Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't activate antivirus software: known infection - Trojan:Win32/Fuerboos.C!cl


  • This topic is locked This topic is locked
12 replies to this topic

#1 GeekFreak

GeekFreak

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 30 April 2018 - 09:45 AM

Hello,
Within the past couple days I unwisely opened a suspicious file.  After which I noticed that my antivirus software, Panda antivirus, was deactivated and that I was unable to reactivate it.  Similarly Windows Defender can't be activated, but can perform scans (even if less than effective).  I've since tried downloading Avast, and AVG without them being able to install.  I did install Malwarebytes and was successful, it removed around 68 threats, I've run it a few times, and only after the third attempt did it come up only with PUPs.  I've also run Malwarebytes Antirootkit scan with it coming up clean.

Even with all of this I still can't activate any antivirus software, and I can tell that I still have infections because I'm getting a super slow startup since the infection AND frequent popups using chrome (not firefox, malwarebytes seems to have cleaned firefox).  When I attempt to activate the software, on each program that I can access the button to activate seems to have no effect, almost as if the button weren't there.

Thank you in advance to whoever looks through this and is able to help.  Normally I consider myself somewhat competent with computers but this is stumping me.

EDIT: This listed infection (Trojan: Win32/Fuerboos.C!cl) was reported by windows defender to be neutralized, that is simply the first trojan that I saw addressed and may be possibly the first.  I'll admit, I don't know much about infections.
FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.04.2018
Ran by Johnston (administrator) on DESKTOP-GP93H7B (30-04-2018 10:27:51)
Running from C:\Users\Johnston\Downloads
Loaded Profiles: Johnston (Available Profiles: Johnston)
Platform: Windows 10 Pro Version 1709 16299.371 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\dtmbkuesvc.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0325250.inf_amd64_f15289543c93a82a\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ContentWatch, Inc.) C:\Program Files\ContentWatch\bin\cwdaemon.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Copyright © 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Red Software) C:\Program Files\PDFescape Desktop\creator-ws.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(ContentWatch, Inc.) C:\Program Files\ContentWatch\bin\cwagent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Users\Johnston\AppData\Local\cwoueti\cwoueti.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(© 2015 Microsoft Corporation) C:\Users\Johnston\AppData\Local\Microsoft\BingSvc\BingSvc.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Akamai Technologies, Inc.) C:\Users\Johnston\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Johnston\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginThinSetupInternal.exe
() C:\Users\Johnston\AppData\Local\cwoueti\sbmwina.exe
() C:\Users\Johnston\AppData\Local\cwoueti\sbmwina.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\Johnston\AppData\Local\cwoueti\sbmwina.exe
() C:\Users\Johnston\AppData\Local\cwoueti\sbmwina.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-01-05] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-08-16] (Copyright © 2017 Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-11-26] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3642688 2018-04-23] (Dropbox, Inc.)
HKLM-x32\...\Run: [PSUAMain] => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Run: [BingSvc] => C:\Users\Johnston\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Run: [Spotify Web Helper] => C:\Users\Johnston\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-10] (Spotify Ltd)
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Run: [Spotify] => C:\Users\Johnston\AppData\Roaming\Spotify\Spotify.exe [7133808 2017-02-10] (Spotify Ltd)
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Run: [Google Update] => C:\Users\Johnston\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Run: [Zoom] => [X]
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4958912 2016-11-17] (Disc Soft Ltd)
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [6448712 2018-04-28] (GOG.com)
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46139776 2018-03-15] ()
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Johnston\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-03-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk [2018-04-28]
ShortcutTarget: Service Manager.lnk -> C:\Users\Johnston\AppData\Roaming\LocalDataNT\SkypeC0SvcService.exe (TeamViewer GmbH)
Startup: C:\Users\Johnston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk [2018-04-28]
ShortcutTarget: Service Manager.lnk -> C:\Users\Johnston\AppData\Roaming\LocalDataNT\SkypeC0SvcService.exe (TeamViewer GmbH)
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7afbfa49-d611-4a7e-97ef-0e2e8281519a}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3251292406-1508782717-557347702-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-15] (Oracle Corporation)
BHO-x32: PDFescape Desktop Helper -> {E5F815EE-1391-4A6C-A0DD-488E9A6EC0F2} -> C:\Program Files (x86)\PDFescape Desktop\creator-ie-helper.dll [2017-01-17] (Red Software)
Toolbar: HKLM-x32 - PDFescape Desktop Toolbar - {BB94CCC5-F838-412D-9760-28A307E376B5} - C:\Program Files (x86)\PDFescape Desktop\creator-ie-plugin.dll [2017-01-17] (Red Software)

FireFox:
========
FF DefaultProfile: e2ii31fw.default
FF ProfilePath: C:\Users\Johnston\AppData\Roaming\Mozilla\Firefox\Profiles\e2ii31fw.default [2018-04-30]
FF Homepage: Mozilla\Firefox\Profiles\e2ii31fw.default -> hxxp://www.bing.com/?pc=COSP&ptag=D011518-AD42D1DB7E9&form=CONMHP&conlogo=CT3334497
FF NewTab: Mozilla\Firefox\Profiles\e2ii31fw.default -> hxxp://www.bing.com/?pc=COSP&ptag=D011518-AD42D1DB7E9&form=CONMHP&conlogo=CT3334497
FF Extension: (Startmeeting.com Extension) - C:\Users\Johnston\AppData\Roaming\Mozilla\Firefox\Profiles\e2ii31fw.default\Extensions\qa-launcher@startmeeting.com.xpi [2018-01-22]
FF SearchPlugin: C:\Users\Johnston\AppData\Roaming\Mozilla\Firefox\Profiles\e2ii31fw.default\searchplugins\bing-lavasoft.xml [2018-01-14]
FF HKLM\...\Firefox\Extensions: [pdfescape_desktop_conv@pdfescape.com] - C:\Program Files\PDFescape Desktop\resources\pdfescapedesktopfirefoxextension
FF Extension: (PDFescape Desktop Creator) - C:\Program Files\PDFescape Desktop\resources\pdfescapedesktopfirefoxextension [2017-01-28] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: PDFescape Desktop -> C:\Program Files (x86)\PDFescape Desktop\np-previewer.dll [2017-01-17] (Red Software)
FF Plugin HKU\S-1-5-21-3251292406-1508782717-557347702-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Johnston\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3251292406-1508782717-557347702-1001: @talk.google.com/O1DPlugin -> C:\Users\Johnston\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3251292406-1508782717-557347702-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Johnston\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3251292406-1508782717-557347702-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Johnston\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3251292406-1508782717-557347702-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Johnston\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-02-19] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3251292406-1508782717-557347702-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Johnston\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-06-26] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-3251292406-1508782717-557347702-1001: SkypePlugin -> C:\Users\Johnston\AppData\Local\SkypePlugin\7.20.0.178\npGatewayNpapi.dll [2016-06-13] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3251292406-1508782717-557347702-1001: SkypePlugin64 -> C:\Users\Johnston\AppData\Local\SkypePlugin\7.20.0.178\npGatewayNpapi-x64.dll [2016-06-13] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Users\Johnston\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Johnston\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=502468&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default [2018-04-30]
CHR Extension: (Slides) - C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-10]
CHR Extension: (YouTube) - C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-10]
CHR Extension: (Google Search) - C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-10]
CHR Extension: (Adobe Acrobat) - C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-16]
CHR Extension: (Sheets) - C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04]
CHR Extension: (ClearPlay) - C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbaabmojnmcfjjdegknpkhgffbjekbnn [2018-03-04]
CHR Extension: (Grammarly for Chrome) - C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-04-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-07-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (Gmail) - C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-10]
CHR Extension: (Chrome Media Router) - C:\Users\Johnston\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25]
CHR HKU\S-1-5-21-3251292406-1508782717-557347702-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\lmnpvda <==== ATTENTION (Rootkit!)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0325250.inf_amd64_f15289543c93a82a\atiesrxx.exe [481768 2018-03-12] (AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1547200 2017-10-13] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-02-16] (BitRaider, LLC)
R2 CWDaemon; C:\Program Files\ContentWatch\bin\cwdaemon.exe [6175912 2016-05-26] (ContentWatch, Inc.)
S3 CWUpdaterDaemon; C:\Program Files\ContentWatch\bin\cwupdater.exe [10146504 2016-05-26] (ContentWatch, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-31] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-31] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-04-23] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1473216 2016-11-17] (Disc Soft Ltd)
R2 Dynamsoft WebTWAIN Service; C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe [1347088 2015-08-31] (Dynamsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2018-01-20] (EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [665160 2018-04-28] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8109640 2018-04-28] (GOG.com)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-02-19] (Hi-Rez Studios) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-27] (McAfee, Inc.)
S2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [110384 2017-02-14] (Panda Security, S.L.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2158912 2018-03-28] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3028808 2018-03-28] (Electronic Arts)
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
S3 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2142184 2017-01-17] (Red Software)
S3 PDFescape Desktop CrashHandler; C:\Program Files\PDFescape Desktop\crash-handler-ws.exe [926184 2017-01-17] (Red Software)
R2 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator-ws.exe [733672 2017-01-17] (Red Software)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-08-16] (Copyright © 2017 Plays.tv, LLC)
S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [47096 2017-04-25] (Panda Security, S.L.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-11] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-04-30] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-04-30] (Microsoft Corporation)
S2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [X]
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
R2 ZoomCptService; C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe -user_path C:\Users\Johnston\AppData\Roaming\Zoom

