysearchdial.com/?f=1&a=dsites_14_12_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtCzyyBtB0A0AyByByByBtAyE0AtN0D0Tzu0SzztCtDtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0DtC0CyD0A0AtDtG0F0A0AtDtGtC0E0E0EtGzyyEyEtCtGtCtByC0BtA0FyD0EtAyByB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0E0D0FyE0AyEzytG0F0D0FyEtGyEyDtA0FtGyBtC0EyBtGtDtA0Bzz0A0A0FyB0CyDtDyD2Q&cr=1125445633&ir=
Deleted       Mysearchdial
Deleted       Mysearchdial
Deleted       http://start.mysearchdial.com/?f=1&a=dsites_14_12_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtCzyyBtB0A0AyByByByBtAyE0AtN0D0Tzu0SzztCtDtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0DtC0CyD0A0AtDtG0F0A0AtDtGtC0E0E0EtGzyyEyEtCtGtCtByC0BtA0FyD0EtAyByB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0E0D0FyE0AyEzytG0F0D0FyEtGyEyDtA0FtGyBtC0EyBtGtDtA0Bzz0A0A0FyB0CyDtDyD2Q&cr=1125445633&ir=
Deleted       Ask
Deleted       Ask
Deleted       Ask
Deleted       Ask
Deleted       Ask
Deleted       Ask
Deleted       Ask
Deleted       Ask
Deleted       Ask
Deleted       Ask
Deleted       Ask
Deleted       AVG Secure Search
Deleted       AVG Secure Search
Deleted       AOL
Deleted       AOL
Deleted       AOL
Deleted       AOL
Deleted       AOL
Deleted       AOL
Deleted       AOL
Deleted       AOL
Deleted       AOL
Deleted       AOL
Deleted       AOL
Deleted       Softonic EN
Deleted       Softonic EN
Deleted       Softonic EN
Deleted       Softonic EN
Deleted       Softonic EN
Deleted       Softonic EN
Deleted       Softonic EN
Deleted       Softonic EN

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Link to post
Share on other sites

moving on to step 3

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.04.2018
Ran by Family (administrator) on BESSNIMP (24-04-2018 22:57:21)
Running from C:\Users\Family\Downloads
Loaded Profiles: Family (Available Profiles: bessf & Little Gorilla & NinjaImp & WeeLiam & Family)
Platform: Windows 10 Home Version 1709 16299.371 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17613.18039-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17613.18039-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-07] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-03-25] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [1062392 2017-02-23] (HP Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278568 2017-09-07] (Carbonite, Inc.)
HKU\S-1-5-21-1834738719-3827053571-2362594928-1006\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\S-1-5-21-1834738719-3827053571-2362594928-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46139776 2018-03-15] ()
HKU\S-1-5-21-1834738719-3827053571-2362594928-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [805888 2017-09-29] (Microsoft Corporation)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2018-02-23]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{8c4547c6-c007-43fb-b730-a71c6d9d44e0}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1834738719-3827053571-2362594928-1006\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-1834738719-3827053571-2362594928-1006 -> DefaultScope {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311168&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC36psB24jXMaV%2BHKOuvLe8bHmz9dWG1BMQcbyCxQkBWBCB%2FhynLYiraCYdIbhY3Xsg34lgSruQPlGDLpzSiC%2FYSwL7Y0SuQi34H6kbbKngmrGWsqf%2BOiBurvy3LdMAaT6Zs4Db5W0h3XvxNYv1wYaIGPa4jKlr3MrWN6ODJMCvRAmOWTHwO2wurjvvyiCrFxMlwdelZaBlnivbqPX9IiZvSMRsc62TB2NVpNxIIrLLrmQ%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1834738719-3827053571-2362594928-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1834738719-3827053571-2362594928-1006 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311168&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC36psB24jXMaV%2BHKOuvLe8bHmz9dWG1BMQcbyCxQkBWBCB%2FhynLYiraCYdIbhY3Xsg34lgSruQPlGDLpzSiC%2FYSwL7Y0SuQi34H6kbbKngmrGWsqf%2BOiBurvy3LdMAaT6Zs4Db5W0h3XvxNYv1wYaIGPa4jKlr3MrWN6ODJMCvRAmOWTHwO2wurjvvyiCrFxMlwdelZaBlnivbqPX9IiZvSMRsc62TB2NVpNxIIrLLrmQ%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1834738719-3827053571-2362594928-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-15] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-31] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-31] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-22] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-07-31] (Google, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-22] ()