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0325250.inf_amd64_f15289543c93a82a\atikmdag.sys [41593832 2018-03-12] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0325250.inf_amd64_f15289543c93a82a\atikmpag.sys [546280 2018-03-12] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Advanced Micro Devices)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-02-16] (BitRaider)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-11-20] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-11-20] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-04-29] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-04-30] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-04-30] (Malwarebytes)
R1 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-29] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-04-30] (Malwarebytes)
R3 narcpi_wfp; C:\WINDOWS\system32\DRIVERS\narcpi_wfp.sys [42288 2016-03-09] ()
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [107488 2017-02-08] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211376 2016-07-05] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [121312 2017-02-08] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [125872 2016-07-05] (Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [80152 2016-07-06] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [116656 2016-07-05] (Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [91104 2017-02-08] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135088 2016-07-05] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [335792 2016-07-05] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [197600 2017-02-08] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123312 2016-07-05] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [278960 2016-07-05] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [125360 2016-07-05] (Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [177424 2017-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [129296 2017-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [205584 2017-02-20] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [131344 2017-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [144656 2017-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [114960 2017-02-12] (Panda Security, S.L.)
S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72112 2016-08-09] (Panda Security, S.L.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-04-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313888 2018-04-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-30] (Microsoft Corporation)
S4 klzwpmo; System32\drivers\svskeitc.sys [X]
R3 mptwzc; system32\drivers\twzcgj.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-30 10:27 - 2018-04-30 10:29 - 000027527 _____ C:\Users\Johnston\Downloads\FRST.txt
2018-04-30 10:27 - 2018-04-30 10:27 - 000000000 ____D C:\FRST
2018-04-30 10:26 - 2018-04-30 10:26 - 002405888 _____ (Farbar) C:\Users\Johnston\Downloads\FRST64.exe
2018-04-30 10:18 - 2018-04-30 10:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-04-30 10:05 - 2018-04-30 10:05 - 000000000 ____D C:\Users\Johnston\AppData\Local\dwitlas
2018-04-30 09:56 - 2018-04-30 10:00 - 000000000 _____ C:\Users\Johnston\AppData\Local\{763473B9-4945-4404-A2B0-7BCD1F70CC86}
2018-04-30 09:49 - 2018-04-30 10:06 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-04-30 09:49 - 2018-04-30 09:49 - 000000000 ____D C:\Users\Johnston\AppData\Local\wiesznx
2018-04-30 09:46 - 2018-04-30 09:51 - 000673844 _____ C:\WINDOWS\Minidump\043018-51734-01.dmp
2018-04-30 09:46 - 2018-04-30 09:46 - 1150926590 _____ C:\WINDOWS\MEMORY.DMP
2018-04-30 08:31 - 2018-04-30 08:31 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\31678178.sys
2018-04-30 08:30 - 2018-04-30 09:38 - 000000000 ____D C:\Users\Johnston\Desktop\mbar
2018-04-30 08:30 - 2018-04-30 09:38 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-30 08:30 - 2018-04-30 08:30 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Johnston\Downloads\mbar-1.10.3.1001.exe
2018-04-30 08:25 - 2018-04-30 08:26 - 338976768 _____ C:\Users\Johnston\Downloads\kav_rescue_10.iso
2018-04-30 08:21 - 2018-04-30 08:21 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\coeikxfo.sys
2018-04-29 20:01 - 2018-04-29 20:01 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xwzddcby.sys
2018-04-29 18:05 - 2018-04-29 18:05 - 000000000 ____D C:\Intel
2018-04-29 14:36 - 2018-04-29 14:36 - 000000000 ____D C:\Users\Johnston\AppData\Local\codhvgs
2018-04-29 14:33 - 2018-04-29 14:33 - 000142672 ____N C:\WINDOWS\system32\Drivers\wdklosvy.sys
2018-04-29 14:26 - 2018-04-29 14:26 - 007387624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Johnston\Downloads\notav.exe
2018-04-29 14:17 - 2018-04-29 14:21 - 000002634 _____ C:\Users\Johnston\Desktop\Rkill.txt
2018-04-29 14:15 - 2018-04-29 14:17 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\Johnston\Downloads\notkill-unsigned.exe
2018-04-29 13:47 - 2018-04-29 13:47 - 002146880 _____ (Panda Security, S.L.) C:\Users\Johnston\Downloads\PANDAFREEAV.exe
2018-04-29 13:35 - 2018-04-29 13:35 - 000000000 ____D C:\Users\Johnston\AppData\Local\pwbcmzu
2018-04-29 13:16 - 2018-04-30 10:06 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-04-29 13:16 - 2018-04-30 10:06 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-04-29 13:16 - 2018-04-29 19:50 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-04-29 13:16 - 2018-04-29 13:16 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-29 13:16 - 2018-04-29 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-29 13:16 - 2018-04-29 13:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-29 13:16 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-29 13:15 - 2018-04-29 13:15 - 074330032 _____ (Malwarebytes ) C:\Users\Johnston\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4904.exe
2018-04-29 13:15 - 2018-04-29 13:15 - 000000000 ____D C:\ProgramData\MB2Migration
2018-04-28 23:15 - 2018-04-28 23:15 - 000000000 ____D C:\Users\Johnston\AppData\Local\ticboha
2018-04-28 23:01 - 2018-04-28 23:01 - 000000000 ____D C:\Users\Johnston\AppData\Local\pwnsldm
2018-04-28 17:55 - 2018-04-28 17:55 - 000000000 ____D C:\Users\Johnston\AppData\Local\wmhbnro
2018-04-28 17:37 - 2018-04-30 10:18 - 000000000 ____D C:\Users\Johnston\AppData\Local\spcehom
2018-04-28 17:37 - 2018-04-28 17:39 - 000000000 ____D C:\Users\Johnston\AppData\Local\wmcagent
2018-04-28 17:34 - 2018-04-30 10:26 - 000000000 ____D C:\Users\Johnston\AppData\Local\cwoueti
2018-04-28 17:34 - 2018-04-28 17:34 - 000000000 ____D C:\Users\Johnston\AppData\Local\usdozvm
2018-04-28 17:32 - 2018-04-30 10:02 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\dtmbkuesvc.exe
2018-04-28 17:32 - 2018-04-28 17:32 - 000000000 ____D C:\WINDOWS\SysWOW64\msrtgon
2018-04-28 17:32 - 2018-04-28 17:32 - 000000000 ____D C:\WINDOWS\system32\msrtgon
2018-04-28 17:31 - 2018-04-30 10:12 - 000000000 ____D C:\Users\Johnston\AppData\Roaming\LocalDataNT
2018-04-28 17:31 - 2018-04-28 17:31 - 000000000 ____D C:\Users\Johnston\AppData\Roaming\et
2018-04-28 00:43 - 2018-04-28 00:43 - 000000000 ____D C:\Users\Johnston\AppData\LocalLow\Team Cherry
2018-04-28 00:39 - 2018-04-28 00:39 - 000001733 _____ C:\Users\Public\Desktop\Hollow Knight.lnk
2018-04-28 00:39 - 2018-04-28 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hollow Knight [GOG.com]
2018-04-27 09:42 - 2018-04-27 09:42 - 000318248 _____ C:\WINDOWS\system32\Drivers\993350aa96ae9d2d8afe7c3ae1d381e3.sys
2018-04-27 09:42 - 2018-04-27 09:42 - 000052429 _____ C:\WINDOWS\uninstaller.dat
2018-04-25 21:43 - 2018-04-25 21:43 - 000000000 ____D C:\Users\Johnston\Downloads\MuseumOfLegend_Win_v1.3
2018-04-25 17:32 - 2018-04-25 17:32 - 028720728 _____ C:\Users\Johnston\Downloads\MuseumOfLegend_Win_v1.3.zip
2018-04-25 17:03 - 2018-04-25 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-04-24 22:38 - 2018-04-24 22:38 - 000000000 ____D C:\Users\Johnston\AppData\Local\The_Swords_of_Ditto
2018-04-24 22:37 - 2018-04-24 22:37 - 000001208 _____ C:\Users\Johnston\Desktop\The Swords of Ditto.lnk
2018-04-24 22:36 - 2018-04-24 22:37 - 000000000 ____D C:\Program Files (x86)\The Swords of Ditto
2018-04-24 00:05 - 2018-04-24 00:05 - 000000000 ____D C:\Dynamsoft
2018-04-23 06:15 - 2018-04-23 06:15 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-04-23 06:15 - 2018-04-23 06:15 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-04-23 06:15 - 2018-04-23 06:15 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-04-23 06:15 - 2018-04-23 06:15 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-04-21 19:44 - 2018-04-21 19:44 - 000000000 ____D C:\Users\Johnston\Downloads\LEGO.MSH2.V1.0.ALL.CODEX.NODVD
2018-04-21 19:43 - 2018-04-21 19:43 - 000721901 _____ C:\Users\Johnston\Downloads\LEGO.MSH2.V1.0.ALL.CODEX.NODVD.ZIPd
2018-04-20 12:42 - 2018-04-20 12:42 - 000000000 ____D C:\Users\Johnston\AppData\Roaming\FEZ
2018-04-20 12:41 - 2018-04-20 12:41 - 000000222 _____ C:\Users\Johnston\Desktop\FEZ.url
2018-04-18 21:10 - 2018-04-18 21:10 - 000000000 ____D C:\Users\Johnston\AppData\Local\MaelstromV2
2018-04-18 17:46 - 2018-04-18 17:46 - 000000222 _____ C:\Users\Johnston\Desktop\Maelstrom.url
2018-04-15 18:53 - 2018-04-15 18:53 - 000000000 ____D C:\Users\Johnston\AppData\Local\Axolot Games
2018-04-15 18:50 - 2018-04-15 18:50 - 000000222 _____ C:\Users\Johnston\Desktop\Scrap Mechanic.url
2018-04-11 15:56 - 2018-04-11 15:56 - 000000000 ____D C:\Users\Johnston\AppData\Roaming\Yacht Club Games
2018-04-11 08:15 - 2018-04-03 15:37 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-04-11 08:15 - 2018-04-03 15:37 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-10 19:16 - 2018-03-30 01:12 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-04-10 19:16 - 2018-03-30 01:08 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-04-10 19:16 - 2018-03-30 01:06 - 000166304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-04-10 19:16 - 2018-03-30 01:03 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-04-10 19:16 - 2018-03-30 01:03 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-04-10 19:16 - 2018-03-30 01:03 - 000022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-04-10 19:16 - 2018-03-30 01:01 - 008600480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-04-10 19:16 - 2018-03-30 01:01 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-04-10 19:16 - 2018-03-30 01:01 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-04-10 19:16 - 2018-03-30 01:00 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-04-10 19:16 - 2018-03-30 00:59 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-04-10 19:16 - 2018-03-30 00:57 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-04-10 19:16 - 2018-03-30 00:55 - 000062880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-04-10 19:16 - 2018-03-30 00:54 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-04-10 19:16 - 2018-03-30 00:54 - 000461728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-04-10 19:16 - 2018-03-30 00:54 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-04-10 19:16 - 2018-03-30 00:53 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-04-10 19:16 - 2018-03-30 00:53 - 000246176 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-04-10 19:16 - 2018-03-30 00:53 - 000163744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-04-10 19:16 - 2018-03-30 00:52 - 000727456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-04-10 19:16 - 2018-03-30 00:52 - 000428960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-04-10 19:16 - 2018-03-30 00:51 - 000902928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-04-10 19:16 - 2018-03-30 00:51 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-04-10 19:16 - 2018-03-30 00:50 - 000057760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-04-10 19:16 - 2018-03-30 00:28 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-04-10 19:16 - 2018-03-30 00:27 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-04-10 19:16 - 2018-03-30 00:23 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-04-10 19:16 - 2018-03-30 00:13 - 002193176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-04-10 19:16 - 2018-03-30 00:10 - 000704080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-04-10 19:16 - 2018-03-30 00:07 - 001003160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-04-10 19:16 - 2018-03-30 00:05 - 000027040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVClientPS.dll
2018-04-10 19:16 - 2018-03-29 23:46 - 018925056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-04-10 19:16 - 2018-03-29 23:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-04-10 19:16 - 2018-03-29 23:46 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-04-10 19:16 - 2018-03-29 23:45 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-04-10 19:16 - 2018-03-29 23:45 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-04-10 19:16 - 2018-03-29 23:43 - 019355136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-04-10 19:16 - 2018-03-29 23:43 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-04-10 19:16 - 2018-03-29 23:43 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-04-10 19:16 - 2018-03-29 23:43 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2018-04-10 19:16 - 2018-03-29 23:43 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2018-04-10 19:16 - 2018-03-29 23:42 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-04-10 19:16 - 2018-03-29 23:42 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-04-10 19:16 - 2018-03-29 23:42 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-04-10 19:16 - 2018-03-29 23:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-04-10 19:16 - 2018-03-29 23:41 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-04-10 19:16 - 2018-03-29 23:41 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-04-10 19:16 - 2018-03-29 23:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-04-10 19:16 - 2018-03-29 23:41 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-04-10 19:16 - 2018-03-29 23:41 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-04-10 19:16 - 2018-03-29 23:40 - 011924992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-04-10 19:16 - 2018-03-29 23:40 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-04-10 19:16 - 2018-03-29 23:40 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-04-10 19:16 - 2018-03-29 23:39 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-04-10 19:16 - 2018-03-29 23:39 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-04-10 19:16 - 2018-03-29 23:38 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-04-10 19:16 - 2018-03-29 23:38 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-04-10 19:16 - 2018-03-29 23:38 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-04-10 19:16 - 2018-03-29 23:38 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-04-10 19:16 - 2018-03-29 23:38 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-04-10 19:16 - 2018-03-29 23:38 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-04-10 19:16 - 2018-03-29 23:38 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-04-10 19:16 - 2018-03-29 23:37 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-04-10 19:16 - 2018-03-29 23:36 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-04-10 19:16 - 2018-03-29 23:36 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-04-10 19:16 - 2018-03-29 23:36 - 002014720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-04-10 19:16 - 2018-03-29 23:36 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-04-10 19:16 - 2018-03-29 23:36 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-04-10 19:16 - 2018-03-29 23:36 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-04-10 19:16 - 2018-03-29 23:35 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-04-10 19:16 - 2018-03-29 23:35 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-04-10 19:16 - 2018-03-29 23:35 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-04-10 19:16 - 2018-03-29 23:35 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-04-10 19:16 - 2018-03-29 23:33 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-04-10 19:16 - 2018-03-29 23:33 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-04-10 19:16 - 2018-03-29 23:33 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-04-10 19:16 - 2018-03-29 23:33 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2018-04-10 19:16 - 2018-03-29 23:32 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-04-10 19:16 - 2018-03-29 23:32 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-04-10 19:16 - 2018-03-29 23:32 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-04-10 19:16 - 2018-03-29 23:32 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-04-10 19:16 - 2018-03-29 23:31 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-04-10 19:16 - 2018-03-29 23:31 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-04-10 19:16 - 2018-03-29 23:31 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-04-10 19:16 - 2018-03-29 23:31 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-04-10 19:16 - 2018-03-29 23:30 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-04-10 19:16 - 2018-03-29 23:30 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-04-10 19:16 - 2018-03-29 23:30 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-04-10 19:16 - 2018-03-29 23:30 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-04-10 19:16 - 2018-03-29 23:30 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-04-10 19:16 - 2018-03-29 23:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-04-10 19:16 - 2018-03-29 23:30 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-04-10 19:16 - 2018-03-29 23:30 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-04-10 19:16 - 2018-03-29 23:29 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-04-10 19:16 - 2018-03-29 23:29 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-04-10 19:16 - 2018-03-29 23:29 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-04-10 19:16 - 2018-03-29 23:28 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-04-10 19:16 - 2018-03-29 23:28 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-04-10 19:16 - 2018-03-29 23:28 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-04-10 19:16 - 2018-03-29 23:27 - 008104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-04-10 19:16 - 2018-03-29 23:27 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-04-10 19:16 - 2018-03-29 23:27 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-04-10 19:16 - 2018-03-29 23:27 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-04-10 19:16 - 2018-03-29 23:27 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-04-10 19:16 - 2018-03-29 23:26 - 004747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-04-10 19:16 - 2018-03-29 23:26 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-04-10 19:16 - 2018-03-29 23:25 - 002083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-04-10 19:16 - 2018-03-29 23:25 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-04-10 19:16 - 2018-03-29 23:25 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-04-10 19:16 - 2018-03-29 23:25 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-04-10 19:16 - 2018-03-29 23:25 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-04-10 19:16 - 2018-03-29 23:23 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-04-10 19:16 - 2018-03-29 23:23 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-04-10 19:16 - 2018-03-29 23:23 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-04-10 19:16 - 2018-03-29 23:20 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2018-04-10 19:16 - 2018-03-13 03:02 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-04-10 19:16 - 2018-03-13 02:59 - 000535968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-04-10 19:16 - 2018-03-13 02:58 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-04-10 19:16 - 2018-03-13 02:54 - 000555936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-04-10 19:16 - 2018-03-13 02:50 - 000617312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-04-10 19:16 - 2018-03-13 01:40 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-04-10 19:16 - 2018-03-13 01:33 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-04-10 19:16 - 2018-03-13 01:32 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-04-10 19:16 - 2018-03-13 01:28 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-04-10 19:16 - 2018-03-13 01:27 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-04-10 19:16 - 2018-03-13 01:23 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-04-10 19:16 - 2018-03-13 01:19 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-04-10 19:16 - 2018-03-13 01:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-04-10 19:16 - 2018-03-13 00:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-04-10 19:16 - 2018-03-13 00:39 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-04-10 19:16 - 2018-03-13 00:37 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-04-10 19:16 - 2018-03-13 00:33 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-04-10 19:16 - 2018-03-13 00:31 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-04-10 19:16 - 2018-03-13 00:30 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-04-10 19:16 - 2018-03-13 00:27 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2018-04-10 19:16 - 2018-03-13 00:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2018-04-10 19:15 - 2018-03-30 08:34 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-04-10 19:15 - 2018-03-30 01:18 - 001092008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-04-10 19:15 - 2018-03-30 01:14 - 000423320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-04-10 19:15 - 2018-03-30 01:12 - 000270208 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2018-04-10 19:15 - 2018-03-30 01:12 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-04-10 19:15 - 2018-03-30 01:10 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-04-10 19:15 - 2018-03-30 01:08 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-04-10 19:15 - 2018-03-30 01:08 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-04-10 19:15 - 2018-03-30 01:08 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-04-10 19:15 - 2018-03-30 01:07 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-04-10 19:15 - 2018-03-30 01:07 - 000069528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-04-10 19:15 - 2018-03-30 01:06 - 000053152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcw.sys
2018-04-10 19:15 - 2018-03-30 01:05 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-04-10 19:15 - 2018-03-30 01:05 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-04-10 19:15 - 2018-03-30 01:05 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-04-10 19:15 - 2018-03-30 01:05 - 000191824 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-04-10 19:15 - 2018-03-30 01:05 - 000073120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-04-10 19:15 - 2018-03-30 01:05 - 000066720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-04-10 19:15 - 2018-03-30 01:05 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-04-10 19:15 - 2018-03-30 01:05 - 000035744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDFHost.dll