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://mail.google.com/mail/u/0/#inbox
CHR StartupUrls: Profile 1 -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxp://www.winchesterthurston.org/menus-and-order-form"
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default [2018-04-24]
CHR Extension: (Slides) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-05]
CHR Extension: (Docs) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-05]
CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-05]
CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-05]
CHR Extension: (ScootPad) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\boihgpoojeingjbbdjmoocbdibophjap [2017-12-05]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2017-12-05]
CHR Extension: (Radius of the Lost Arc) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcegcdeigginmbpefalindjplhdplhef [2017-12-05]
CHR Extension: (Sheets) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-05]
CHR Extension: (Google Docs Offline) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-05]
CHR Extension: (Pinterest Save Button) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-12-05]
CHR Extension: (The Candy factory) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonloklcaomgcoimjbigfanmehlfngpm [2017-12-05]
CHR Extension: (Little Alchemy) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2017-12-05]
CHR Extension: (InvisibleHand) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2018-03-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-12-10]
CHR Extension: (Lego Builder) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapnbjhfjionggfhlkmhjbmbpgfdlolh [2017-12-05]
CHR Extension: (Fraboom Lite) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfbhkongonlhccnegilgckgejgigdfkm [2017-12-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Pixton for Google Chromebooks™) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\odepbnabionemkpekcfilpihkkfngnop [2018-03-06]
CHR Extension: (Origami Player) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2017-12-05]
CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-05]
CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-24]
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-04-22]
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-04-24]
CHR Extension: (Slides) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-07]
CHR Extension: (Docs) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-07]
CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-07]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2017-12-07]
CHR Extension: (Ribbet Photo Editor) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bikpkcdadljalhghbbipfkkhocppkhob [2018-03-27]
CHR Extension: (Hypothesis - Web & PDF Annotation) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bjfhmglciegochdpefhhlphglcehbmek [2018-04-21]
CHR Extension: (Hootsuite Hootlet) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2017-12-14]
CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-07]
CHR Extension: (New Tab to Tasks) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bokbgdhblfolpfanocjafjhpjkebhlfk [2017-12-07]
CHR Extension: (Online PDF Editor - PDFfiller) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cgadcflckcohcodeendfedcmcemhilia [2018-02-23]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2017-12-07]
CHR Extension: (Polarr Photo Editor) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2017-12-07]
CHR Extension: (Add to Wunderlist) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dmnddeddcgdllibmaodanoonljfdmooc [2017-12-07]
CHR Extension: (Home) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eihcopoaihdmfnjnknhfggpjjoaionhn [2017-12-07]
CHR Extension: (Google Calendar) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-12-07]
CHR Extension: (Sheets) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-07]
CHR Extension: (Google Docs Offline) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-08]
CHR Extension: (Pinterest Save Button) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-12-07]
CHR Extension: (SuperSorter) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2018-03-05]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-04-21]
CHR Extension: (Planboard by Chalk.com - Free Lesson Planner) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jdgkjpfokpcnodcbfddepolbjeemfoka [2017-12-07]
CHR Extension: (Grammarly for Chrome) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-04-24]
CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2018-03-27]
CHR Extension: (InvisibleHand) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2018-03-14]
CHR Extension: (Bulk action tool for Google Calendar™ events) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkpgfdjgbcmeblffjfefgkhkneilhfnf [2017-12-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-12-10]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2018-04-20]
CHR Extension: (BeFunky Extension) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mffeadjabcnpcjlpbdbhoglnfbmbfkoo [2017-12-07]
CHR Extension: (MindMup 2.0 - Free Mind Map web site) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkgkheknpfngchmoaognoilfanomldfl [2017-12-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Evernote Web Clipper) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2018-04-14]
CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-07]
CHR Extension: (Google Similar Pages) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjnfggphgdjblhfjaphkjhfpiiekbbej [2017-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-24]
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-01-22]
CHR Extension: (Slides) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-15]
CHR Extension: (Docs) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-15]
CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-15]
CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-15]
CHR Extension: (Sheets) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-15]
CHR Extension: (Google Docs Offline) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-01-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-15]
CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-15]
CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-15]
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-15]
CHR HKU\S-1-5-21-1834738719-3827053571-2362594928-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-02-02] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522416 2018-04-06] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-12-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-12-04] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-22] (EasyAntiCheat Ltd)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-22] (WildTangent)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [630776 2017-02-06] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation)
R2 IRMTService; C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [182896 2016-10-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [8010968 2018-02-09] (LLC Mail.Ru)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268928 2017-12-20] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2016-12-07] (Realtek Semiconductor)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\NisSrv.exe [4633248 2018-04-20] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MsMpEng.exe [104680 2018-04-20] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758720 2017-12-20] (Intel® Corporation)
S2 ibservice; C:\Program Files (x86)\IdleBuddy\ibservice.exe -service [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 A6100; C:\WINDOWS\System32\drivers\A6100.sys [5004560 2016-02-17] (Realtek Semiconductor Corporation )
S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-01-23] (The OpenVPN Project)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel Corporation)
R3 IntelReadyModeDriver; C:\WINDOWS\System32\drivers\IntelReadyModeDriver.sys [34720 2016-10-13] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-04-22] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-04-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-04-24] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-22] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-04-24] (Malwarebytes)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [7238880 2018-02-09] (LLC Mail.Ru)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8623040 2018-02-05] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2707c70d42c54b4e\nvlddmkm.sys [17036560 2018-02-01] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-10] (NVIDIA Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2018-02-06] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-11-28] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-04-14] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-04-20] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [311848 2018-04-20] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60456 2018-04-20] (Microsoft Corporation)
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-24 22:57 - 2018-04-24 22:58 - 000031584 _____ C:\Users\Family\Downloads\FRST.txt
2018-04-24 22:56 - 2018-04-24 22:57 - 000000000 ____D C:\FRST
2018-04-24 22:54 - 2018-04-24 22:54 - 002404352 _____ (Farbar) C:\Users\Family\Downloads\FRST64.exe
2018-04-24 22:19 - 2018-04-24 22:19 - 000000137 _____ C:\Users\Family\Desktop\Idle Buddy - New threat I can't unstall! - Windows Malware Removal Help & Support - Malwarebytes Forums.url
2018-04-24 19:36 - 2018-04-24 19:36 - 000000000 ___HD C:\ProgramData\temp
2018-04-24 19:34 - 2018-04-24 19:34 - 000000084 _____ C:\Users\Family\Desktop\COMPASS HHS Home.url
2018-04-24 18:24 - 2018-04-24 18:56 - 000000000 ____D C:\Users\Family\Documents\tech
2018-04-24 16:50 - 2018-04-24 16:53 - 000000000 ____D C:\Users\WeeLiam\AppData\Local\PlaceholderTileLogoFolder
2018-04-23 20:06 - 2018-04-23 20:06 - 000000000 ___HD C:\OneDriveTemp
2018-04-23 00:12 - 2018-04-24 19:34 - 000000000 ____D C:\AdwCleaner
2018-04-23 00:11 - 2018-04-23 00:12 - 000000000 ____D C:\Users\Family\Desktop\idle_buddy_malware_forum
2018-04-23 00:08 - 2018-04-23 00:09 - 007256272 _____ (Malwarebytes) C:\Users\Family\Desktop\Marie_installed_this_adwcleaner_7.1.0.0.exe
2018-04-22 23:20 - 2018-04-24 22:19 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-04-22 23:20 - 2018-04-24 19:37 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-04-22 23:20 - 2018-04-24 19:36 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-04-22 23:20 - 2018-04-22 23:20 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-22 23:20 - 2018-04-22 23:20 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-04-22 23:19 - 2018-04-22 23:19 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-22 23:19 - 2018-04-22 23:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-22 23:19 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-22 22:59 - 2018-04-22 22:59 - 000000127 _____ C:\Users\Family\Desktop\How do I update the software on my Samsung Smart TV- - Samsung Support UK.url
2018-04-22 22:59 - 2018-04-22 22:59 - 000000080 _____ C:\Users\Family\Desktop\Updating the Firmware on your 2016 Smart TV (UN--K----).url
2018-04-22 21:22 - 2018-04-22 21:22 - 073551144 _____ (Malwarebytes ) C:\Users\Family\Desktop\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4834.exe
2018-04-22 20:43 - 2018-04-22 21:04 - 000000000 ____D C:\Users\Family\AppData\Local\Opera Software
2018-04-22 13:16 - 2018-04-22 13:16 - 000000000 ____D C:\Users\NinjaImp\AppData\Roaming\AGData
2018-04-22 13:08 - 2018-04-22 13:08 - 000000000 ____D C:\Users\Little Gorilla\AppData\Roaming\AVAST Software
2018-04-22 12:56 - 2018-04-22 12:56 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-04-22 12:55 - 2018-04-22 12:55 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-04-22 12:54 - 2018-04-22 12:54 - 000001339 _____ C:\Users\NinjaImp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee WebAdvisor.lnk
2018-04-22 12:53 - 2018-04-22 23:03 - 000000000 ____D C:\ProgramData\McAfee
2018-04-22 12:53 - 2018-04-22 23:02 - 000000000 ____D C:\ProgramData\AVAST Software
2018-04-22 12:53 - 2018-04-22 12:53 - 000000000 ____D C:\Users\Family\Documents\My Cheat Tables
2018-04-22 12:50 - 2018-04-22 23:45 - 000000000 ____D C:\ProgramData\WinZip
2018-04-22 12:50 - 2018-04-22 23:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2018-04-22 12:49 - 2018-04-22 12:49 - 000004570 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-22 12:46 - 2018-04-22 21:04 - 000000000 ____D C:\Users\Family\AppData\Roaming\Opera Software
2018-04-22 12:46 - 2018-04-22 12:46 - 000000000 ____D C:\Users\NinjaImp\AppData\Roaming\Opera Software
2018-04-22 12:46 - 2018-04-22 12:46 - 000000000 ____D C:\Users\NinjaImp\AppData\Local\Opera Software
2018-04-22 12:46 - 2018-04-22 12:46 - 000000000 ____D C:\Users\Family\AppData\Roaming\AGData
2018-04-22 12:45 - 2018-04-22 23:03 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-04-22 12:45 - 2018-04-22 23:02 - 000000000 ____D C:\Program Files\Opera
2018-04-22 12:45 - 2018-04-22 12:45 - 000003720 _____ C:\WINDOWS\System32\Tasks\Goodgame Empire1
2018-04-22 12:44 - 2018-04-22 12:45 - 000000000 ____D C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire
2018-04-22 12:44 - 2018-04-22 12:45 - 000000000 ____D C:\Users\Family\AppData\Roaming\Goodgame Empire
2018-04-22 12:41 - 2018-04-23 15:28 - 000000000 ____D C:\ProgramData\IdleBuddy
2018-04-22 12:41 - 2018-04-22 12:41 - 000000000 ____D C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrUpdater
2018-04-22 12:40 - 2018-04-22 12:47 - 000000000 ____D C:\Users\Family\AppData\Roaming\PCAPInstallFiles
2018-04-22 12:37 - 2018-04-22 12:37 - 000002350 _____ C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2018-04-22 12:37 - 2018-04-22 12:37 - 000000000 ____D C:\Users\Family\AppData\Local\Chromium
2018-04-22 12:36 - 2018-04-22 12:36 - 000000000 ____D C:\Users\NinjaImp\AppData\Local\chromium
2018-04-22 12:34 - 2018-04-22 12:48 - 000000000 ____D C:\Users\Family\AppData\Local\ThePrimeFolderInstaller
2018-04-22 12:33 - 2018-04-22 12:33 - 000000000 ____D C:\Users\Family\AppData\Roaming\CassiopeiaCassi
2018-04-22 12:32 - 2018-04-22 12:32 - 000000222 _____ C:\Users\NinjaImp\Desktop\The Binding of Isaac Rebirth.url
2018-04-22 11:00 - 2018-04-22 11:00 - 000000222 _____ C:\Users\NinjaImp\Desktop\The Binding of Isaac (2).url
2018-04-22 10:55 - 2018-04-22 10:55 - 000967080 _____ C:\Users\NinjaImp\Downloads\Wrath of the Lamb Version 1.48 (nofacej-bisnap 2.3).CT
2018-04-22 10:52 - 2018-04-22 10:52 - 000414627 _____ C:\Users\NinjaImp\Downloads\Wrath of the Lamb Version 1.48 (nofacej 1.5).CT
2018-04-22 10:46 - 2018-04-22 10:46 - 000389606 _____ C:\Users\NinjaImp\Downloads\Wrath of the Lamb Version 1.48 (CT Version 1.0 Final).CT
2018-04-22 10:05 - 2018-04-22 10:05 - 000000000 ____D C:\Users\NinjaImp\AppData\Roaming\Macromedia
2018-04-22 09:08 - 2018-04-22 09:08 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-04-22 09:02 - 2018-04-22 09:02 - 000000000 ____D C:\Users\NinjaImp\AppData\Roaming\EasyAntiCheat
2018-04-22 09:02 - 2018-04-22 09:02 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-04-21 08:29 - 2018-04-21 08:29 - 004869651 _____ C:\Users\Little Gorilla\Downloads\Defend Your Nuts 2 (2).swf
2018-04-21 08:29 - 2018-04-21 08:29 - 004869651 _____ C:\Users\Little Gorilla\Downloads\Defend Your Nuts 2 (1).swf
2018-04-16 19:59 - 2018-04-16 19:59 - 000000222 _____ C:\Users\WeeLiam\Desktop\Subnautica.url
2018-04-14 20:54 - 2018-04-14 20:57 - 000000000 ____D C:\Users\Family\Desktop\Tardis
2018-04-12 17:15 - 2018-04-12 17:15 - 000000000 ____D C:\Users\NinjaImp\Documents\Diablo III
2018-04-12 16:55 - 2018-04-12 16:55 - 000000936 _____ C:\Users\Public\Desktop\Diablo III.lnk
2018-04-12 16:55 - 2018-04-12 16:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2018-04-12 16:53 - 2018-04-12 17:04 - 000000000 ____D C:\Program Files (x86)\Diablo III
2018-04-11 20:29 - 2018-04-11 20:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-04-11 20:28 - 2018-04-11 20:28 - 000000000 ____D C:\Program Files\iPod
2018-04-11 20:27 - 2018-04-11 20:28 - 000000000 ____D C:\Program Files\iTunes
2018-04-11 20:18 - 2018-04-11 20:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-04-11 20:18 - 2018-04-11 20:18 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-04-10 17:32 - 2018-03-30 01:12 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-04-10 17:32 - 2018-03-30 01:08 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-04-10 17:32 - 2018-03-30 01:06 - 000166304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-04-10 17:32 - 2018-03-30 01:05 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-04-10 17:32 - 2018-03-30 01:05 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-04-10 17:32 - 2018-03-30 01:05 - 000066720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-04-10 17:32 - 2018-03-30 01:05 - 000015632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2018-04-10 17:32 - 2018-03-30 01:04 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-04-10 17:32 - 2018-03-30 01:03 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-04-10 17:32 - 2018-03-30 01:03 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-04-10 17:32 - 2018-03-30 01:03 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-04-10 17:32 - 2018-03-30 01:03 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-04-10 17:32 - 2018-03-30 01:03 - 000022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-04-10 17:32 - 2018-03-30 01:01 - 008600480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-04-10 17:32 - 2018-03-30 01:01 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-04-10 17:32 - 2018-03-30 01:01 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-04-10 17:32 - 2018-03-30 01:01 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-04-10 17:32 - 2018-03-30 01:00 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-04-10 17:32 - 2018-03-30 00:59 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-04-10 17:32 - 2018-03-30 00:59 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-04-10 17:32 - 2018-03-30 00:58 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-04-10 17:32 - 2018-03-30 00:58 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-04-10 17:32 - 2018-03-30 00:57 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-04-10 17:32 - 2018-03-30 00:57 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-04-10 17:32 - 2018-03-30 00:57 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-04-10 17:32 - 2018-03-30 00:55 - 000367344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-04-10 17:32 - 2018-03-30 00:55 - 000062880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-04-10 17:32 - 2018-03-30 00:54 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-04-10 17:32 - 2018-03-30 00:54 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-04-10 17:32 - 2018-03-30 00:54 - 000461728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-04-10 17:32 - 2018-03-30 00:54 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-04-10 17:32 - 2018-03-30 00:53 - 007676304 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-04-10 17:32 - 2018-03-30 00:53 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-04-10 17:32 - 2018-03-30 00:53 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-04-10 17:32 - 2018-03-30 00:53 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-04-10 17:32 - 2018-03-30 00:53 - 000246176 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-04-10 17:32 - 2018-03-30 00:53 - 000163744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-04-10 17:32 - 2018-03-30 00:52 - 021351632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-04-10 17:32 - 2018-03-30 00:52 - 000727456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-04-10 17:32 - 2018-03-30 00:52 - 000428960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-04-10 17:32 - 2018-03-30 00:51 - 000902928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-04-10 17:32 - 2018-03-30 00:51 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-04-10 17:32 - 2018-03-30 00:50 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-04-10 17:32 - 2018-03-30 00:50 - 000057760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-04-10 17:32 - 2018-03-30 00:48 - 001101728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-04-10 17:32 - 2018-03-30 00:48 - 000614304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-04-10 17:32 - 2018-03-30 00:28 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-04-10 17:32 - 2018-03-30 00:28 - 000777912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-04-10 17:32 - 2018-03-30 00:27 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-04-10 17:32 - 2018-03-30 00:23 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-04-10 17:32 - 2018-03-30 00:19 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-04-10 17:32 - 2018-03-30 00:16 - 000289824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-04-10 17:32 - 2018-03-30 00:13 - 002193176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-04-10 17:32 - 2018-03-30 00:13 - 000450936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-04-10 17:32 - 2018-03-30 00:10 - 000704080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-04-10 17:32 - 2018-03-30 00:09 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-04-10 17:32 - 2018-03-30 00:07 - 001003160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-04-10 17:32 - 2018-03-29 23:55 - 025253888 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-04-10 17:32 - 2018-03-29 23:46 - 018925056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-04-10 17:32 - 2018-03-29 23:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-04-10 17:32 - 2018-03-29 23:46 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-04-10 17:32 - 2018-03-29 23:45 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-04-10 17:32 - 2018-03-29 23:45 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-04-10 17:32 - 2018-03-29 23:43 - 019355136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-04-10 17:32 - 2018-03-29 23:43 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-04-10 17:32 - 2018-03-29 23:43 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-04-10 17:32 - 2018-03-29 23:43 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2018-04-10 17:32 - 2018-03-29 23:42 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-04-10 17:32 - 2018-03-29 23:42 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-04-10 17:32 - 2018-03-29 23:42 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-04-10 17:32 - 2018-03-29 23:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-04-10 17:32 - 2018-03-29 23:41 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-04-10 17:32 - 2018-03-29 23:41 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-04-10 17:32 - 2018-03-29 23:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-04-10 17:32 - 2018-03-29 23:41 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-04-10 17:32 - 2018-03-29 23:41 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-04-10 17:32 - 2018-03-29 23:40 - 011924992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-04-10 17:32 - 2018-03-29 23:40 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-04-10 17:32 - 2018-03-29 23:40 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-04-10 17:32 - 2018-03-29 23:39 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-04-10 17:32 - 2018-03-29 23:39 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-04-10 17:32 - 2018-03-29 23:38 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-04-10 17:32 - 2018-03-29 23:38 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-04-10 17:32 - 2018-03-29 23:38 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-04-10 17:32 - 2018-03-29 23:38 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-04-10 17:32 - 2018-03-29 23:38 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-04-10 17:32 - 2018-03-29 23:38 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-04-10 17:32 - 2018-03-29 23:38 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-04-10 17:32 - 2018-03-29 23:37 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-04-10 17:32 - 2018-03-29 23:36 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-04-10 17:32 - 2018-03-29 23:36 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-04-10 17:32 - 2018-03-29 23:36 - 002014720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-04-10 17:32 - 2018-03-29 23:36 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-04-10 17:32 - 2018-03-29 23:36 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-04-10 17:32 - 2018-03-29 23:36 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-04-10 17:32 - 2018-03-29 23:36 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-04-10 17:32 - 2018-03-29 23:35 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-04-10 17:32 - 2018-03-29 23:35 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-04-10 17:32 - 2018-03-29 23:35 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-04-10 17:32 - 2018-03-29 23:35 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-04-10 17:32 - 2018-03-29 23:33 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-04-10 17:32 - 2018-03-29 23:33 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-04-10 17:32 - 2018-03-29 23:33 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-04-10 17:32 - 2018-03-29 23:33 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-04-10 17:32 - 2018-03-29 23:32 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-04-10 17:32 - 2018-03-29 23:32 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-04-10 17:32 - 2018-03-29 23:32 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-04-10 17:32 - 2018-03-29 23:32 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-04-10 17:32 - 2018-03-29 23:32 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-04-10 17:32 - 2018-03-29 23:32 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-04-10 17:32 - 2018-03-29 23:32 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-04-10 17:32 - 2018-03-29 23:32 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-04-10 17:32 - 2018-03-29 23:31 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-04-10 17:32 - 2018-03-29 23:31 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-04-10 17:32 - 2018-03-29 23:31 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-04-10 17:32 - 2018-03-29 23:31 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-04-10 17:32 - 2018-03-29 23:31 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-04-10 17:32 - 2018-03-29 23:31 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-04-10 17:32 - 2018-03-29 23:30 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-04-10 17:32 - 2018-03-29 23:30 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-04-10 17:32 - 2018-03-29 23:30 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-04-10 17:32 - 2018-03-29 23:30 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-04-10 17:32 - 2018-03-29 23:30 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-04-10 17:32 - 2018-03-29 23:30 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-04-10 17:32 - 2018-03-29 23:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-04-10 17:32 - 2018-03-29 23:30 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-04-10 17:32 - 2018-03-29 23:30 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-04-10 17:32 - 2018-03-29 23:30 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-04-10 17:32 - 2018-03-29 23:30 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-04-10 17:32 - 2018-03-29 23:29 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-04-10 17:32 - 2018-03-29 23:29 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-04-10 17:32 - 2018-03-29 23:29 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-04-10 17:32 - 2018-03-29 23:29 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-04-10 17:32 - 2018-03-29 23:29 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-04-10 17:32 - 2018-03-29 23:29 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-04-10 17:32 - 2018-03-29 23:29 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-04-10 17:32 - 2018-03-29 23:28 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-04-10 17:32 - 2018-03-29 23:28 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-04-10 17:32 - 2018-03-29 23:28 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-04-10 17:32 - 2018-03-29 23:28 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-04-10 17:32 - 2018-03-29 23:28 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-04-10 17:32 - 2018-03-29 23:28 - 000721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-04-10 17:32 - 2018-03-29 23:28 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-04-10 17:32 - 2018-03-29 23:28 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-04-10 17:32 - 2018-03-29 23:28 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-04-10 17:32 - 2018-03-29 23:28 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-04-10 17:32 - 2018-03-29 23:27 - 008104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-04-10 17:32 - 2018-03-29 23:27 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-04-10 17:32 - 2018-03-29 23:27 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-04-10 17:32 - 2018-03-29 23:27 - 001002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-04-10 17:32 - 2018-03-29 23:27 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-04-10 17:32 - 2018-03-29 23:27 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-04-10 17:32 - 2018-03-29 23:27 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-04-10 17:32 - 2018-03-29 23:27 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-04-10 17:32 - 2018-03-29 23:26 - 004747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-04-10 17:32 - 2018-03-29 23:26 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-04-10 17:32 - 2018-03-29 23:26 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-04-10 17:32 - 2018-03-29 23:26 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-04-10 17:32 - 2018-03-29 23:26 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-04-10 17:32 - 2018-03-29 23:26 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-04-10 17:32 - 2018-03-29 23:26 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-04-10 17:32 - 2018-03-29 23:25 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-04-10 17:32 - 2018-03-29 23:25 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-04-10 17:32 - 2018-03-29 23:25 - 002083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-04-10 17:32 - 2018-03-29 23:25 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-04-10 17:32 - 2018-03-29 23:25 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-04-10 17:32 - 2018-03-29 23:25 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-04-10 17:32 - 2018-03-29 23:25 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-04-10 17:32 - 2018-03-29 23:25 - 001055744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-04-10 17:32 - 2018-03-29 23:25 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-04-10 17:32 - 2018-03-29 23:25 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-04-10 17:32 - 2018-03-29 23:25 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-04-10 17:32 - 2018-03-29 23:24 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-04-10 17:32 - 2018-03-29 23:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-04-10 17:32 - 2018-03-29 23:23 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-04-10 17:32 - 2018-03-29 23:23 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-04-10 17:32 - 2018-03-29 23:23 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-04-10 17:32 - 2018-03-29 23:20 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2018-04-10 17:32 - 2018-03-13 03:03 - 005907288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-04-10 17:32 - 2018-03-13 03:03 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-04-10 17:32 - 2018-03-13 03:03 - 000279960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-04-10 17:32 - 2018-03-13 03:02 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-04-10 17:32 - 2018-03-13 02:59 - 000535968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-04-10 17:32 - 2018-03-13 02:58 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-04-10 17:32 - 2018-03-13 02:58 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-04-10 17:32 - 2018-03-13 02:55 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-04-10 17:32 - 2018-03-13 02:54 - 000555936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-04-10 17:32 - 2018-03-13 02:53 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-04-10 17:32 - 2018-03-13 02:53 - 000113568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-04-10 17:32 - 2018-03-13 02:52 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-04-10 17:32 - 2018-03-13 02:51 - 002773408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-04-10 17:32 - 2018-03-13 02:50 - 000617312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-04-10 17:32 - 2018-03-13 01:40 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-04-10 17:32 - 2018-03-13 01:36 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-04-10 17:32 - 2018-03-13 01:35 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-04-10 17:32 - 2018-03-13 01:33 - 007544832 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-04-10 17:32 - 2018-03-13 01:33 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-04-10 17:32 - 2018-03-13 01:33 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-04-10 17:32 - 2018-03-13 01:32 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-04-10 17:32 - 2018-03-13 01:28 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-04-10 17:32 - 2018-03-13 01:28 - 001157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-04-10 17:32 - 2018-03-13 01:28 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-04-10 17:32 - 2018-03-13 01:28 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-04-10 17:32 - 2018-03-13 01:27 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-04-10 17:32 - 2018-03-13 01:27 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-04-10 17:32 - 2018-03-13 01:23 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-04-10 17:32 - 2018-03-13 01:23 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-04-10 17:32 - 2018-03-13 01:23 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-04-10 17:32 - 2018-03-13 01:22 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-04-10 17:32 - 2018-03-13 01:19 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-04-10 17:32 - 2018-03-13 01:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-04-10 17:32 - 2018-03-13 01:08 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-04-10 17:32 - 2018-03-13 01:04 - 006481096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-04-10 17:32 - 2018-03-13 01:04 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-04-10 17:32 - 2018-03-13 00:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-04-10 17:32 - 2018-03-13 00:39 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-04-10 17:32 - 2018-03-13 00:38 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-04-10 17:32 - 2018-03-13 00:37 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-04-10 17:32 - 2018-03-13 00:33 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-04-10 17:32 - 2018-03-13 00:31 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-04-10 17:32 - 2018-03-13 00:31 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-04-10 17:32 - 2018-03-13 00:30 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-04-10 17:32 - 2018-03-13 00:27 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2018-04-10 17:32 - 2018-03-13 00:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2018-04-10 17:31 - 2018-03-30 08:34 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-04-10 17:31 - 2018-03-30 01:18 - 001092008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-04-10 17:31 - 2018-03-30 01:14 - 000423320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-04-10 17:31 - 2018-03-30 01:12 - 000270208 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2018-04-10 17:31 - 2018-03-30 01:12 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-04-10 17:31 - 2018-03-30 01:10 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-04-10 17:31 - 2018-03-30 01:08 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-04-10 17:31 - 2018-03-30 01:08 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-04-10 17:31 - 2018-03-30 01:08 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-04-10 17:31 - 2018-03-30 01:07 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-04-10 17:31 - 2018-03-30 01:07 - 000069528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-04-10 17:31 - 2018-03-30 01:06 - 000053152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcw.sys
2018-04-10 17:31 - 2018-03-30 01:05 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-04-10 17:31 - 2018-03-30 01:05 - 000191824 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-04-10 17:31 - 2018-03-30 01:05 - 000073120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-04-10 17:31 - 2018-03-30 01:05 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-04-10 17:31 - 2018-03-30 01:05 - 000035744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDFHost.dll
2018-04-10 17:31 - 2018-03-30 01:05 - 000022800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll
2018-04-10 17:31 - 2018-03-30 01:05 - 000022208 _____ (Microsoft Corporation) C:\WINDOWS\system32\IumSdk.dll
2018-04-10 17:31 - 2018-03-30 01:05 - 000020888 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-04-10 17:31 - 2018-03-30 01:04 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-04-10 17:31 - 2018-03-30 01:04 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-04-10 17:31 - 2018-03-30 01:03 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-04-10 17:31 - 2018-03-30 01:03 - 000508272 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-04-10 17:31 - 2018-03-30 01:03 - 000479920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-04-10 17:31 - 2018-03-30 01:03 - 000460704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-04-10 17:31 - 2018-03-30 01:03 - 000292384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-04-10 17:31 - 2018-03-30 01:03 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-04-10 17:31 - 2018-03-30 01:03 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-04-10 17:31 - 2018-03-30 01:03 - 000139680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-04-10 17:31 - 2018-03-30 01:02 - 000128416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-04-10 17:31 - 2018-03-30 01:01 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-04-10 17:31 - 2018-03-30 01:01 - 000034208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys
2018-04-10 17:31 - 2018-03-30 01:00 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2018-04-10 17:31 - 2018-03-30 01:00 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2018-04-10 17:31 - 2018-03-30 00:58 - 000039328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2018-04-10 17:31 - 2018-03-30 00:57 - 000711944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-04-10 17:31 - 2018-03-30 00:57 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-04-10 17:31 - 2018-03-30 00:57 - 000121248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2018-04-10 17:31 - 2018-03-30 00:57 - 000031640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-04-10 17:31 - 2018-03-30 00:56 - 000018680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2018-04-10 17:31 - 2018-03-30 00:53 - 000094080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2018-04-10 17:31 - 2018-03-30 00:52 - 002457504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-04-10 17:31 - 2018-03-30 00:52 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-04-10 17:31 - 2018-03-30 00:52 - 000282528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2018-04-10 17:31 - 2018-03-30 00:52 - 000247480 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2018-04-10 17:31 - 2018-03-30 00:52 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-04-10 17:31 - 2018-03-30 00:52 - 000054688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys
2018-04-10 17:31 - 2018-03-30 00:52 - 000047512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2018-04-10 17:31 - 2018-03-30 00:52 - 000028520 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2018-04-10 17:31 - 2018-03-30 00:51 - 000125568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-04-10 17:31 - 2018-03-30 00:51 - 000123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2018-04-10 17:31 - 2018-03-30 00:51 - 000071208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-04-10 17:31 - 2018-03-30 00:49 - 000204184 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-04-10 17:31 - 2018-03-30 00:48 - 000586800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110_win.dll
2018-04-10 17:31 - 2018-03-30 00:24 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-04-10 17:31 - 2018-03-30 00:18 - 000016600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshhyperv.dll
2018-04-10 17:31 - 2018-03-30 00:13 - 000073896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2018-04-10 17:31 - 2018-03-30 00:12 - 000186520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2018-04-10 17:31 - 2018-03-30 00:10 - 000099240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-04-10 17:31 - 2018-03-30 00:06 - 000180632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-04-10 17:31 - 2018-03-30 00:04 - 000417368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110_win.dll
2018-04-10 17:31 - 2018-03-29 23:46 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-04-10 17:31 - 2018-03-29 23:45 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-04-10 17:31 - 2018-03-29 23:44 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2018-04-10 17:31 - 2018-03-29 23:44 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2018-04-10 17:31 - 2018-03-29 23:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-04-10 17:31 - 2018-03-29 23:43 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2018-04-10 17:31 - 2018-03-29 23:43 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2018-04-10 17:31 - 2018-03-29 23:43 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2018-04-10 17:31 - 2018-03-29 23:43 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2018-04-10 17:31 - 2018-03-29 23:43 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-04-10 17:31 - 2018-03-29 23:43 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2018-04-10 17:31 - 2018-03-29 23:43 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2018-04-10 17:31 - 2018-03-29 23:43 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-10 17:31 - 2018-03-29 23:43 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2018-04-10 17:31 - 2018-03-29 23:43 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-04-10 17:31 - 2018-03-29 23:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-04-10 17:31 - 2018-03-29 23:43 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2018-04-10 17:31 - 2018-03-29 23:43 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2018-04-10 17:31 - 2018-03-29 23:43 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-04-10 17:31 - 2018-03-29 23:43 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2018-04-10 17:31 - 2018-03-29 23:43 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2018-04-10 17:31 - 2018-03-29 23:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2018-04-10 17:31 - 2018-03-29 23:43 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2018-04-10 17:31 - 2018-03-29 23:42 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2018-04-10 17:31 - 2018-03-29 23:42 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2018-04-10 17:31 - 2018-03-29 23:42 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-04-10 17:31 - 2018-03-29 23:42 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2018-04-10 17:31 - 2018-03-29 23:42 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2018-04-10 17:31 - 2018-03-29 23:42 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2018-04-10 17:31 - 2018-03-29 23:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-04-10 17:31 - 2018-03-29 23:41 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-04-10 17:31 - 2018-03-29 23:41 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2018-04-10 17:31 - 2018-03-29 23:40 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2018-04-10 17:31 - 2018-03-29 23:40 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-04-10 17:31 - 2018-03-29 23:40 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2018-04-10 17:31 - 2018-03-29 23:40 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2018-04-10 17:31 - 2018-03-29 23:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2018-04-10 17:31 - 2018-03-29 23:39 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-04-10 17:31 - 2018-03-29 23:37 - 001298944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-04-10 17:31 - 2018-03-29 23:36 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-04-10 17:31 - 2018-03-29 23:36 - 000098304 _____ C:\WINDOWS\system32\runexehelper.exe
2018-04-10 17:31 - 2018-03-29 23:35 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-04-10 17:31 - 2018-03-29 23:35 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-04-10 17:31 - 2018-03-29 23:35 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-04-10 17:31 - 2018-03-29 23:35 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-04-10 17:31 - 2018-03-29 23:35 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2018-04-10 17:31 - 2018-03-29 23:35 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-04-10 17:31 - 2018-03-29 23:35 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-04-10 17:31 - 2018-03-29 23:35 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-04-10 17:31 - 2018-03-29 23:35 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-04-10 17:31 - 2018-03-29 23:35 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-04-10 17:31 - 2018-03-29 23:34 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000707584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irda.sys
2018-04-10 17:31 - 2018-03-29 23:33 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2018-04-10 17:31 - 2018-03-29 23:33 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-04-10 17:31 - 2018-03-29 23:33 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2018-04-10 17:31 - 2018-03-29 23:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2018-04-10 17:31 - 2018-03-29 23:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapPeerProxy.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HyperVideo.sys
2018-04-10 17:31 - 2018-03-29 23:33 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2018-04-10 17:31 - 2018-03-29 23:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2018-04-10 17:31 - 2018-03-29 23:33 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2018-04-10 17:31 - 2018-03-29 23:33 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2018-04-10 17:31 - 2018-03-29 23:33 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2018-04-10 17:31 - 2018-03-29 23:33 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-04-10 17:31 - 2018-03-29 23:33 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-04-10 17:31 - 2018-03-29 23:33 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2018-04-10 17:31 - 2018-03-29 23:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2018-04-10 17:31 - 2018-03-29 23:32 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2018-04-10 17:31 - 2018-03-29 23:32 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2018-04-10 17:31 - 2018-03-29 23:32 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\efslsaext.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys
2018-04-10 17:31 - 2018-03-29 23:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lltdio.sys
2018-04-10 17:31 - 2018-03-29 23:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2018-04-10 17:31 - 2018-03-29 23:32 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdPnp.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2018-04-10 17:31 - 2018-03-29 23:32 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmiprop.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWNet.dll
2018-04-10 17:31 - 2018-03-29 23:32 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfhost.exe
2018-04-10 17:31 - 2018-03-29 23:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2018-04-10 17:31 - 2018-03-29 23:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2018-04-10 17:31 - 2018-03-29 23:32 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2018-04-10 17:31 - 2018-03-29 23:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-04-10 17:31 - 2018-03-29 23:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-04-10 17:31 - 2018-03-29 23:31 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2018-04-10 17:31 - 2018-03-29 23:31 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2018-04-10 17:31 - 2018-03-29 23:31 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2018-04-10 17:31 - 2018-03-29 23:31 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-04-10 17:31 - 2018-03-29 23:31 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-04-10 17:31 - 2018-03-29 23:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2018-04-10 17:31 - 2018-03-29 23:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-04-10 17:31 - 2018-03-29 23:31 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2018-04-10 17:31 - 2018-03-29 23:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-04-10 17:31 - 2018-03-29 23:31 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-04-10 17:31 - 2018-03-29 23:31 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2018-04-10 17:31 - 2018-03-29 23:31 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2018-04-10 17:31 - 2018-03-29 23:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2018-04-10 17:31 - 2018-03-29 23:31 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-04-10 17:31 - 2018-03-29 23:31 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2018-04-10 17:31 - 2018-03-29 23:30 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-04-10 17:31 - 2018-03-29 23:30 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2018-04-10 17:31 - 2018-03-29 23:30 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-04-10 17:31 - 2018-03-29 23:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2018-04-10 17:31 - 2018-03-29 23:30 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-04-10 17:31 - 2018-03-29 23:30 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-04-10 17:31 - 2018-03-29 23:29 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-04-10 17:31 - 2018-03-29 23:29 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2018-04-10 17:31 - 2018-03-29 23:29 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-04-10 17:31 - 2018-03-29 23:29 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-04-10 17:31 - 2018-03-29 23:29 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-04-10 17:31 - 2018-03-29 23:29 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2018-04-10 17:31 - 2018-03-29 23:29 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2018-04-10 17:31 - 2018-03-29 23:28 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-04-10 17:31 - 2018-03-29 23:28 - 000984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-04-10 17:31 - 2018-03-29 23:28 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2018-04-10 17:31 - 2018-03-29 23:28 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2018-04-10 17:31 - 2018-03-29 23:27 - 003170816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-04-10 17:31 - 2018-03-29 23:27 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-04-10 17:31 - 2018-03-29 23:27 - 000889856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-04-10 17:31 - 2018-03-29 23:27 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-04-10 17:31 - 2018-03-29 23:27 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2018-04-10 17:31 - 2018-03-29 23:26 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-04-10 17:31 - 2018-03-29 23:26 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-04-10 17:31 - 2018-03-29 23:25 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-04-10 17:31 - 2018-03-29 23:25 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2018-04-10 17:31 - 2018-03-29 23:25 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2018-04-10 17:31 - 2018-03-29 23:25 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2018-04-10 17:31 - 2018-03-29 23:23 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2018-04-10 17:31 - 2018-03-29 23:23 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2018-04-10 17:31 - 2018-03-29 23:23 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-04-10 17:31 - 2018-03-29 23:22 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-04-10 17:31 - 2018-03-29 23:22 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2018-04-10 17:31 - 2018-03-29 23:22 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys
2018-04-10 17:31 - 2018-03-29 23:21 - 002511360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-04-10 17:31 - 2018-03-29 23:21 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-04-10 17:31 - 2018-03-29 23:20 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2018-04-10 17:31 - 2018-03-29 23:20 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2018-04-10 17:31 - 2018-03-29 23:20 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2018-04-10 17:31 - 2018-03-29 23:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2018-04-10 17:31 - 2018-03-29 23:20 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2018-04-10 17:31 - 2018-03-29 23:20 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-04-10 17:31 - 2018-03-29 23:20 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPnp.dll
2018-04-10 17:31 - 2018-03-29 23:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2018-04-10 17:31 - 2018-03-29 23:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2018-04-10 17:31 - 2018-03-29 23:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2018-04-10 17:31 - 2018-03-29 23:20 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys
2018-04-10 17:31 - 2018-03-28 15:54 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-04-10 17:31 - 2018-03-13 03:03 - 000779960 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-04-10 17:31 - 2018-03-13 03:03 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-04-10 17:31 - 2018-03-13 02:58 - 000441248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-04-10 17:31 - 2018-03-13 02:55 - 001778360 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-04-10 17:31 - 2018-03-13 02:55 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2018-04-10 17:31 - 2018-03-13 02:55 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-04-10 17:31 - 2018-03-13 02:54 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-04-10 17:31 - 2018-03-13 02:53 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2018-04-10 17:31 - 2018-03-13 02:53 - 000143264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2018-04-10 17:31 - 2018-03-13 02:53 - 000091152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2018-04-10 17:31 - 2018-03-13 02:52 - 000172112 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2018-04-10 17:31 - 2018-03-13 02:52 - 000127136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2018-04-10 17:31 - 2018-03-13 01:41 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-04-10 17:31 - 2018-03-13 01:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-04-10 17:31 - 2018-03-13 01:38 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2018-04-10 17:31 - 2018-03-13 01:38 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-04-10 17:31 - 2018-03-13 01:38 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2018-04-10 17:31 - 2018-03-13 01:37 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2018-04-10 17:31 - 2018-03-13 01:37 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2018-04-10 17:31 - 2018-03-13 01:37 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2018-04-10 17:31 - 2018-03-13 01:36 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2018-04-10 17:31 - 2018-03-13 01:35 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-04-10 17:31 - 2018-03-13 01:35 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-04-10 17:31 - 2018-03-13 01:35 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2018-04-10 17:31 - 2018-03-13 01:35 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-04-10 17:31 - 2018-03-13 01:35 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-04-10 17:31 - 2018-03-13 01:35 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlgpclnt.dll
2018-04-10 17:31 - 2018-03-13 01:34 - 008727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-04-10 17:31 - 2018-03-13 01:34 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-04-10 17:31 - 2018-03-13 01:34 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-04-10 17:31 - 2018-03-13 01:34 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-04-10 17:31 - 2018-03-13 01:34 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2018-04-10 17:31 - 2018-03-13 01:33 - 001574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-04-10 17:31 - 2018-03-13 01:33 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-04-10 17:31 - 2018-03-13 01:33 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2018-04-10 17:31 - 2018-03-13 01:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-04-10 17:31 - 2018-03-13 01:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2018-04-10 17:31 - 2018-03-13 01:32 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-04-10 17:31 - 2018-03-13 01:32 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2018-04-10 17:31 - 2018-03-13 01:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2018-04-10 17:31 - 2018-03-13 01:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-04-10 17:31 - 2018-03-13 01:32 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-04-10 17:31 - 2018-03-13 01:31 - 002849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-04-10 17:31 - 2018-03-13 01:31 - 001263104 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-04-10 17:31 - 2018-03-13 01:31 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-04-10 17:31 - 2018-03-13 01:31 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2018-04-10 17:31 - 2018-03-13 01:31 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2018-04-10 17:31 - 2018-03-13 01:30 - 007145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-04-10 17:31 - 2018-03-13 01:30 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-04-10 17:31 - 2018-03-13 01:30 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-04-10 17:31 - 2018-03-13 01:30 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-04-10 17:31 - 2018-03-13 01:30 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2018-04-10 17:31 - 2018-03-13 01:30 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-04-10 17:31 - 2018-03-13 01:29 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-04-10 17:31 - 2018-03-13 01:28 - 003160576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-04-10 17:31 - 2018-03-13 01:28 - 001967104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-04-10 17:31 - 2018-03-13 01:28 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-04-10 17:31 - 2018-03-13 01:28 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-04-10 17:31 - 2018-03-13 01:27 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-04-10 17:31 - 2018-03-13 01:26 - 001737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-04-10 17:31 - 2018-03-13 01:26 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-04-10 17:31 - 2018-03-13 01:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-04-10 17:31 - 2018-03-13 01:25 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2018-04-10 17:31 - 2018-03-13 01:24 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2018-04-10 17:31 - 2018-03-13 01:24 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-04-10 17:31 - 2018-03-13 01:24 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-04-10 17:31 - 2018-03-13 01:22 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-04-10 17:31 - 2018-03-13 01:22 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2018-04-10 17:31 - 2018-03-13 01:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-04-10 17:31 - 2018-03-13 01:19 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-04-10 17:31 - 2018-03-13 01:19 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-04-10 17:31 - 2018-03-13 01:08 - 001555784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-04-10 17:31 - 2018-03-13 01:07 - 000115104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-04-10 17:31 - 2018-03-13 01:06 - 000564640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2018-04-10 17:31 - 2018-03-13 01:04 - 000140592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2018-04-10 17:31 - 2018-03-13 00:44 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-04-10 17:31 - 2018-03-13 00:44 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-04-10 17:31 - 2018-03-13 00:40 - 006118400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-04-10 17:31 - 2018-03-13 00:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-04-10 17:31 - 2018-03-13 00:40 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2018-04-10 17:31 - 2018-03-13 00:39 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2018-04-10 17:31 - 2018-03-13 00:39 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-04-10 17:31 - 2018-03-13 00:39 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-04-10 17:31 - 2018-03-13 00:38 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlgpclnt.dll
2018-04-10 17:31 - 2018-03-13 00:37 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-04-10 17:31 - 2018-03-13 00:37 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2018-04-10 17:31 - 2018-03-13 00:37 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2018-04-10 17:31 - 2018-03-13 00:37 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-04-10 17:31 - 2018-03-13 00:37 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2018-04-10 17:31 - 2018-03-13 00:37 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-04-10 17:31 - 2018-03-13 00:37 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2018-04-10 17:31 - 2018-03-13 00:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-04-10 17:31 - 2018-03-13 00:36 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-04-10 17:31 - 2018-03-13 00:36 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-04-10 17:31 - 2018-03-13 00:35 - 006204416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-04-10 17:31 - 2018-03-13 00:34 - 002409984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-04-10 17:31 - 2018-03-13 00:34 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-04-10 17:31 - 2018-03-13 00:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-04-10 17:31 - 2018-03-13 00:32 - 002577408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-04-10 17:31 - 2018-03-13 00:32 - 001948672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-04-10 17:31 - 2018-03-13 00:31 - 001348608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-04-10 17:31 - 2018-03-13 00:31 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-04-10 17:31 - 2018-03-13 00:30 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-04-10 17:31 - 2018-03-13 00:28 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-04-10 17:31 - 2018-03-13 00:26 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2018-04-10 17:31 - 2017-11-26 09:32 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-04-10 17:31 - 2017-11-26 07:12 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-04-08 17:02 - 2018-04-08 17:02 - 000000000 ____D C:\Users\NinjaImp\AppData\Roaming\GameLoaderSteam
2018-04-08 16:57 - 2018-04-08 16:57 - 000000222 _____ C:\Users\NinjaImp\Desktop\Crusaders of the Lost Idols.url
2018-04-05 15:51 - 2018-04-05 15:51 - 000000850 _____ C:\Users\WeeLiam\Desktop\Destiny 2.lnk
2018-04-04 18:04 - 2018-04-04 18:04 - 000091133 _____ C:\Users\Family\Downloads\Additional Information for Summer Camp Registration.pdf
2018-04-01 21:01 - 2018-04-01 21:02 - 000137768 _____ C:\Users\Family\Downloads\eReceipt_Egift S@SP10923.pdf
2018-03-31 17:06 - 2018-03-31 17:06 - 000000000 ____D C:\Users\Family\AppData\Local\HP
2018-03-29 19:13 - 2018-03-29 19:13 - 000000000 ____D C:\ProgramData\Unknown Worlds
2018-03-29 19:12 - 2018-03-29 19:12 - 000000000 ____D C:\Users\NinjaImp\AppData\LocalLow\Unknown Worlds
2018-03-29 18:48 - 2018-03-29 18:48 - 000000222 _____ C:\Users\NinjaImp\Desktop\Subnautica.url
2018-03-29 18:46 - 2018-03-29 18:46 - 000000000 ____D C:\Users\NinjaImp\AppData\LocalLow\Temp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-24 22:49 - 2018-01-10 19:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-24 22:49 - 2017-12-04 18:38 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2018-04-24 22:17 - 2017-08-24 12:30 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-24 22:16 - 2017-12-04 20:27 - 000000000 ___RD C:\Users\Family\Google Drive
2018-04-24 22:15 - 2017-12-05 06:41 - 000000000 __RDL C:\Users\Family\OneDrive
2018-04-24 22:14 - 2017-12-09 18:33 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-24 19:51 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-24 19:36 - 2018-01-10 19:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-24 19:36 - 2017-09-29 04:45 - 002097152 _____ C:\WINDOWS\system32\config\BBI
2018-04-24 19:34 - 2017-12-10 19:00 - 000000000 ____D C:\Users\WeeLiam\AppData\Local\Battle.net
2018-04-24 19:34 - 2017-12-05 17:47 - 000000000 ____D C:\Users\Family\AppData\LocalLow\Mozilla
2018-04-24 18:39 - 2018-02-08 06:49 - 000000000 ____D C:\Users\NinjaImp\AppData\Local\MyComGames
2018-04-24 17:01 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-24 16:54 - 2017-12-10 12:18 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2018-04-24 16:53 - 2017-12-09 19:01 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-04-24 16:51 - 2018-01-10 19:19 - 000000000 ____D C:\Users\WeeLiam\AppData\Local\Packages
2018-04-24 16:51 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-24 14:57 - 2018-01-10 19:14 - 001517028 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-24 07:23 - 2018-01-10 19:41 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1834738719-3827053571-2362594928-1005
2018-04-24 07:23 - 2017-12-09 12:40 - 000002380 _____ C:\Users\WeeLiam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-24 07:23 - 2017-12-09 12:40 - 000000000 ___RD C:\Users\WeeLiam\OneDrive
2018-04-24 07:16 - 2018-01-10 19:41 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1834738719-3827053571-2362594928-1003
2018-04-24 07:16 - 2017-12-16 10:08 - 000002401 _____ C:\Users\Little Gorilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-24 07:16 - 2017-12-16 10:08 - 000000000 ___RD C:\Users\Little Gorilla\OneDrive
2018-04-23 20:06 - 2018-01-10 19:41 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1834738719-3827053571-2362594928-1006
2018-04-23 20:06 - 2017-12-05 06:41 - 000002377 _____ C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-23 19:14 - 2017-12-09 19:04 - 000000000 ____D C:\Program Files (x86)\Overwatch
2018-04-23 15:31 - 2018-01-10 19:41 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1834738719-3827053571-2362594928-1004
2018-04-23 15:30 - 2017-12-09 18:32 - 000002383 _____ C:\Users\NinjaImp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-23 15:30 - 2017-12-09 18:32 - 000000000 ___RD C:\Users\NinjaImp\OneDrive
2018-04-22 23:57 - 2018-02-23 17:31 - 000000000 ____D C:\Users\Family\AppData\Roaming\stickies
2018-04-22 23:02 - 2017-12-05 22:03 - 000000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForFamily.job
2018-04-22 12:51 - 2017-12-04 21:27 - 000000000 ____D C:\Users\NinjaImp\Documents\My Games
2018-04-22 12:51 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-22 12:48 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-04-22 12:48 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-04-22 12:32 - 2017-12-09 23:11 - 000000000 ____D C:\Users\NinjaImp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-04-22 09:03 - 2018-02-02 10:19 - 000000000 ____D C:\Users\NinjaImp\AppData\Local\UnrealEngine
2018-04-21 11:36 - 2018-01-10 19:41 - 000003250 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForFamily
2018-04-20 20:08 - 2018-02-28 18:59 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-04-20 19:32 - 2017-12-09 19:03 - 000000000 ____D C:\Users\NinjaImp\AppData\Local\Battle.net
2018-04-20 06:43 - 2017-12-04 18:48 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-17 06:52 - 2018-01-13 09:25 - 000000000 ___RD C:\Users\Little Gorilla\3D Objects
2018-04-17 06:52 - 2017-03-17 23:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-04-15 12:29 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-15 12:27 - 2017-08-24 11:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-14 13:51 - 2017-12-09 20:13 - 000000000 ____D C:\Users\NinjaImp\Documents\Overwatch
2018-04-14 08:53 - 2017-12-04 21:41 - 000000000 ____D C:\Users\WeeLiam\AppData\Roaming\Apple Computer
2018-04-12 17:54 - 2018-01-24 18:25 - 000000000 ___RD C:\Users\WeeLiam\3D Objects
2018-04-12 12:48 - 2018-02-08 06:49 - 000000000 ____D C:\Users\NinjaImp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2018-04-12 08:36 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-04-11 22:39 - 2018-01-27 17:57 - 000000000 ____D C:\WINDOWS\Minidump
2018-04-11 20:18 - 2017-12-04 20:06 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-04-11 20:01 - 2018-01-11 17:38 - 000000000 ___RD C:\Users\Family\3D Objects
2018-04-11 20:00 - 2018-01-01 13:26 - 000000000 ___RD C:\Users\NinjaImp\3D Objects
2018-04-11 19:59 - 2018-01-10 19:10 - 000475360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-11 18:18 - 2017-12-09 09:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-04-11 18:18 - 2017-12-04 18:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-11 18:16 - 2018-01-10 19:14 - 000000000 ____D C:\Users\WeeLiam
2018-04-11 18:14 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-04-11 18:14 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-04-11 18:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-11 18:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-04-10 20:10 - 2018-02-28 13:59 - 000004604 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-04-10 17:48 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-10 17:39 - 2018-01-10 22:00 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-04-10 17:30 - 2017-12-04 22:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-10 17:22 - 2017-12-04 22:37 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-10 17:21 - 2017-12-04 22:37 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-10 16:59 - 2018-01-06 13:41 - 000000000 ____D C:\Program Files (x86)\Destiny 2
2018-04-10 15:38 - 2018-03-07 19:17 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-04-05 15:51 - 2017-12-26 10:55 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-04-04 18:15 - 2017-12-04 20:23 - 000000000 ____D C:\Users\Family\Desktop\Daddy's Files
2018-04-04 17:54 - 2018-01-10 19:18 - 000000000 ____D C:\Users\Family\AppData\Local\Packages
2018-04-03 15:37 - 2018-03-14 22:20 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-04-03 15:37 - 2018-03-14 22:20 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-31 10:21 - 2017-08-24 11:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-03-29 20:07 - 2017-12-04 20:24 - 000000000 ____D C:\Users\Family\Documents\Marie's
2018-03-29 18:32 - 2017-12-09 18:26 - 000000000 ____D C:\Users\NinjaImp\AppData\Local\NVIDIA
2018-03-25 18:38 - 2018-02-28 14:06 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
2018-03-25 18:28 - 2018-01-10 19:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-03-25 18:27 - 2017-09-29 09:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-03-25 18:27 - 2017-09-29 04:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-03-25 18:23 - 2017-12-04 21:40 - 000000000 ____D C:\Users\UpdatusUser
2018-03-25 18:23 - 2017-12-04 21:40 - 000000000 ____D C:\Users\TEMP
2018-03-25 11:06 - 2018-01-10 19:14 - 000000000 ____D C:\Users\NinjaImp
2018-03-25 11:06 - 2018-01-10 19:14 - 000000000 ____D C:\Users\Family