2018-04-10 19:15 - 2018-03-30 01:05 - 000022800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll
2018-04-10 19:15 - 2018-03-30 01:05 - 000022208 _____ (Microsoft Corporation) C:\WINDOWS\system32\IumSdk.dll
2018-04-10 19:15 - 2018-03-30 01:05 - 000020888 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-04-10 19:15 - 2018-03-30 01:05 - 000015632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2018-04-10 19:15 - 2018-03-30 01:04 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-04-10 19:15 - 2018-03-30 01:04 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-04-10 19:15 - 2018-03-30 01:04 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-04-10 19:15 - 2018-03-30 01:03 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-04-10 19:15 - 2018-03-30 01:03 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-04-10 19:15 - 2018-03-30 01:03 - 000508272 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-04-10 19:15 - 2018-03-30 01:03 - 000479920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-04-10 19:15 - 2018-03-30 01:03 - 000460704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-04-10 19:15 - 2018-03-30 01:03 - 000292384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-04-10 19:15 - 2018-03-30 01:03 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-04-10 19:15 - 2018-03-30 01:03 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-04-10 19:15 - 2018-03-30 01:03 - 000139680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-04-10 19:15 - 2018-03-30 01:03 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-04-10 19:15 - 2018-03-30 01:02 - 000128416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-04-10 19:15 - 2018-03-30 01:01 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-04-10 19:15 - 2018-03-30 01:01 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-04-10 19:15 - 2018-03-30 01:01 - 000034208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys
2018-04-10 19:15 - 2018-03-30 01:00 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2018-04-10 19:15 - 2018-03-30 01:00 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2018-04-10 19:15 - 2018-03-30 00:59 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-04-10 19:15 - 2018-03-30 00:58 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-04-10 19:15 - 2018-03-30 00:58 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-04-10 19:15 - 2018-03-30 00:58 - 000039328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2018-04-10 19:15 - 2018-03-30 00:57 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-04-10 19:15 - 2018-03-30 00:57 - 000711944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-04-10 19:15 - 2018-03-30 00:57 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-04-10 19:15 - 2018-03-30 00:57 - 000121248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2018-04-10 19:15 - 2018-03-30 00:57 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-04-10 19:15 - 2018-03-30 00:57 - 000031640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-04-10 19:15 - 2018-03-30 00:56 - 000018680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2018-04-10 19:15 - 2018-03-30 00:55 - 000367344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-04-10 19:15 - 2018-03-30 00:54 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-04-10 19:15 - 2018-03-30 00:54 - 000670112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-04-10 19:15 - 2018-03-30 00:54 - 000645536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-04-10 19:15 - 2018-03-30 00:53 - 007676304 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-04-10 19:15 - 2018-03-30 00:53 - 002220952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-04-10 19:15 - 2018-03-30 00:53 - 000831392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-04-10 19:15 - 2018-03-30 00:53 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-04-10 19:15 - 2018-03-30 00:53 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-04-10 19:15 - 2018-03-30 00:53 - 000495008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-04-10 19:15 - 2018-03-30 00:53 - 000094080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2018-04-10 19:15 - 2018-03-30 00:53 - 000040352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClientPS.dll
2018-04-10 19:15 - 2018-03-30 00:52 - 021351632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-04-10 19:15 - 2018-03-30 00:52 - 002457504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-04-10 19:15 - 2018-03-30 00:52 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-04-10 19:15 - 2018-03-30 00:52 - 000282528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2018-04-10 19:15 - 2018-03-30 00:52 - 000247480 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2018-04-10 19:15 - 2018-03-30 00:52 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-04-10 19:15 - 2018-03-30 00:52 - 000054688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys
2018-04-10 19:15 - 2018-03-30 00:52 - 000047512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2018-04-10 19:15 - 2018-03-30 00:52 - 000028520 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2018-04-10 19:15 - 2018-03-30 00:51 - 000125568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-04-10 19:15 - 2018-03-30 00:51 - 000123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2018-04-10 19:15 - 2018-03-30 00:51 - 000071208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-04-10 19:15 - 2018-03-30 00:50 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-04-10 19:15 - 2018-03-30 00:49 - 000204184 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-04-10 19:15 - 2018-03-30 00:48 - 001778584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-04-10 19:15 - 2018-03-30 00:48 - 001628064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-04-10 19:15 - 2018-03-30 00:48 - 001420696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-04-10 19:15 - 2018-03-30 00:48 - 001101728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-04-10 19:15 - 2018-03-30 00:48 - 000819104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-04-10 19:15 - 2018-03-30 00:48 - 000813984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-04-10 19:15 - 2018-03-30 00:48 - 000744856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-04-10 19:15 - 2018-03-30 00:48 - 000614304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-04-10 19:15 - 2018-03-30 00:48 - 000586800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110_win.dll
2018-04-10 19:15 - 2018-03-30 00:48 - 000397720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-04-10 19:15 - 2018-03-30 00:48 - 000231328 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-04-10 19:15 - 2018-03-30 00:28 - 000777912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-04-10 19:15 - 2018-03-30 00:24 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-04-10 19:15 - 2018-03-30 00:19 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-04-10 19:15 - 2018-03-30 00:18 - 000016600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshhyperv.dll
2018-04-10 19:15 - 2018-03-30 00:16 - 000289824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-04-10 19:15 - 2018-03-30 00:13 - 000450936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-04-10 19:15 - 2018-03-30 00:13 - 000073896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2018-04-10 19:15 - 2018-03-30 00:12 - 000186520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2018-04-10 19:15 - 2018-03-30 00:10 - 000099240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-04-10 19:15 - 2018-03-30 00:09 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-04-10 19:15 - 2018-03-30 00:06 - 000180632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-04-10 19:15 - 2018-03-30 00:05 - 001491360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-04-10 19:15 - 2018-03-30 00:04 - 000417368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110_win.dll
2018-04-10 19:15 - 2018-03-29 23:55 - 025253888 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-04-10 19:15 - 2018-03-29 23:46 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-04-10 19:15 - 2018-03-29 23:45 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-04-10 19:15 - 2018-03-29 23:44 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2018-04-10 19:15 - 2018-03-29 23:44 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2018-04-10 19:15 - 2018-03-29 23:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-04-10 19:15 - 2018-03-29 23:43 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2018-04-10 19:15 - 2018-03-29 23:43 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2018-04-10 19:15 - 2018-03-29 23:43 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2018-04-10 19:15 - 2018-03-29 23:43 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2018-04-10 19:15 - 2018-03-29 23:43 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-04-10 19:15 - 2018-03-29 23:43 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2018-04-10 19:15 - 2018-03-29 23:43 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2018-04-10 19:15 - 2018-03-29 23:43 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-10 19:15 - 2018-03-29 23:43 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2018-04-10 19:15 - 2018-03-29 23:43 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-04-10 19:15 - 2018-03-29 23:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-04-10 19:15 - 2018-03-29 23:43 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2018-04-10 19:15 - 2018-03-29 23:43 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2018-04-10 19:15 - 2018-03-29 23:43 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-04-10 19:15 - 2018-03-29 23:43 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2018-04-10 19:15 - 2018-03-29 23:43 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2018-04-10 19:15 - 2018-03-29 23:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2018-04-10 19:15 - 2018-03-29 23:43 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2018-04-10 19:15 - 2018-03-29 23:42 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2018-04-10 19:15 - 2018-03-29 23:42 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2018-04-10 19:15 - 2018-03-29 23:42 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-04-10 19:15 - 2018-03-29 23:42 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2018-04-10 19:15 - 2018-03-29 23:42 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2018-04-10 19:15 - 2018-03-29 23:42 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2018-04-10 19:15 - 2018-03-29 23:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-04-10 19:15 - 2018-03-29 23:41 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-04-10 19:15 - 2018-03-29 23:41 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2018-04-10 19:15 - 2018-03-29 23:40 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2018-04-10 19:15 - 2018-03-29 23:40 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-04-10 19:15 - 2018-03-29 23:40 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2018-04-10 19:15 - 2018-03-29 23:40 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2018-04-10 19:15 - 2018-03-29 23:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2018-04-10 19:15 - 2018-03-29 23:39 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-04-10 19:15 - 2018-03-29 23:37 - 001298944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-04-10 19:15 - 2018-03-29 23:36 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-04-10 19:15 - 2018-03-29 23:36 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-04-10 19:15 - 2018-03-29 23:36 - 000098304 _____ C:\WINDOWS\system32\runexehelper.exe