Some files in TEMP:
====================
2018-04-22 12:45 - 2018-04-22 12:45 - 002183680 _____ (Opera Software) C:\Users\Family\AppData\Local\Temp\Opera_installer_180422164525177.dll
2018-04-22 12:45 - 2018-04-22 12:45 - 002183680 _____ (Opera Software) C:\Users\Family\AppData\Local\Temp\Opera_installer_180422164527420.dll
2018-04-22 12:45 - 2018-04-22 12:45 - 002183680 _____ (Opera Software) C:\Users\Family\AppData\Local\Temp\Opera_installer_180422164529361.dll
2018-04-22 12:45 - 2018-04-22 12:45 - 002183680 _____ (Opera Software) C:\Users\Family\AppData\Local\Temp\Opera_installer_180422164529631.dll
2018-04-22 12:45 - 2018-04-22 12:45 - 002183680 _____ (Opera Software) C:\Users\Family\AppData\Local\Temp\Opera_installer_180422164543758.dll
2018-04-22 12:53 - 2018-04-22 12:53 - 002183680 _____ (Opera Software) C:\Users\Family\AppData\Local\Temp\Opera_installer_180422165328338.dll
2018-04-22 12:53 - 2018-04-22 12:53 - 002183680 _____ (Opera Software) C:\Users\Family\AppData\Local\Temp\Opera_installer_180422165328592.dll
2018-04-22 12:53 - 2018-04-22 12:53 - 002183680 _____ (Opera Software) C:\Users\Family\AppData\Local\Temp\Opera_installer_180422165331128.dll
2018-04-22 12:53 - 2018-04-22 12:53 - 002183680 _____ (Opera Software) C:\Users\Family\AppData\Local\Temp\Opera_installer_180422165332269.dll
2018-04-22 12:54 - 2018-04-22 12:54 - 002183680 _____ (Opera Software) C:\Users\Family\AppData\Local\Temp\Opera_installer_180422165415979.dll
2018-04-22 21:04 - 2018-04-22 21:04 - 002183680 _____ (Opera Software) C:\Users\Family\AppData\Local\Temp\Opera_installer_180423010407076.dll
2018-04-22 21:04 - 2018-04-22 21:04 - 002183680 _____ (Opera Software) C:\Users\Family\AppData\Local\Temp\Opera_installer_180423010407316.dll
2018-04-22 21:04 - 2018-04-22 21:04 - 002183680 _____ (Opera Software) C:\Users\Family\AppData\Local\Temp\Opera_installer_180423010407616.dll
2018-04-22 21:04 - 2018-04-22 21:04 - 002183680 _____ (Opera Software) C:\Users\Family\AppData\Local\Temp\Opera_installer_180423010413778.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-15 12:21