2018-04-10 19:15 - 2018-03-29 23:35 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-04-10 19:15 - 2018-03-29 23:35 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-04-10 19:15 - 2018-03-29 23:35 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-04-10 19:15 - 2018-03-29 23:35 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-04-10 19:15 - 2018-03-29 23:35 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2018-04-10 19:15 - 2018-03-29 23:35 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-04-10 19:15 - 2018-03-29 23:35 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-04-10 19:15 - 2018-03-29 23:35 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-04-10 19:15 - 2018-03-29 23:35 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-04-10 19:15 - 2018-03-29 23:35 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-04-10 19:15 - 2018-03-29 23:34 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000707584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irda.sys
2018-04-10 19:15 - 2018-03-29 23:33 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2018-04-10 19:15 - 2018-03-29 23:33 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-04-10 19:15 - 2018-03-29 23:33 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2018-04-10 19:15 - 2018-03-29 23:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2018-04-10 19:15 - 2018-03-29 23:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapPeerProxy.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HyperVideo.sys
2018-04-10 19:15 - 2018-03-29 23:33 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2018-04-10 19:15 - 2018-03-29 23:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2018-04-10 19:15 - 2018-03-29 23:33 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2018-04-10 19:15 - 2018-03-29 23:33 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2018-04-10 19:15 - 2018-03-29 23:33 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2018-04-10 19:15 - 2018-03-29 23:33 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-04-10 19:15 - 2018-03-29 23:33 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-04-10 19:15 - 2018-03-29 23:33 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2018-04-10 19:15 - 2018-03-29 23:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-04-10 19:15 - 2018-03-29 23:32 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2018-04-10 19:15 - 2018-03-29 23:32 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2018-04-10 19:15 - 2018-03-29 23:32 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2018-04-10 19:15 - 2018-03-29 23:32 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\efslsaext.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys
2018-04-10 19:15 - 2018-03-29 23:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lltdio.sys
2018-04-10 19:15 - 2018-03-29 23:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2018-04-10 19:15 - 2018-03-29 23:32 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdPnp.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2018-04-10 19:15 - 2018-03-29 23:32 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-04-10 19:15 - 2018-03-29 23:32 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmiprop.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWNet.dll
2018-04-10 19:15 - 2018-03-29 23:32 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfhost.exe
2018-04-10 19:15 - 2018-03-29 23:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2018-04-10 19:15 - 2018-03-29 23:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2018-04-10 19:15 - 2018-03-29 23:32 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2018-04-10 19:15 - 2018-03-29 23:31 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2018-04-10 19:15 - 2018-03-29 23:31 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2018-04-10 19:15 - 2018-03-29 23:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-04-10 19:15 - 2018-03-29 23:31 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-04-10 19:15 - 2018-03-29 23:31 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2018-04-10 19:15 - 2018-03-29 23:30 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-04-10 19:15 - 2018-03-29 23:30 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-04-10 19:15 - 2018-03-29 23:30 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-04-10 19:15 - 2018-03-29 23:30 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2018-04-10 19:15 - 2018-03-29 23:30 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-04-10 19:15 - 2018-03-29 23:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2018-04-10 19:15 - 2018-03-29 23:30 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-04-10 19:15 - 2018-03-29 23:30 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-04-10 19:15 - 2018-03-29 23:30 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-04-10 19:15 - 2018-03-29 23:29 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-04-10 19:15 - 2018-03-29 23:29 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-04-10 19:15 - 2018-03-29 23:29 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2018-04-10 19:15 - 2018-03-29 23:29 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-04-10 19:15 - 2018-03-29 23:29 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-04-10 19:15 - 2018-03-29 23:29 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-04-10 19:15 - 2018-03-29 23:29 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-04-10 19:15 - 2018-03-29 23:29 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-04-10 19:15 - 2018-03-29 23:29 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-04-10 19:15 - 2018-03-29 23:29 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2018-04-10 19:15 - 2018-03-29 23:29 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2018-04-10 19:15 - 2018-03-29 23:28 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-04-10 19:15 - 2018-03-29 23:28 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-04-10 19:15 - 2018-03-29 23:28 - 000984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-04-10 19:15 - 2018-03-29 23:28 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-04-10 19:15 - 2018-03-29 23:28 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-04-10 19:15 - 2018-03-29 23:28 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2018-04-10 19:15 - 2018-03-29 23:28 - 000721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-04-10 19:15 - 2018-03-29 23:28 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-04-10 19:15 - 2018-03-29 23:28 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-04-10 19:15 - 2018-03-29 23:28 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-04-10 19:15 - 2018-03-29 23:28 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2018-04-10 19:15 - 2018-03-29 23:27 - 003170816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-04-10 19:15 - 2018-03-29 23:27 - 001002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-04-10 19:15 - 2018-03-29 23:27 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-04-10 19:15 - 2018-03-29 23:27 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-04-10 19:15 - 2018-03-29 23:27 - 000889856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-04-10 19:15 - 2018-03-29 23:27 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-04-10 19:15 - 2018-03-29 23:27 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-04-10 19:15 - 2018-03-29 23:27 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2018-04-10 19:15 - 2018-03-29 23:26 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-04-10 19:15 - 2018-03-29 23:26 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-04-10 19:15 - 2018-03-29 23:26 - 001955328 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2018-04-10 19:15 - 2018-03-29 23:26 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-04-10 19:15 - 2018-03-29 23:26 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-04-10 19:15 - 2018-03-29 23:26 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-04-10 19:15 - 2018-03-29 23:26 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-04-10 19:15 - 2018-03-29 23:26 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-04-10 19:15 - 2018-03-29 23:25 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-04-10 19:15 - 2018-03-29 23:25 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-04-10 19:15 - 2018-03-29 23:25 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-04-10 19:15 - 2018-03-29 23:25 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-04-10 19:15 - 2018-03-29 23:25 - 001055744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-04-10 19:15 - 2018-03-29 23:25 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-04-10 19:15 - 2018-03-29 23:25 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-04-10 19:15 - 2018-03-29 23:25 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2018-04-10 19:15 - 2018-03-29 23:25 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2018-04-10 19:15 - 2018-03-29 23:25 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2018-04-10 19:15 - 2018-03-29 23:24 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-04-10 19:15 - 2018-03-29 23:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-04-10 19:15 - 2018-03-29 23:23 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2018-04-10 19:15 - 2018-03-29 23:23 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2018-04-10 19:15 - 2018-03-29 23:23 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-04-10 19:15 - 2018-03-29 23:22 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-04-10 19:15 - 2018-03-29 23:22 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2018-04-10 19:15 - 2018-03-29 23:22 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys
2018-04-10 19:15 - 2018-03-29 23:21 - 002511360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-04-10 19:15 - 2018-03-29 23:21 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-04-10 19:15 - 2018-03-29 23:20 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2018-04-10 19:15 - 2018-03-29 23:20 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2018-04-10 19:15 - 2018-03-29 23:20 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2018-04-10 19:15 - 2018-03-29 23:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2018-04-10 19:15 - 2018-03-29 23:20 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2018-04-10 19:15 - 2018-03-29 23:20 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-04-10 19:15 - 2018-03-29 23:20 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPnp.dll
2018-04-10 19:15 - 2018-03-29 23:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2018-04-10 19:15 - 2018-03-29 23:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2018-04-10 19:15 - 2018-03-29 23:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2018-04-10 19:15 - 2018-03-29 23:20 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys
2018-04-10 19:15 - 2018-03-28 15:54 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-04-10 19:15 - 2018-03-13 03:03 - 005907288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-04-10 19:15 - 2018-03-13 03:03 - 000779960 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-04-10 19:15 - 2018-03-13 03:03 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-04-10 19:15 - 2018-03-13 03:03 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-04-10 19:15 - 2018-03-13 03:03 - 000279960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-04-10 19:15 - 2018-03-13 02:58 - 000441248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-04-10 19:15 - 2018-03-13 02:58 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-04-10 19:15 - 2018-03-13 02:55 - 001778360 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-04-10 19:15 - 2018-03-13 02:55 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-04-10 19:15 - 2018-03-13 02:55 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2018-04-10 19:15 - 2018-03-13 02:55 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-04-10 19:15 - 2018-03-13 02:54 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-04-10 19:15 - 2018-03-13 02:53 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-04-10 19:15 - 2018-03-13 02:53 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2018-04-10 19:15 - 2018-03-13 02:53 - 000143264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2018-04-10 19:15 - 2018-03-13 02:53 - 000113568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-04-10 19:15 - 2018-03-13 02:53 - 000091152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2018-04-10 19:15 - 2018-03-13 02:52 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-04-10 19:15 - 2018-03-13 02:52 - 000172112 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2018-04-10 19:15 - 2018-03-13 02:52 - 000127136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2018-04-10 19:15 - 2018-03-13 02:51 - 002773408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-04-10 19:15 - 2018-03-13 01:41 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-04-10 19:15 - 2018-03-13 01:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-04-10 19:15 - 2018-03-13 01:38 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2018-04-10 19:15 - 2018-03-13 01:38 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-04-10 19:15 - 2018-03-13 01:38 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2018-04-10 19:15 - 2018-03-13 01:37 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2018-04-10 19:15 - 2018-03-13 01:37 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2018-04-10 19:15 - 2018-03-13 01:37 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2018-04-10 19:15 - 2018-03-13 01:36 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2018-04-10 19:15 - 2018-03-13 01:36 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-04-10 19:15 - 2018-03-13 01:35 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-04-10 19:15 - 2018-03-13 01:35 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-04-10 19:15 - 2018-03-13 01:35 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-04-10 19:15 - 2018-03-13 01:35 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2018-04-10 19:15 - 2018-03-13 01:35 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-04-10 19:15 - 2018-03-13 01:35 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-04-10 19:15 - 2018-03-13 01:35 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlgpclnt.dll
2018-04-10 19:15 - 2018-03-13 01:34 - 008727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-04-10 19:15 - 2018-03-13 01:34 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-04-10 19:15 - 2018-03-13 01:34 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-04-10 19:15 - 2018-03-13 01:34 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-04-10 19:15 - 2018-03-13 01:34 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2018-04-10 19:15 - 2018-03-13 01:33 - 007544832 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-04-10 19:15 - 2018-03-13 01:33 - 001574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-04-10 19:15 - 2018-03-13 01:33 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-04-10 19:15 - 2018-03-13 01:33 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2018-04-10 19:15 - 2018-03-13 01:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-04-10 19:15 - 2018-03-13 01:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2018-04-10 19:15 - 2018-03-13 01:32 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-04-10 19:15 - 2018-03-13 01:32 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2018-04-10 19:15 - 2018-03-13 01:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2018-04-10 19:15 - 2018-03-13 01:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-04-10 19:15 - 2018-03-13 01:32 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-04-10 19:15 - 2018-03-13 01:31 - 002849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-04-10 19:15 - 2018-03-13 01:31 - 001263104 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-04-10 19:15 - 2018-03-13 01:31 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-04-10 19:15 - 2018-03-13 01:31 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2018-04-10 19:15 - 2018-03-13 01:31 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2018-04-10 19:15 - 2018-03-13 01:30 - 007145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-04-10 19:15 - 2018-03-13 01:30 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-04-10 19:15 - 2018-03-13 01:30 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-04-10 19:15 - 2018-03-13 01:30 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-04-10 19:15 - 2018-03-13 01:30 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2018-04-10 19:15 - 2018-03-13 01:30 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-04-10 19:15 - 2018-03-13 01:29 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-04-10 19:15 - 2018-03-13 01:28 - 003160576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-04-10 19:15 - 2018-03-13 01:28 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-04-10 19:15 - 2018-03-13 01:28 - 001967104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-04-10 19:15 - 2018-03-13 01:28 - 001157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-04-10 19:15 - 2018-03-13 01:28 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-04-10 19:15 - 2018-03-13 01:28 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-04-10 19:15 - 2018-03-13 01:28 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-04-10 19:15 - 2018-03-13 01:27 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-04-10 19:15 - 2018-03-13 01:27 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-04-10 19:15 - 2018-03-13 01:26 - 001737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-04-10 19:15 - 2018-03-13 01:26 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-04-10 19:15 - 2018-03-13 01:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-04-10 19:15 - 2018-03-13 01:25 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2018-04-10 19:15 - 2018-03-13 01:24 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2018-04-10 19:15 - 2018-03-13 01:24 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-04-10 19:15 - 2018-03-13 01:24 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-04-10 19:15 - 2018-03-13 01:23 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-04-10 19:15 - 2018-03-13 01:23 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-04-10 19:15 - 2018-03-13 01:22 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-04-10 19:15 - 2018-03-13 01:22 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2018-04-10 19:15 - 2018-03-13 01:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-04-10 19:15 - 2018-03-13 01:22 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-04-10 19:15 - 2018-03-13 01:19 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-04-10 19:15 - 2018-03-13 01:19 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-04-10 19:15 - 2018-03-13 01:08 - 001555784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-04-10 19:15 - 2018-03-13 01:08 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-04-10 19:15 - 2018-03-13 01:07 - 000115104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-04-10 19:15 - 2018-03-13 01:06 - 000564640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2018-04-10 19:15 - 2018-03-13 01:04 - 006481096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-04-10 19:15 - 2018-03-13 01:04 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-04-10 19:15 - 2018-03-13 01:04 - 000140592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2018-04-10 19:15 - 2018-03-13 00:44 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-04-10 19:15 - 2018-03-13 00:44 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-04-10 19:15 - 2018-03-13 00:40 - 006118400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-04-10 19:15 - 2018-03-13 00:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-04-10 19:15 - 2018-03-13 00:40 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2018-04-10 19:15 - 2018-03-13 00:39 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2018-04-10 19:15 - 2018-03-13 00:39 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-04-10 19:15 - 2018-03-13 00:39 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-04-10 19:15 - 2018-03-13 00:38 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-04-10 19:15 - 2018-03-13 00:38 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlgpclnt.dll
2018-04-10 19:15 - 2018-03-13 00:37 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-04-10 19:15 - 2018-03-13 00:37 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2018-04-10 19:15 - 2018-03-13 00:37 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2018-04-10 19:15 - 2018-03-13 00:37 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-04-10 19:15 - 2018-03-13 00:37 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2018-04-10 19:15 - 2018-03-13 00:37 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-04-10 19:15 - 2018-03-13 00:37 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2018-04-10 19:15 - 2018-03-13 00:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-04-10 19:15 - 2018-03-13 00:36 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-04-10 19:15 - 2018-03-13 00:36 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-04-10 19:15 - 2018-03-13 00:35 - 006204416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-04-10 19:15 - 2018-03-13 00:34 - 002409984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-04-10 19:15 - 2018-03-13 00:34 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-04-10 19:15 - 2018-03-13 00:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-04-10 19:15 - 2018-03-13 00:32 - 002577408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-04-10 19:15 - 2018-03-13 00:32 - 001948672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-04-10 19:15 - 2018-03-13 00:31 - 001348608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-04-10 19:15 - 2018-03-13 00:31 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-04-10 19:15 - 2018-03-13 00:31 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-04-10 19:15 - 2018-03-13 00:30 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-04-10 19:15 - 2018-03-13 00:28 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-04-10 19:15 - 2018-03-13 00:26 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2018-04-10 19:15 - 2017-11-26 09:32 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-04-10 19:15 - 2017-11-26 07:12 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-04-09 19:52 - 2018-04-09 19:52 - 000000222 _____ C:\Users\Johnston\Desktop\FTL Faster Than Light.url
2018-04-04 15:36 - 2018-04-04 15:36 - 000000000 ____D C:\Users\Johnston\AppData\Roaming\Carbon
2018-04-04 15:35 - 2018-04-04 15:35 - 000000222 _____ C:\Users\Johnston\Desktop\AirMech Strike.url
2018-04-03 21:20 - 2018-04-03 21:20 - 000000000 ____D C:\Users\Johnston\Documents\Cellar Door Games
2018-04-03 21:17 - 2018-04-03 21:17 - 000001144 _____ C:\Users\Johnston\Desktop\Full Metal Furies.lnk
2018-04-03 21:17 - 2018-04-03 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Metal Furies
2018-04-03 21:17 - 2018-04-03 21:17 - 000000000 ____D C:\Program Files (x86)\Full Metal Furies