==================== End of FRST.txt ============================

Link to post
Share on other sites

and the addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.04.2018
Ran by Family (24-04-2018 23:00:02)
Running from C:\Users\Family\Downloads
Windows 10 Home Version 1709 16299.371 (X64) (2018-01-10 23:43:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1834738719-3827053571-2362594928-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1834738719-3827053571-2362594928-1007 - Limited - Enabled)
bessf (S-1-5-21-1834738719-3827053571-2362594928-1001 - Administrator - Enabled) => C:\Users\bessf
DefaultAccount (S-1-5-21-1834738719-3827053571-2362594928-503 - Limited - Disabled)
Family (S-1-5-21-1834738719-3827053571-2362594928-1006 - Administrator - Enabled) => C:\Users\Family
Guest (S-1-5-21-1834738719-3827053571-2362594928-501 - Limited - Disabled)
Little Gorilla (S-1-5-21-1834738719-3827053571-2362594928-1003 - Limited - Enabled) => C:\Users\Little Gorilla
NinjaImp (S-1-5-21-1834738719-3827053571-2362594928-1004 - Limited - Enabled) => C:\Users\NinjaImp
WDAGUtilityAccount (S-1-5-21-1834738719-3827053571-2362594928-504 - Limited - Disabled)
weeli (S-1-5-21-1834738719-3827053571-2362594928-1008 - Limited - Disabled)
WeeLiam (S-1-5-21-1834738719-3827053571-2362594928-1005 - Limited - Enabled) => C:\Users\WeeLiam

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Backup and Sync from Google (HKLM\...\{4B7277C7-9CEE-45FC-B36B-19AD28281B9C}) (Version: 3.40.8921.5350 - Google, Inc.)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-01b6d92e-5029-4c59-9ab2-2e7a9005dc9d) (Version: 3.0.2.48 - WildTangent) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Carbonite (HKLM-x32\...\{34A6D6FF-7EEC-499E-A54F-71077783AED6}) (Version: 6.3.2 build 7466 (Sep-07-2017) - Carbonite)
Chromium (HKU\S-1-5-21-1834738719-3827053571-2362594928-1006\...\Chromium) (Version: 58.0.3014.0 - Chromium)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Elsword version L.180207.1.1 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: L.180207.1.1 - KOGGAMES)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher (HKLM-x32\...\{FE3CD7B8-14D4-46E9-A206-2C8F2C0E6F1F}) (Version: 1.1.139.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Goodgame Empire (HKLM-x32\...\Goodgame Empire) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.117 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.8.47.1 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}) (Version: 1.4.18 - HP Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Ready Mode Technology (HKLM\...\{CC3C017C-876D-4A31-A128-593FF92A1FE7}) (Version: 1.1.70.528 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed4a5da7-ac62-4aa5-9502-7b4de55e8cb5}) (Version: 20.20.2 - Intel Corporation)
iTunes (HKLM\...\{5581A594-89CB-4062-81C3-2E9F7A76FBE0}) (Version: 12.7.4.76 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-92e34ed3-e3bb-4594-909c-23535f7c1c8e) (Version: 3.0.2.118 - WildTangent) Hidden
LibreOffice 5.4.4.2 (HKLM\...\{36E72E7B-9992-4C69-88B1-5E466E4A1386}) (Version: 5.4.4.2 - The Document Foundation)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9126.2152 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1834738719-3827053571-2362594928-1006\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.7.0.6655 - Mozilla)
Mozilla Thunderbird 52.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.7.0 (x86 en-US)) (Version: 52.7.0 - Mozilla)
Mystika 2 (HKLM-x32\...\WTA-6bcc19ce-71db-4d4c-b7d3-a663afda0bd4) (Version: 1.1.2.4 - WildTangent) Hidden
NVIDIA 3D Vision Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.73 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0516 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0516 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-6127a291-0ce8-4972-8927-8b48dad7eb90) (Version: 3.0.2.126 - WildTangent) Hidden
Sparkle 2 (HKLM-x32\...\WTA-d3f11148-db3c-4e0d-b42d-86cbc038bc40) (Version: 3.0.2.51 - WildTangent) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stickies 9.0e (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-18] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014C1117-58D4-4396-98CA-B5A9573990DA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-12-04] (Dropbox, Inc.)
Task: {0A2500DA-77CD-4CE4-97B6-23F05CE290C6} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {0A5B44E0-6960-44A2-B584-5C9EDBA76B0C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation)
Task: {0F392FE0-7A55-461D-9D04-3AE051D3EB54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-04] (Google Inc.)
Task: {12D2FDFF-9245-40D6-9183-3D484A759AA8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {18B81DFE-9CE6-4B8D-ABEB-60D527018B48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {19BDC5CC-5FB7-4523-8861-1C6FAC3DB6A5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {2653B914-24A8-4977-BD34-9209083B6B6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {38E1A4AF-96EA-48D0-8A2C-13964AAE8B3E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-12-04] (Dropbox, Inc.)
Task: {3E82A427-378A-4FB5-8B9C-D6B9AA4DD0E9} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {4CCFDEE1-5FF2-4D5C-A2C9-BBDF79642307} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-04-07] (HP Inc.)
Task: {530E97AF-C488-4F62-B521-2E76C6C9AD45} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-20] (Microsoft Corporation)
Task: {58C2BB5A-4CE5-49D7-84E1-8658FFD1B047} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {5911C185-4287-47B1-86C9-BB118A314E66} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-15] (Microsoft Corporation)
Task: {597A2AF9-16C4-4096-A116-1BDD8ECD6C21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {5BBE74EE-1D13-4224-96B3-86468C1F5249} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {5BC34C4E-9D1D-4DD7-88DE-1F6CD64920B8} - System32\Tasks\Goodgame Empire1 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxps://empire.goodgamestudios.com/?w=376971 --window-size=1920,1200
Task: {5FA6C055-ED20-4EAD-A7AB-E14B69B4CA4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-20] (Microsoft Corporation)
Task: {681CA7D2-566E-4BCC-9276-6EEFBA3E1E0D} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [2017-07-28] ()
Task: {775BBC66-9609-42ED-99F4-D88DE7EFC961} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-20] (Microsoft Corporation)
Task: {7FD999DB-3AAE-4ECC-A850-55A0ADD44A64} - System32\Tasks\HPCeeScheduleForFamily => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {86F423C9-A3C5-4D91-A716-3B92D9D48384} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {8ADD74FC-AE63-443F-B04A-D756C3B2A74F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {8FC57B4F-04B4-4719-B3D4-59910FA6A1C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-04] (Google Inc.)
Task: {98D486C0-4C9A-4C69-8857-EC7DF49EA2DD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-06] (Microsoft Corporation)
Task: {9CCDAC14-D59B-42B7-899A-BC3211A7A265} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {9D7B2AF7-1144-4C05-8C3E-00FC4255535D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-20] (Microsoft Corporation)
Task: {9E7C66A3-D4AD-4500-AB56-0F6123C5D2E1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-22] (Adobe Systems Incorporated)
Task: {A8C5A0CF-FF05-4873-A62D-722BC054E577} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-22] (Adobe Systems Incorporated)
Task: {A9415A88-51CB-403A-A01A-874DD99C2264} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {BDE34E5F-1112-442B-9301-2FDEB3A6BF79} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-06] (Microsoft Corporation)
Task: {C0FD29C6-1905-4772-90C3-10CD81FBFFCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {C90E97FC-CCF6-4946-90B2-80F2E0724D19} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {D3820751-C9F4-4C55-821D-568FC627C1BD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {D4772250-B369-4D3D-B017-422DD0E9B3F9} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {DDEF56C3-D6CF-4CDC-A6AD-BD96651BEF74} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2017-02-02] (HP Inc.)
Task: {ECCD2479-8A50-4B4E-8365-8F6520BCE8C4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-15] (Microsoft Corporation)
Task: {F3522EEF-1D90-44EC-8FAC-746424482F28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {FD287C5A-48B0-4D7D-96E2-13420D09C5CE} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-28] (DropboxOEM)
Task: {FDDC9557-0AED-4909-B8B1-037927599F6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-01-10] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForFamily.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=*&locale=en_us&pf=cndt&s=VUDU_URL&tp=startmenu

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 000419840 _____ () c:\windows\system32\SSDM.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-08-24 12:30 - 2017-10-10 21:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-22 23:19 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-22 23:19 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-07-28 11:52 - 2017-07-28 11:52 - 000459680 _____ () C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
2018-03-13 16:24 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 16:24 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-15 11:31 - 2018-03-15 11:31 - 046139776 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-03-23 12:33 - 2018-03-23 12:33 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-23 12:33 - 2018-03-23 12:33 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-23 12:33 - 2018-03-23 12:34 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-23 12:33 - 2018-03-23 12:33 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\skypert.dll
2018-03-23 12:33 - 2018-03-23 12:33 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-04-24 22:14 - 2018-04-24 22:14 - 000113152 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_ctypes.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000080896 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\bz2.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 001585152 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_hashlib.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000128512 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32api.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000137728 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\pywintypes27.dll
2018-04-24 22:14 - 2018-04-24 22:14 - 000548864 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\pythoncom27.dll
2018-04-24 22:14 - 2018-04-24 22:14 - 000689664 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\unicodedata.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000438784 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32com.shell.shell.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 001489408 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\wx._core_.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 001007104 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\wx._gdi_.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 001039872 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\wx._windows_.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 001325056 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\wx._controls_.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000916992 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\wx._misc_.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 001084416 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\pysqlite2._sqlite.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000149504 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32file.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000136192 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32security.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000007680 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\hashobjs_ext.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000020992 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\thumbnails_ext.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000118784 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\usb_ext.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000047616 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_socket.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 002224128 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_ssl.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000014848 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\common.time34.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000023040 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32event.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000033280 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\windows.conditional.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000019968 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\windows.winwrap.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000107520 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\windows.volumes.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000223232 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32gui.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000173568 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_elementtree.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000169472 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\pyexpat.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000048128 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32inet.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000103424 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\wx._html2.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000046080 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_psutil_windows.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000633240 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\windows._cacheinvalidation.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 005408256 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\cello.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000010752 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\select.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000011776 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32crypt.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000301568 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\PIL._imaging.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000032256 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_multiprocessing.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000026112 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_yappi.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000044032 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32process.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000027648 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32pipe.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000029696 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32pdh.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000038400 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\windows.connectivity.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000071168 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\windows.device_monitor.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000020480 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32profile.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000026624 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32ts.pyd
2018-04-20 06:43 - 2018-04-17 01:01 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.117\libglesv2.dll
2018-04-20 06:43 - 2018-04-17 01:01 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.117\libegl.dll
2018-04-17 06:25 - 2018-04-17 06:25 - 000178688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.8.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 07:22 - 2018-03-09 07:22 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-15 08:21 - 2018-03-15 08:21 - 000156672 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\deca1eabc5b6b4e2a80c1c6a5d25d976\BRIDGECommon.ni.dll
2018-02-15 08:30 - 2018-02-15 08:30 - 000329728 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\48322169b8c66d6e30a1b43033d36be6\CleanStartController.ni.dll
2018-02-15 08:30 - 2018-02-15 08:30 - 000116736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\9e946baf11164ac6319a215325a4f3ab\BridgeExtension.ni.dll
2018-02-15 08:30 - 2018-02-15 08:30 - 000070656 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NativeInterop\667eb7ae99201e9082d0c380ee22d4c4\NativeInterop.ni.dll
2017-11-09 01:44 - 2017-11-09 01:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-08-24 12:30 - 2017-10-10 21:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\NinjaImp\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\Public\AppData:CSM [468]
AlternateDataStreams: C:\Users\WeeLiam\AppData\Local\Temp:$DATA [16]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 17:03 - 2018-04-22 23:16 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1834738719-3827053571-2362594928-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\Pictures\Wallpaper Themes\Bobba Vader.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AC670581-4F47-4FF3-9B13-6B7CDC4AC43D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{3A98CAAD-8B22-49F8-8524-18C0C05E6D58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{5B4621B6-D0F3-4D06-BE8B-D095D477C021}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battleborn\Binaries\Win64\Battleborn.exe
FirewallRules: [{D25C4235-EDD9-429F-B554-A74A92805358}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battleborn\Binaries\Win64\Battleborn.exe
FirewallRules: [{7672F243-69DE-4ED0-8C8E-05EAF6D4AE4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{0763C78A-BA13-423F-893F-2346AA399F8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{B45226DD-89DB-46DE-ABAB-502D1F138EF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A8AE84D1-DE3F-4E40-A96A-2534ACEEFA35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{789BF4E0-1CB9-400F-AC5D-F6F5BC183853}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{D2863B63-D8B8-4073-8427-5A4C6E287199}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{C9FEFE8C-C9E0-4CFC-AC77-97007E15DD8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{71D35649-481B-4541-AB55-4F6453358DFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{DF8C814D-BF7F-4A5B-98F7-33D78F37438D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{2CA6AD37-B46A-46C9-845C-CC03C47A3436}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{682CA641-BEA1-4385-8327-0C620E4E842E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{D4B5139A-2688-498E-9EE5-5DF0E8E68BF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{EF42B31D-E8C9-44D2-8670-9D8826CC6067}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{50832DE9-8C57-4B3D-84D4-DB86A865E62A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4CCC596B-D0E6-4168-BA26-36C27AA06D3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AFB9CB92-F8C5-4C00-B5AC-82D0AB47A129}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{19050276-7E81-4C64-A5E2-5F5B38794A62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3054CD02-65BD-4E3E-808A-9AFE16813E39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{E8F3099A-3433-4C12-85A9-5AA5B306F954}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{70428B31-4907-49C6-8724-527115BAD596}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{CCE53B72-7953-4595-A34C-370897B8AA66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{47022E24-673D-47C2-910F-C4B192804F91}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{27AFC1F0-FE48-4207-9979-48A4BFEF702E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5EEEFD7B-7ADC-4C90-8228-2D69129A8919}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A46A347B-6932-4250-9AA6-C3E7807F827C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4AA0D8FC-4AFB-484F-8CED-C21D57D24D05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7027EC8A-80DB-45CB-8442-8A3C9E13A417}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4BEBE7A9-A814-4F78-8272-8AB7A6015A39}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{31CFD376-236F-43FE-AB88-500D42A0951B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BC9424EB-8070-414E-834A-98BB9A000EC2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A69692D4-86ED-49F7-AA8E-6D4B9DB2CF8F}] => (Allow) LPort=13148
FirewallRules: [{37F6A041-D228-4FC3-B8F8-75FEC4C65094}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
FirewallRules: [{8D4901E3-EA72-437B-B8D7-1665B7ED9B6F}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{8FBFB44B-4F1B-4BB4-82EA-B4D2901D9461}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{55333B3C-42DA-4072-A8EC-23118475A487}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0AE4B2C0-C43B-4BE2-A728-2BC821721E12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1F379D9F-3BD7-4FF1-9DAF-076D5E0294B6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{257A4AFE-4FB0-4776-82DD-FE7AE3DEE3FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3BB1B2E4-B5F5-4EC1-BDB8-6E34ACA5AD3E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{E5070A02-CD25-4605-817D-BE69868264A2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{E3742839-AB11-4CC0-8B72-D30C86FE9245}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{5F84BC97-434A-4960-8E3B-E31359033C18}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{9AB01026-20E3-4605-BDAA-2ED134C6C247}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1C6722D5-E121-4A0C-9182-9E1A9DAC9FC8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{26FE87DE-ABF6-4D09-B561-FA440ACD1ADB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A3915C98-52C8-42E6-87B9-DE347D9C7DB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{4F1A8874-6324-4D4F-A6D4-4A93E75597AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3D0CB576-25E2-453F-971B-DB06BE019EC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeons and Dragons Online\TurbineInvoker.exe
FirewallRules: [{3B0F7FAC-4E8A-4D0C-870E-431FFE0B3E8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeons and Dragons Online\TurbineInvoker.exe
FirewallRules: [{FE9E29CE-C26C-4654-B220-E6CE96347431}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Modern Combat Versus\ModernCombatVersus.exe
FirewallRules: [{49DF5E06-7A62-4263-9946-6367A37ACFE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Modern Combat Versus\ModernCombatVersus.exe
FirewallRules: [{E08F21AD-C21E-42ED-A148-BB0A7D5644F3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{2F0584D2-8226-4B5E-8319-BADB8ACCB234}C:\users\ninjaimp\desktop\crossout\launcher.exe] => (Allow) C:\users\ninjaimp\desktop\crossout\launcher.exe
FirewallRules: [UDP Query User{C1FB0BAB-DAB9-4FC4-A237-C3A1E1CA07CB}C:\users\ninjaimp\desktop\crossout\launcher.exe] => (Allow) C:\users\ninjaimp\desktop\crossout\launcher.exe
FirewallRules: [{DA221AF0-0D73-4527-90AF-572E82AE4F3C}] => (Block) C:\users\ninjaimp\desktop\crossout\launcher.exe
FirewallRules: [{5CC3E525-2F4C-413D-B9C6-9EC74CAA7601}] => (Block) C:\users\ninjaimp\desktop\crossout\launcher.exe
FirewallRules: [TCP Query User{76F51061-3D28-4583-8B34-1E023985C88D}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{17C5AFDC-1130-4708-976C-A57C5B71A4B2}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{B00EF620-F2AA-421A-A379-67828874C5A8}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{D3E00F26-F5D9-4E70-BE82-C25EAA574AC1}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{CFA6D35A-BC04-4BAC-A17B-52653F4162C8}C:\program files (x86)\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{668F3338-65FB-47E1-AF0D-D3870A31530F}C:\program files (x86)\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [{A1E5462E-E1D0-4427-BC44-CC0259F8539F}] => (Block) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [{69272CDD-D156-4750-930F-D3EA51E3ABBC}] => (Block) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [TCP Query User{89C5FD62-CAE6-4895-9234-A45CF5D8A4BF}C:\users\ninjaimp\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\ninjaimp\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{87D444BD-B472-4FA4-B2CC-551FF2213118}C:\users\ninjaimp\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\ninjaimp\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{F536C13F-9EC6-45B6-B4B9-222DDD8A49C4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2BFA0278-7711-444C-AB67-55199B045A5C}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{62134EB3-2DC6-4A88-B4D8-BFC98E5CFE8D}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [TCP Query User{92452EF4-5258-41A4-8439-99B70E30A3CF}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{409A3A9F-3349-4AE8-B056-5526E69ECB85}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{025D362A-E97E-480E-A8C7-C5933C004515}C:\programdata\battle.net\agent\agent.6082\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6082\agent.exe
FirewallRules: [UDP Query User{1213F300-D348-4AA0-B9B5-878F189975E8}C:\programdata\battle.net\agent\agent.6082\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6082\agent.exe
FirewallRules: [{1652DA90-BC22-4885-A2E6-EDC5CF295F86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{6285F8F6-5B31-48F2-A5C0-4D3753E3B83B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{E593C9A3-D757-4068-8A85-4584CE012141}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{6F51DC7E-26CE-4C39-91E2-F02427029F29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{F92DFB3E-B5E1-43C0-ABF2-4826DF71859A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{123DCD24-BA70-4DBC-8D10-2A973F404510}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{9C6DE957-AC6F-449D-9C81-2DA34A4FAA1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusaders of the Lost Idols\Crusaders of the Lost Idols.exe
FirewallRules: [{2D6DB8C7-BA39-46F3-B3AE-73B44DCBE1D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusaders of the Lost Idols\Crusaders of the Lost Idols.exe
FirewallRules: [{1009E3CE-31EB-4BE3-B7D6-B9A0320460F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{CE1D24E8-DBF5-4DAA-A1D2-A9FBAC997047}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{EEF36122-9E34-423A-9EE8-990E04B594C7}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{C77063A4-298D-4E43-940A-6D19CE75B533}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{62E755FE-5E6D-4C6F-BB11-49B42878226E}C:\users\ninjaimp\appdata\local\mycomgames\gamecenter.exe] => (Allow) C:\users\ninjaimp\appdata\local\mycomgames\gamecenter.exe
FirewallRules: [UDP Query User{A07EE197-B99F-4C0E-B848-827CD373D1A3}C:\users\ninjaimp\appdata\local\mycomgames\gamecenter.exe] => (Allow) C:\users\ninjaimp\appdata\local\mycomgames\gamecenter.exe
FirewallRules: [TCP Query User{686AB42F-342A-4F10-A8CC-4E45B0842F72}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{CFB05639-FF26-470F-8225-65D465B741B7}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{F01F0A0E-9ED9-4D1A-B496-A789A9D0336B}C:\users\ninjaimp\documents\my games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\users\ninjaimp\documents\my games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{8A76C227-CC80-483B-9A2A-179A993269C2}C:\users\ninjaimp\documents\my games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\users\ninjaimp\documents\my games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{5522CF77-8BE8-4B5B-97A0-ABEACB029C12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{34B6F01C-DCF1-479B-9E4B-972D9AD52AF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{F7BA260F-E7FD-4724-AB8B-9443822A4A2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [{DA1ECA8B-D171-48B9-B823-C3F4FD538D03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [{0141EBE1-BF5D-4671-8D65-8FA892AB9458}] => (Allow) C:\Users\Family\AppData\Local\Chromium\Application\chrome.exe