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-30 10:17 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-30 10:16 - 2017-09-29 09:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-04-30 10:16 - 2015-12-29 10:01 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-04-30 10:13 - 2016-11-16 14:40 - 000000000 ____D C:\Users\Johnston\AppData\LocalLow\Mozilla
2018-04-30 10:10 - 2017-07-10 12:21 - 000000000 ___RD C:\Users\Johnston\Google Drive
2018-04-30 10:03 - 2017-12-11 11:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-30 10:03 - 2017-12-11 10:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-30 10:03 - 2016-09-07 22:53 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-04-30 10:03 - 2015-12-28 23:26 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net Nanny.lnk
2018-04-30 09:47 - 2017-12-11 11:02 - 000000000 ____D C:\Users\Johnston
2018-04-30 09:46 - 2017-12-12 16:11 - 000000000 ____D C:\WINDOWS\Minidump
2018-04-30 09:45 - 2017-09-29 04:45 - 017039360 _____ C:\WINDOWS\system32\config\HARDWARE
2018-04-30 09:36 - 2016-01-02 22:21 - 000000000 ____D C:\Users\Johnston\AppData\Local\CrashDumps
2018-04-30 08:31 - 2016-02-15 12:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-30 08:23 - 2017-12-11 11:40 - 000004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8DE59029-CE98-49D1-8709-22D2258B1B40}
2018-04-30 00:39 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-04-30 00:39 - 2015-12-28 22:12 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-29 19:45 - 2016-01-29 22:19 - 000000000 ____D C:\Warhammer
2018-04-29 14:45 - 2018-03-13 15:14 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-29 14:33 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-29 14:33 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-04-29 14:33 - 2017-07-04 12:04 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-04-29 13:29 - 2017-06-30 09:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-29 13:28 - 2016-07-16 07:47 - 000000000 ____D C:\ProgramData\Comms
2018-04-29 13:16 - 2016-02-15 12:19 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-28 18:01 - 2017-09-29 04:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-04-28 17:59 - 2016-01-10 23:39 - 000000000 ____D C:\Users\Johnston\AppData\Roaming\BitTorrent
2018-04-28 17:50 - 2018-01-10 11:32 - 000000000 ____D C:\Users\Johnston\Documents\Marc's Folder
2018-04-28 08:08 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-28 00:41 - 2016-12-07 13:47 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2018-04-28 00:35 - 2016-03-27 22:43 - 000000000 ____D C:\GOG Games
2018-04-27 17:00 - 2016-09-23 10:13 - 000000000 ____D C:\Users\Johnston\Documents\Zoom
2018-04-27 15:09 - 2018-03-30 09:37 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-04-27 14:28 - 2016-02-04 18:19 - 000000000 ____D C:\Users\Johnston\AppData\Local\Ubisoft Game Launcher
2018-04-27 09:33 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-26 13:11 - 2016-06-27 20:56 - 000162155 _____ C:\Users\Johnston\Documents\starburn.txt
2018-04-25 17:04 - 2017-01-31 23:42 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-04-23 18:30 - 2016-01-07 18:27 - 000000000 ____D C:\Users\Johnston\AppData\Roaming\.minecraft
2018-04-21 19:45 - 2016-01-09 10:54 - 000000000 ____D C:\Users\Johnston\AppData\Roaming\Warner Bros. Interactive Entertainment
2018-04-20 12:41 - 2016-12-10 11:54 - 000000000 ____D C:\Users\Johnston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-04-20 09:43 - 2017-12-11 11:23 - 001316982 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-18 12:39 - 2016-01-01 23:38 - 000000000 ____D C:\ProgramData\panda_url_filtering
2018-04-17 22:14 - 2016-03-27 22:43 - 000000000 ____D C:\Users\Johnston\AppData\Roaming\StardewValley
2018-04-17 12:38 - 2018-02-18 10:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2018-04-12 12:47 - 2016-02-15 17:50 - 000000000 ____D C:\Program Files (x86)\Origin
2018-04-12 09:28 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-04-11 10:17 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-11 08:14 - 2017-12-11 10:57 - 000359960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-10 23:27 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-04-10 23:27 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-04-10 23:27 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-10 23:27 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-04-10 23:01 - 2018-03-13 21:01 - 000004594 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-10 23:01 - 2017-12-11 11:40 - 000004606 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-04-10 23:01 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-04-10 23:01 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-04-10 19:36 - 2015-12-29 09:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-10 19:30 - 2017-10-10 21:36 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-10 19:29 - 2015-12-29 09:59 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-10 19:18 - 2017-12-11 13:42 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-04-09 20:44 - 2015-12-28 22:30 - 000000000 ____D C:\Users\Johnston\AppData\Local\Comms
2018-04-03 10:12 - 2015-12-28 23:25 - 000000000 ____D C:\Users\Johnston\AppData\Local\ContentWatch
2018-04-01 21:19 - 2016-09-07 12:51 - 000000000 ____D C:\Users\Johnston\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2018-01-15 22:08 - 2018-01-15 22:08 - 000000000 _____ () C:\Users\Johnston\AppData\Roaming\FC29FA0894FE.ini
2017-06-01 16:50 - 2017-12-30 11:08 - 000009298 _____ () C:\Users\Johnston\AppData\Roaming\SpeedRunnersLog.txt
2017-11-21 17:22 - 2017-11-21 17:22 - 000001822 _____ () C:\Users\Johnston\AppData\Local\recently-used.xbel
2018-04-30 09:56 - 2018-04-30 10:00 - 000000000 _____ () C:\Users\Johnston\AppData\Local\{763473B9-4945-4404-A2B0-7BCD1F70CC86}