==================== Restore Points =========================

24-04-2018 16:30:24 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2018 10:49:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 155203

Error: (04/24/2018 10:49:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 155203

Error: (04/24/2018 10:49:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/24/2018 10:46:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5781

Error: (04/24/2018 10:46:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5781

Error: (04/24/2018 10:46:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/24/2018 10:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4391

Error: (04/24/2018 10:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4391


System errors:
=============
Error: (04/24/2018 10:17:19 PM) (Source: DCOM) (EventID: 10016) (User: BESSNIMP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user BESSNIMP\Family SID (S-1-5-21-1834738719-3827053571-2362594928-1006) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/24/2018 10:15:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/24/2018 10:15:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/24/2018 10:15:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/24/2018 10:15:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/24/2018 10:15:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/24/2018 10:15:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/24/2018 10:15:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-04-24 14:44:56.150
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1DFE1213-D806-4558-912D-1E26F79B558E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-22 21:02:25.529
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {893919AB-5BF3-440A-8584-BB2A13A5B94A}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-04-09 19:44:27.175
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DD97D70A-98BC-4CEB-9D09-93898DF7764F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-09 19:13:39.299
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E456C9C3-8010-4B1E-8B08-26A3D0377456}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-01 16:27:38.063
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C90C0F0E-7CF8-4F2A-A2B7-BC6A04B7D664}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-19 15:39:49.137
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004004
Error description: Operation aborted 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-03-19 15:39:48.493
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004004
Error description: Operation aborted 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device.

Date: 2018-02-10 17:45:14.175
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-02-10 17:45:13.554
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device.

CodeIntegrity:
===================================

Date: 2018-04-24 22:58:59.573
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-24 22:58:59.570
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-24 22:28:59.632
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-24 22:28:59.631
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-24 22:19:09.582
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-24 22:19:09.580
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-24 22:14:25.727
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-24 22:14:25.725
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
Percentage of memory in use: 47%
Total physical RAM: 8127.92 MB
Available physical RAM: 4235.09 MB
Total Virtual: 15807.92 MB
Available Virtual: 11058.42 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:918.43 GB) (Free:149.06 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:11.85 GB) (Free:1.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Overwatch 1.0) (CDROM) (Total:4.83 GB) (Free:0 GB) CDFS

\\?\Volume{029c5a6a-6a91-4cd1-829b-c66f2e3ff743}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
\\?\Volume{151c66e5-c7c5-4043-8f99-d10811ddbea8}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7E10C852)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

and the addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.04.2018
Ran by Family (24-04-2018 23:00:02)
Running from C:\Users\Family\Downloads
Windows 10 Home Version 1709 16299.371 (X64) (2018-01-10 23:43:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1834738719-3827053571-2362594928-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1834738719-3827053571-2362594928-1007 - Limited - Enabled)
bessf (S-1-5-21-1834738719-3827053571-2362594928-1001 - Administrator - Enabled) => C:\Users\bessf
DefaultAccount (S-1-5-21-1834738719-3827053571-2362594928-503 - Limited - Disabled)
Family (S-1-5-21-1834738719-3827053571-2362594928-1006 - Administrator - Enabled) => C:\Users\Family
Guest (S-1-5-21-1834738719-3827053571-2362594928-501 - Limited - Disabled)
Little Gorilla (S-1-5-21-1834738719-3827053571-2362594928-1003 - Limited - Enabled) => C:\Users\Little Gorilla
NinjaImp (S-1-5-21-1834738719-3827053571-2362594928-1004 - Limited - Enabled) => C:\Users\NinjaImp
WDAGUtilityAccount (S-1-5-21-1834738719-3827053571-2362594928-504 - Limited - Disabled)
weeli (S-1-5-21-1834738719-3827053571-2362594928-1008 - Limited - Disabled)
WeeLiam (S-1-5-21-1834738719-3827053571-2362594928-1005 - Limited - Enabled) => C:\Users\WeeLiam

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Backup and Sync from Google (HKLM\...\{4B7277C7-9CEE-45FC-B36B-19AD28281B9C}) (Version: 3.40.8921.5350 - Google, Inc.)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-01b6d92e-5029-4c59-9ab2-2e7a9005dc9d) (Version: 3.0.2.48 - WildTangent) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Carbonite (HKLM-x32\...\{34A6D6FF-7EEC-499E-A54F-71077783AED6}) (Version: 6.3.2 build 7466 (Sep-07-2017) - Carbonite)
Chromium (HKU\S-1-5-21-1834738719-3827053571-2362594928-1006\...\Chromium) (Version: 58.0.3014.0 - Chromium)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Elsword version L.180207.1.1 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: L.180207.1.1 - KOGGAMES)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher (HKLM-x32\...\{FE3CD7B8-14D4-46E9-A206-2C8F2C0E6F1F}) (Version: 1.1.139.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Goodgame Empire (HKLM-x32\...\Goodgame Empire) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.117 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.8.47.1 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}) (Version: 1.4.18 - HP Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Ready Mode Technology (HKLM\...\{CC3C017C-876D-4A31-A128-593FF92A1FE7}) (Version: 1.1.70.528 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed4a5da7-ac62-4aa5-9502-7b4de55e8cb5}) (Version: 20.20.2 - Intel Corporation)
iTunes (HKLM\...\{5581A594-89CB-4062-81C3-2E9F7A76FBE0}) (Version: 12.7.4.76 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-92e34ed3-e3bb-4594-909c-23535f7c1c8e) (Version: 3.0.2.118 - WildTangent) Hidden
LibreOffice 5.4.4.2 (HKLM\...\{36E72E7B-9992-4C69-88B1-5E466E4A1386}) (Version: 5.4.4.2 - The Document Foundation)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9126.2152 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1834738719-3827053571-2362594928-1006\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.7.0.6655 - Mozilla)
Mozilla Thunderbird 52.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.7.0 (x86 en-US)) (Version: 52.7.0 - Mozilla)
Mystika 2 (HKLM-x32\...\WTA-6bcc19ce-71db-4d4c-b7d3-a663afda0bd4) (Version: 1.1.2.4 - WildTangent) Hidden
NVIDIA 3D Vision Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.73 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0516 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0516 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-6127a291-0ce8-4972-8927-8b48dad7eb90) (Version: 3.0.2.126 - WildTangent) Hidden
Sparkle 2 (HKLM-x32\...\WTA-d3f11148-db3c-4e0d-b42d-86cbc038bc40) (Version: 3.0.2.51 - WildTangent) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stickies 9.0e (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-18] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014C1117-58D4-4396-98CA-B5A9573990DA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-12-04] (Dropbox, Inc.)
Task: {0A2500DA-77CD-4CE4-97B6-23F05CE290C6} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {0A5B44E0-6960-44A2-B584-5C9EDBA76B0C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation)
Task: {0F392FE0-7A55-461D-9D04-3AE051D3EB54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-04] (Google Inc.)
Task: {12D2FDFF-9245-40D6-9183-3D484A759AA8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {18B81DFE-9CE6-4B8D-ABEB-60D527018B48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {19BDC5CC-5FB7-4523-8861-1C6FAC3DB6A5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {2653B914-24A8-4977-BD34-9209083B6B6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {38E1A4AF-96EA-48D0-8A2C-13964AAE8B3E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-12-04] (Dropbox, Inc.)
Task: {3E82A427-378A-4FB5-8B9C-D6B9AA4DD0E9} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {4CCFDEE1-5FF2-4D5C-A2C9-BBDF79642307} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-04-07] (HP Inc.)
Task: {530E97AF-C488-4F62-B521-2E76C6C9AD45} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-20] (Microsoft Corporation)
Task: {58C2BB5A-4CE5-49D7-84E1-8658FFD1B047} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {5911C185-4287-47B1-86C9-BB118A314E66} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-15] (Microsoft Corporation)
Task: {597A2AF9-16C4-4096-A116-1BDD8ECD6C21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {5BBE74EE-1D13-4224-96B3-86468C1F5249} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {5BC34C4E-9D1D-4DD7-88DE-1F6CD64920B8} - System32\Tasks\Goodgame Empire1 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxps://empire.goodgamestudios.com/?w=376971 --window-size=1920,1200
Task: {5FA6C055-ED20-4EAD-A7AB-E14B69B4CA4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-20] (Microsoft Corporation)
Task: {681CA7D2-566E-4BCC-9276-6EEFBA3E1E0D} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [2017-07-28] ()
Task: {775BBC66-9609-42ED-99F4-D88DE7EFC961} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-20] (Microsoft Corporation)
Task: {7FD999DB-3AAE-4ECC-A850-55A0ADD44A64} - System32\Tasks\HPCeeScheduleForFamily => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {86F423C9-A3C5-4D91-A716-3B92D9D48384} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {8ADD74FC-AE63-443F-B04A-D756C3B2A74F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {8FC57B4F-04B4-4719-B3D4-59910FA6A1C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-04] (Google Inc.)
Task: {98D486C0-4C9A-4C69-8857-EC7DF49EA2DD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-06] (Microsoft Corporation)
Task: {9CCDAC14-D59B-42B7-899A-BC3211A7A265} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {9D7B2AF7-1144-4C05-8C3E-00FC4255535D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-20] (Microsoft Corporation)
Task: {9E7C66A3-D4AD-4500-AB56-0F6123C5D2E1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-22] (Adobe Systems Incorporated)
Task: {A8C5A0CF-FF05-4873-A62D-722BC054E577} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-22] (Adobe Systems Incorporated)
Task: {A9415A88-51CB-403A-A01A-874DD99C2264} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {BDE34E5F-1112-442B-9301-2FDEB3A6BF79} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-06] (Microsoft Corporation)
Task: {C0FD29C6-1905-4772-90C3-10CD81FBFFCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {C90E97FC-CCF6-4946-90B2-80F2E0724D19} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {D3820751-C9F4-4C55-821D-568FC627C1BD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {D4772250-B369-4D3D-B017-422DD0E9B3F9} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {DDEF56C3-D6CF-4CDC-A6AD-BD96651BEF74} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2017-02-02] (HP Inc.)
Task: {ECCD2479-8A50-4B4E-8365-8F6520BCE8C4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-15] (Microsoft Corporation)
Task: {F3522EEF-1D90-44EC-8FAC-746424482F28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {FD287C5A-48B0-4D7D-96E2-13420D09C5CE} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-28] (DropboxOEM)
Task: {FDDC9557-0AED-4909-B8B1-037927599F6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-01-10] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForFamily.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=*&locale=en_us&pf=cndt&s=VUDU_URL&tp=startmenu

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 000419840 _____ () c:\windows\system32\SSDM.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-08-24 12:30 - 2017-10-10 21:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-22 23:19 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-22 23:19 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-07-28 11:52 - 2017-07-28 11:52 - 000459680 _____ () C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
2018-03-13 16:24 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 16:24 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-15 11:31 - 2018-03-15 11:31 - 046139776 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-03-23 12:33 - 2018-03-23 12:33 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-23 12:33 - 2018-03-23 12:33 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-23 12:33 - 2018-03-23 12:34 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-23 12:33 - 2018-03-23 12:33 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\skypert.dll
2018-03-23 12:33 - 2018-03-23 12:33 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-04-24 22:14 - 2018-04-24 22:14 - 000113152 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_ctypes.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000080896 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\bz2.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 001585152 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_hashlib.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000128512 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32api.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000137728 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\pywintypes27.dll
2018-04-24 22:14 - 2018-04-24 22:14 - 000548864 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\pythoncom27.dll
2018-04-24 22:14 - 2018-04-24 22:14 - 000689664 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\unicodedata.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000438784 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32com.shell.shell.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 001489408 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\wx._core_.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 001007104 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\wx._gdi_.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 001039872 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\wx._windows_.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 001325056 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\wx._controls_.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000916992 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\wx._misc_.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 001084416 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\pysqlite2._sqlite.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000149504 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32file.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000136192 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32security.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000007680 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\hashobjs_ext.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000020992 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\thumbnails_ext.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000118784 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\usb_ext.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000047616 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_socket.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 002224128 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_ssl.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000014848 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\common.time34.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000023040 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32event.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000033280 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\windows.conditional.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000019968 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\windows.winwrap.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000107520 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\windows.volumes.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000223232 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32gui.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000173568 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_elementtree.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000169472 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\pyexpat.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000048128 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32inet.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000103424 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\wx._html2.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000046080 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_psutil_windows.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000633240 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\windows._cacheinvalidation.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 005408256 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\cello.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000010752 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\select.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000011776 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32crypt.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000301568 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\PIL._imaging.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000032256 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_multiprocessing.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000026112 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\_yappi.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000044032 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32process.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000027648 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32pipe.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000029696 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32pdh.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000038400 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\windows.connectivity.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000071168 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\windows.device_monitor.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000020480 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32profile.pyd
2018-04-24 22:14 - 2018-04-24 22:14 - 000026624 _____ () C:\Users\Family\AppData\Local\Temp\_MEI116282\win32ts.pyd
2018-04-20 06:43 - 2018-04-17 01:01 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.117\libglesv2.dll
2018-04-20 06:43 - 2018-04-17 01:01 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.117\libegl.dll
2018-04-17 06:25 - 2018-04-17 06:25 - 000178688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.8.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 07:22 - 2018-03-09 07:22 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-15 08:21 - 2018-03-15 08:21 - 000156672 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\deca1eabc5b6b4e2a80c1c6a5d25d976\BRIDGECommon.ni.dll
2018-02-15 08:30 - 2018-02-15 08:30 - 000329728 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\48322169b8c66d6e30a1b43033d36be6\CleanStartController.ni.dll
2018-02-15 08:30 - 2018-02-15 08:30 - 000116736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\9e946baf11164ac6319a215325a4f3ab\BridgeExtension.ni.dll
2018-02-15 08:30 - 2018-02-15 08:30 - 000070656 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NativeInterop\667eb7ae99201e9082d0c380ee22d4c4\NativeInterop.ni.dll
2017-11-09 01:44 - 2017-11-09 01:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-08-24 12:30 - 2017-10-10 21:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\NinjaImp\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\Public\AppData:CSM [468]
AlternateDataStreams: C:\Users\WeeLiam\AppData\Local\Temp:$DATA [16]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 17:03 - 2018-04-22 23:16 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1834738719-3827053571-2362594928-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\Pictures\Wallpaper Themes\Bobba Vader.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AC670581-4F47-4FF3-9B13-6B7CDC4AC43D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{3A98CAAD-8B22-49F8-8524-18C0C05E6D58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{5B4621B6-D0F3-4D06-BE8B-D095D477C021}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battleborn\Binaries\Win64\Battleborn.exe
FirewallRules: [{D25C4235-EDD9-429F-B554-A74A92805358}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battleborn\Binaries\Win64\Battleborn.exe
FirewallRules: [{7672F243-69DE-4ED0-8C8E-05EAF6D4AE4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{0763C78A-BA13-423F-893F-2346AA399F8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{B45226DD-89DB-46DE-ABAB-502D1F138EF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A8AE84D1-DE3F-4E40-A96A-2534ACEEFA35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{789BF4E0-1CB9-400F-AC5D-F6F5BC183853}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{D2863B63-D8B8-4073-8427-5A4C6E287199}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{C9FEFE8C-C9E0-4CFC-AC77-97007E15DD8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{71D35649-481B-4541-AB55-4F6453358DFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{DF8C814D-BF7F-4A5B-98F7-33D78F37438D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{2CA6AD37-B46A-46C9-845C-CC03C47A3436}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{682CA641-BEA1-4385-8327-0C620E4E842E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{D4B5139A-2688-498E-9EE5-5DF0E8E68BF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{EF42B31D-E8C9-44D2-8670-9D8826CC6067}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{50832DE9-8C57-4B3D-84D4-DB86A865E62A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4CCC596B-D0E6-4168-BA26-36C27AA06D3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AFB9CB92-F8C5-4C00-B5AC-82D0AB47A129}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{19050276-7E81-4C64-A5E2-5F5B38794A62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3054CD02-65BD-4E3E-808A-9AFE16813E39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{E8F3099A-3433-4C12-85A9-5AA5B306F954}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{70428B31-4907-49C6-8724-527115BAD596}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{CCE53B72-7953-4595-A34C-370897B8AA66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{47022E24-673D-47C2-910F-C4B192804F91}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{27AFC1F0-FE48-4207-9979-48A4BFEF702E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5EEEFD7B-7ADC-4C90-8228-2D69129A8919}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A46A347B-6932-4250-9AA6-C3E7807F827C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4AA0D8FC-4AFB-484F-8CED-C21D57D24D05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7027EC8A-80DB-45CB-8442-8A3C9E13A417}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4BEBE7A9-A814-4F78-8272-8AB7A6015A39}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{31CFD376-236F-43FE-AB88-500D42A0951B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BC9424EB-8070-414E-834A-98BB9A000EC2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A69692D4-86ED-49F7-AA8E-6D4B9DB2CF8F}] => (Allow) LPort=13148
FirewallRules: [{37F6A041-D228-4FC3-B8F8-75FEC4C65094}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
FirewallRules: [{8D4901E3-EA72-437B-B8D7-1665B7ED9B6F}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{8FBFB44B-4F1B-4BB4-82EA-B4D2901D9461}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{55333B3C-42DA-4072-A8EC-23118475A487}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0AE4B2C0-C43B-4BE2-A728-2BC821721E12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1F379D9F-3BD7-4FF1-9DAF-076D5E0294B6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{257A4AFE-4FB0-4776-82DD-FE7AE3DEE3FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3BB1B2E4-B5F5-4EC1-BDB8-6E34ACA5AD3E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{E5070A02-CD25-4605-817D-BE69868264A2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{E3742839-AB11-4CC0-8B72-D30C86FE9245}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{5F84BC97-434A-4960-8E3B-E31359033C18}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{9AB01026-20E3-4605-BDAA-2ED134C6C247}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1C6722D5-E121-4A0C-9182-9E1A9DAC9FC8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{26FE87DE-ABF6-4D09-B561-FA440ACD1ADB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A3915C98-52C8-42E6-87B9-DE347D9C7DB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{4F1A8874-6324-4D4F-A6D4-4A93E75597AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3D0CB576-25E2-453F-971B-DB06BE019EC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeons and Dragons Online\TurbineInvoker.exe
FirewallRules: [{3B0F7FAC-4E8A-4D0C-870E-431FFE0B3E8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeons and Dragons Online\TurbineInvoker.exe
FirewallRules: [{FE9E29CE-C26C-4654-B220-E6CE96347431}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Modern Combat Versus\ModernCombatVersus.exe
FirewallRules: [{49DF5E06-7A62-4263-9946-6367A37ACFE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Modern Combat Versus\ModernCombatVersus.exe
FirewallRules: [{E08F21AD-C21E-42ED-A148-BB0A7D5644F3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{2F0584D2-8226-4B5E-8319-BADB8ACCB234}C:\users\ninjaimp\desktop\crossout\launcher.exe] => (Allow) C:\users\ninjaimp\desktop\crossout\launcher.exe
FirewallRules: [UDP Query User{C1FB0BAB-DAB9-4FC4-A237-C3A1E1CA07CB}C:\users\ninjaimp\desktop\crossout\launcher.exe] => (Allow) C:\users\ninjaimp\desktop\crossout\launcher.exe
FirewallRules: [{DA221AF0-0D73-4527-90AF-572E82AE4F3C}] => (Block) C:\users\ninjaimp\desktop\crossout\launcher.exe
FirewallRules: [{5CC3E525-2F4C-413D-B9C6-9EC74CAA7601}] => (Block) C:\users\ninjaimp\desktop\crossout\launcher.exe
FirewallRules: [TCP Query User{76F51061-3D28-4583-8B34-1E023985C88D}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{17C5AFDC-1130-4708-976C-A57C5B71A4B2}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{B00EF620-F2AA-421A-A379-67828874C5A8}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{D3E00F26-F5D9-4E70-BE82-C25EAA574AC1}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{CFA6D35A-BC04-4BAC-A17B-52653F4162C8}C:\program files (x86)\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{668F3338-65FB-47E1-AF0D-D3870A31530F}C:\program files (x86)\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [{A1E5462E-E1D0-4427-BC44-CC0259F8539F}] => (Block) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [{69272CDD-D156-4750-930F-D3EA51E3ABBC}] => (Block) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [TCP Query User{89C5FD62-CAE6-4895-9234-A45CF5D8A4BF}C:\users\ninjaimp\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\ninjaimp\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{87D444BD-B472-4FA4-B2CC-551FF2213118}C:\users\ninjaimp\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\ninjaimp\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{F536C13F-9EC6-45B6-B4B9-222DDD8A49C4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2BFA0278-7711-444C-AB67-55199B045A5C}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{62134EB3-2DC6-4A88-B4D8-BFC98E5CFE8D}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [TCP Query User{92452EF4-5258-41A4-8439-99B70E30A3CF}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{409A3A9F-3349-4AE8-B056-5526E69ECB85}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{025D362A-E97E-480E-A8C7-C5933C004515}C:\programdata\battle.net\agent\agent.6082\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6082\agent.exe
FirewallRules: [UDP Query User{1213F300-D348-4AA0-B9B5-878F189975E8}C:\programdata\battle.net\agent\agent.6082\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6082\agent.exe
FirewallRules: [{1652DA90-BC22-4885-A2E6-EDC5CF295F86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{6285F8F6-5B31-48F2-A5C0-4D3753E3B83B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{E593C9A3-D757-4068-8A85-4584CE012141}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{6F51DC7E-26CE-4C39-91E2-F02427029F29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{F92DFB3E-B5E1-43C0-ABF2-4826DF71859A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{123DCD24-BA70-4DBC-8D10-2A973F404510}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{9C6DE957-AC6F-449D-9C81-2DA34A4FAA1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusaders of the Lost Idols\Crusaders of the Lost Idols.exe
FirewallRules: [{2D6DB8C7-BA39-46F3-B3AE-73B44DCBE1D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusaders of the Lost Idols\Crusaders of the Lost Idols.exe
FirewallRules: [{1009E3CE-31EB-4BE3-B7D6-B9A0320460F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{CE1D24E8-DBF5-4DAA-A1D2-A9FBAC997047}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{EEF36122-9E34-423A-9EE8-990E04B594C7}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{C77063A4-298D-4E43-940A-6D19CE75B533}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{62E755FE-5E6D-4C6F-BB11-49B42878226E}C:\users\ninjaimp\appdata\local\mycomgames\gamecenter.exe] => (Allow) C:\users\ninjaimp\appdata\local\mycomgames\gamecenter.exe
FirewallRules: [UDP Query User{A07EE197-B99F-4C0E-B848-827CD373D1A3}C:\users\ninjaimp\appdata\local\mycomgames\gamecenter.exe] => (Allow) C:\users\ninjaimp\appdata\local\mycomgames\gamecenter.exe
FirewallRules: [TCP Query User{686AB42F-342A-4F10-A8CC-4E45B0842F72}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{CFB05639-FF26-470F-8225-65D465B741B7}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{F01F0A0E-9ED9-4D1A-B496-A789A9D0336B}C:\users\ninjaimp\documents\my games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\users\ninjaimp\documents\my games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{8A76C227-CC80-483B-9A2A-179A993269C2}C:\users\ninjaimp\documents\my games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\users\ninjaimp\documents\my games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{5522CF77-8BE8-4B5B-97A0-ABEACB029C12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{34B6F01C-DCF1-479B-9E4B-972D9AD52AF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{F7BA260F-E7FD-4724-AB8B-9443822A4A2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [{DA1ECA8B-D171-48B9-B823-C3F4FD538D03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [{0141EBE1-BF5D-4671-8D65-8FA892AB9458}] => (Allow) C:\Users\Family\AppData\Local\Chromium\Application\chrome.exe

==================== Restore Points =========================

24-04-2018 16:30:24 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2018 10:49:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 155203

Error: (04/24/2018 10:49:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 155203

Error: (04/24/2018 10:49:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/24/2018 10:46:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5781

Error: (04/24/2018 10:46:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5781

Error: (04/24/2018 10:46:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/24/2018 10:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4391

Error: (04/24/2018 10:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4391


System errors:
=============
Error: (04/24/2018 10:17:19 PM) (Source: DCOM) (EventID: 10016) (User: BESSNIMP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user BESSNIMP\Family SID (S-1-5-21-1834738719-3827053571-2362594928-1006) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/24/2018 10:15:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/24/2018 10:15:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/24/2018 10:15:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/24/2018 10:15:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/24/2018 10:15:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/24/2018 10:15:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/24/2018 10:15:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-04-24 14:44:56.150
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1DFE1213-D806-4558-912D-1E26F79B558E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-22 21:02:25.529
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {893919AB-5BF3-440A-8584-BB2A13A5B94A}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-04-09 19:44:27.175
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DD97D70A-98BC-4CEB-9D09-93898DF7764F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-09 19:13:39.299
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E456C9C3-8010-4B1E-8B08-26A3D0377456}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-01 16:27:38.063
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C90C0F0E-7CF8-4F2A-A2B7-BC6A04B7D664}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-19 15:39:49.137
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004004
Error description: Operation aborted 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-03-19 15:39:48.493
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004004
Error description: Operation aborted 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device.

Date: 2018-02-10 17:45:14.175
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-02-10 17:45:13.554
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device.

CodeIntegrity:
===================================

Date: 2018-04-24 22:58:59.573
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-24 22:58:59.570
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-24 22:28:59.632
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-24 22:28:59.631
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-24 22:19:09.582
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-24 22:19:09.580
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-24 22:14:25.727
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-24 22:14:25.725
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
Percentage of memory in use: 47%
Total physical RAM: 8127.92 MB
Available physical RAM: 4235.09 MB
Total Virtual: 15807.92 MB
Available Virtual: 11058.42 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:918.43 GB) (Free:149.06 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:11.85 GB) (Free:1.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Overwatch 1.0) (CDROM) (Total:4.83 GB) (Free:0 GB) CDFS

\\?\Volume{029c5a6a-6a91-4cd1-829b-c66f2e3ff743}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
\\?\Volume{151c66e5-c7c5-4043-8f99-d10811ddbea8}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7E10C852)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.