Some files in TEMP:
====================
2018-04-28 17:30 - 2018-04-28 17:30 - 000976896 _____ () C:\Users\Johnston\AppData\Local\Temp\Audio.exe
2018-04-28 17:30 - 2018-04-28 17:30 - 001793364 _____ () C:\Users\Johnston\AppData\Local\Temp\gimi.exe
2018-04-28 17:30 - 2018-04-28 17:30 - 004206358 _____ () C:\Users\Johnston\AppData\Local\Temp\svtdm.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\wdklosvy.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-04-24 09:15

==================== End of FRST.txt ============================
Mod Edit:  Merged posts - Hamluis.
Update: Windows Defender keeps finding the following on it's own:
Trojan:Win32 Tiggre!rfn
Trojan:Win32/Fuerboos.C!cl

Both of these I just noticed have popped up multiple times, including one just a few minutes ago
 

Edited by hamluis, 30 April 2018 - 10:13 AM.


BC AdBot (Login to Remove)

 


#2 GeekFreak

GeekFreak
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 30 April 2018 - 09:55 AM

Here is the addition.txt


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by Johnston (30-04-2018 10:30:28)
Running from C:\Users\Johnston\Downloads
Windows 10 Pro Version 1709 16299.371 (X64) (2017-12-11 15:42:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3251292406-1508782717-557347702-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3251292406-1508782717-557347702-503 - Limited - Disabled)
Guest (S-1-5-21-3251292406-1508782717-557347702-501 - Limited - Disabled)
Johnston (S-1-5-21-3251292406-1508782717-557347702-1001 - Administrator - Enabled) => C:\Users\Johnston
WDAGUtilityAccount (S-1-5-21-3251292406-1508782717-557347702-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Free Antivirus (Disabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Disabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.3.2 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Arcanum Of Steamworks and Magick Obscura (HKLM-x32\...\GOGPACKARCANUM_is1) (Version: 2.0.0.15 - GOG.com)
Armello (HKLM-x32\...\Armello_is1) (Version:  - )
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Backup and Sync from Google (HKLM\...\{4B7277C7-9CEE-45FC-B36B-19AD28281B9C}) (Version: 3.40.8921.5350 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitTorrent (HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\BitTorrent) (Version: 7.10.3.44359 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brigador: Up-Armored Edition (HKLM-x32\...\1356485086_is1) (Version: 1.3 - GOG.com)
Camtasia 9 (HKLM\...\{8AD50DED-EE14-4FEC-BC2C-F229C3BEFE58}) (Version: 9.0.3.1627 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{1d9398f4-c133-41a0-9ea1-1600af791234}) (Version: 9.0.3.1627 - TechSmith Corporation)
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Cosmoteer 0.12.9 (HKLM\...\{BC4C8EB1-3CD1-465D-B4D3-A15F9F0B4C4F}_is1) (Version: 0.12.9 - Walt Destler)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0220 - Disc Soft Ltd)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.64) (Version: 1.1.0.64 - DAZ 3D)
Death Road to Canada (HKLM-x32\...\1960384075_is1) (Version: 05.12.2017 - GOG.com)
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
Divinity: Original Sin 2 (HKLM-x32\...\1584823040_is1) (Version: 3.0.141.716 - GOG.com)
Dropbox (HKLM-x32\...\Dropbox) (Version: 48.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
DuelystLauncher (HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\launcher) (Version: 0.0.9 - Counterplay Games Inc.)
Dungeons & Dragons Online v2600.0045.9717.4070 (HKLM-x32\...\bc8a6440-918f-11dd-ad8b-0800200c9a66_is1) (Version: 2600.0045.9717.4070 - Standing Stone Games, LLC)
Dynamic Web TWAIN HTML5 Edition (HKLM-x32\...\{B4D31736-4D13-4BCD-B050-7DD3E45C1650}) (Version: 11.1.831 - Dynamsoft)
Easy2Convert JPG to PSD 2.3 (HKLM-x32\...\{F4FC9478-6738-48A1-AEAE-C970624C03C5}_is1) (Version: 2.3 - Easy2Convert Software)
Endless.Space.2.Deluxe.Edition.ENG.Repack version 1.0 (HKLM-x32\...\{AA93BC02-14D8-445F-BF4E-2382939EA626}}_is1) (Version: 1.0 - Ali213.net)
Epic Games Launcher (HKLM-x32\...\{A9C35F4D-0340-4588-A3F2-71DF8CD2C456}) (Version: 1.1.117.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 3.03 - NCH Software)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FLV and Media Player 4.2.1.1 (HKLM-x32\...\FLV and Media Player) (Version: 4.2.1.1 - Applian Technologies)
Free2X Webcam Recorder 1.0.0.1 (HKLM-x32\...\Free2X Webcam Recorder_is1) (Version:  - )
Full Metal Furies (HKLM-x32\...\Full Metal Furies_is1) (Version:  - )
Gnaural ver. 1.0.20110606 (HKLM-x32\...\Gnaural_is1) (Version:  - Bret Logan)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hand of Fate 2 (HKLM\...\aGFuZG9mZmF0ZTI_is1) (Version: 1 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.5.1 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hollow Knight (HKLM-x32\...\1308320804_is1) (Version: 1.0.3.7 - GOG.com)
Inkscape 0.92.2 (HKLM-x32\...\Inkscape) (Version: 0.92.2 - Inkscape Project)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
K-Lite Codec Pack 13.7.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.7.5 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LEGO Worlds (HKLM-x32\...\LEGO Worlds_is1) (Version:  - )
Lovers in a Dangerous Spacetime (HKLM-x32\...\1441290254_is1) (Version: 2.2.0.3 - GOG.com)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 4.10 - NCH Software)
Moon Hunters (HKLM-x32\...\1452776767_is1) (Version: 2.0.3376 - GOG.com)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
NCH Tone Generator (HKLM-x32\...\ToneGen) (Version: 3.12 - NCH Software)
Net Nanny (HKLM\...\{6C556918-1505-485E-B92A-325F0C2585B0}) (Version: 7.2.6.1 - ContentWatch)
Neverwinter Nights Diamond Edition (HKLM-x32\...\1207658890_is1) (Version: 2.1.0.21 - GOG.com)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.16.49299 - Electronic Arts, Inc.)
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Protection (HKLM\...\{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}) (Version: 8.91.00 - Panda Security) Hidden
Panda Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.1.0 - Panda Security)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.4.1 - pdfforge GmbH)
PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 1.0.6.28181 - RedSoftware)
PDFescape Desktop Asian Fonts Pack (HKLM\...\{031A1BDD-A9EA-4617-8DA6-335C2A61B193}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop Convert Module (HKLM\...\{91935FD9-E08A-4D2D-BA2F-AADE7FBE0C60}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop Create Module (HKLM\...\{E4353769-84F5-4234-84A3-160C28F2AE8A}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop Edit Module (HKLM\...\{66F29A3B-8941-4852-835A-FDEFE294C587}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop Forms Module (HKLM\...\{EB30AF72-4FE0-4774-82FA-4E387E910327}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop Insert Module (HKLM\...\{066060BD-1B5E-4662-8001-E0C317CA0E07}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop Review Module (HKLM\...\{30E0B65D-ABF8-4984-B9F0-F9B674377EBB}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop Secure Module (HKLM\...\{1B9A4CCB-FC0A-493D-8FDB-79EEE03A849D}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop View Module (HKLM\...\{395D61FC-8793-4E93-806B-F7F85DAE08A0}) (Version: 1.0.20.31528 - Red Software) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Planescape - Torment (HKLM-x32\...\{0A053D60-9267-11D5-8A2B-0050DA8B7D89}) (Version:  - )
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.26.0-r124601-release - Plays.tv, LLC)
Pyre (HKLM-x32\...\Pyre_is1) (Version:  - )
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Regular Human Basketball version 1.3 (HKLM-x32\...\{339EC51D-0DFE-45A4-B40E-CFFB11A186CE}_is1) (Version: 1.3 - Powerhoof)
Skype Web Plugin (HKLM-x32\...\{B95EA878-08DD-4F51-A723-C2869A1AC69D}) (Version: 7.20.0.178 - Skype Technologies S.A.)
Snagit 13 (HKLM-x32\...\{99cd7d37-46bf-44d7-857e-7514a1bd3e83}) (Version: 13.1.1.7662 - TechSmith Corporation)
Snagit 13 (HKLM-x32\...\{B6369D04-6B02-4C63-85C5-46C09D0787EE}) (Version: 13.1.1 - TechSmith Corporation) Hidden
Spotify (HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB)
Star Wars - Rebellion (HKLM\...\{2d3cc3d0-a527-4e0f-8fb6-2abde2b0540e}.sdb) (Version:  - )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.8.0.10 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWF File Player (HKLM-x32\...\{6A86F611-906C-422D-B34A-103662CBC195}_is1) (Version:  - swffileplayer.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Swords of Ditto (HKLM-x32\...\The Swords of Ditto_is1) (Version:  - )
ToothAndTail (HKLM-x32\...\ToothAndTail_is1) (Version:  - )
Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Ultima V - Warriors of Destiny (HKLM-x32\...\1207662443_is1) (Version: 2.1.0.21 - GOG.com)
Unity Web Player (HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\UnityWebPlayer) (Version: 5.3.3f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.8.0 (HKLM\...\VulkanRT1.0.8.0) (Version: 1.0.8.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.52 - NCH Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
Wondershare Filmora(Build 7.3.1) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Zoom (HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3251292406-1508782717-557347702-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Johnston\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3251292406-1508782717-557347702-1001_Classes\CLSID\{BCE6E879-D559-4A7F-9191-94B3D9DF80A4}\InprocServer32 -> C:\Users\Johnston\AppData\Local\SkypePlugin\7.20.0.178\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3251292406-1508782717-557347702-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Johnston\AppData\Local\SkypePlugin\7.20.0.178\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3251292406-1508782717-557347702-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Johnston\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3251292406-1508782717-557347702-1001_Classes\CLSID\{EAFDDFA1-02A8-41D8-B7D3-13D54D3FF3E0}\localserver32 -> C:\Users\Johnston\AppData\Local\SkypePlugin\7.20.0.178\GatewayVersion-x64.exe (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2017-04-22] ()
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [PDFescapeDesktop_ManagerExt] -> {EB1F5DDB-7107-4831-BA2B-75FC26DB4224} => C:\Program Files\PDFescape Desktop\creator-context-menu.dll [2017-01-17] (Red Software)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2017-02-16] (TechSmith Corporation)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-03] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-01-03] (Alexander Roshal)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2017-02-16] (TechSmith Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-03-08] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2017-04-22] ()
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-03] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-01-03] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00428F37-6DE7-46F7-8EE9-D360BAD2BA90} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {01D66701-91A6-45FC-9E56-129E5EC6217F} - no filepath
Task: {01FAAF04-7071-4DA2-9D0A-91B4CABBE386} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2018-04-10] (Microsoft Corporation)
Task: {0549DE65-9FF9-4762-8587-564F62614A75} - no filepath
Task: {09CF315A-39DB-4F96-AD92-DB42568F971E} - no filepath
Task: {0FFB7A64-CB3B-4AC6-A02C-9C2532F95202} - no filepath
Task: {11E7C8CC-0883-48DF-A3B3-866A68D9DB7A} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2016-09-06] (TechSmith Corporation)
Task: {1844D95C-7DDA-46BD-A3D1-47B1D105918F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {1B8BB1DD-4492-4327-89D9-272293C99305} - no filepath
Task: {26E06C26-96A5-4E27-B038-EB26E7F67D67} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3251292406-1508782717-557347702-1001UA => C:\Users\Johnston\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {317FA6F6-DE36-4060-802E-C07C69F0CC83} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3251292406-1508782717-557347702-1001Core => C:\Users\Johnston\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {4FE3708E-6A31-4E80-87B3-3BE1FBE0EF97} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {5572231A-FC43-4F3E-B3DB-5F5099BA2F64} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-25] (Google Inc.)
Task: {571511B4-CF36-4426-AF55-97858BD01525} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {58F6C898-5603-466A-AEF3-691438B86957} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {680E70D6-22AC-48D7-8EDE-25BD88DDA2C9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-31] (Dropbox, Inc.)
Task: {7567F9A6-8106-4CCF-A591-DC7B746ACFC0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-31] (Dropbox, Inc.)
Task: {905978D0-3F73-466E-A1D6-D895FBE57A85} - no filepath
Task: {90FCDDE7-7214-4799-8B89-90273BD0F3C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3251292406-1508782717-557347702-1001Core1d257fcb740bb32 => C:\Users\Johnston\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {9A3955E3-0481-4425-9AAA-5F95C3BA0EBF} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-03-08] (Advanced Micro Devices, Inc.)
Task: {9E52F7FB-014D-44B6-8BB8-7B9146D8A854} - System32\Tasks\{3176CC4D-04EA-4632-BF8B-288C62D9E686} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe" -c uplay://uninstall/80
Task: {A9B97FAB-AED8-49D0-B330-2229B35F06C1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {ABB86F39-E2CF-433B-91A3-B3360327F96B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {B97B4366-4496-4FF4-96EB-49B33AD36A5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-25] (Google Inc.)
Task: {CE2091D9-6ACB-4153-866E-DD130313152D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3251292406-1508782717-557347702-1001UA1d257fcb74f07ed => C:\Users\Johnston\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {DB020F81-CF21-44E0-9148-D7C68C311FF7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {E2718000-63A6-4FCE-A8DE-C3815A1AC51A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-03-08] (Advanced Micro Devices, Inc.)
Task: {F76E831D-F0D3-4E41-BC47-F36B8E66239D} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-12-20] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3251292406-1508782717-557347702-1001Core.job => C:\Users\Johnston\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3251292406-1508782717-557347702-1001UA.job => C:\Users\Johnston\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Johnston\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\Johnston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZ Install Manager\DAZ Install Manager Read Me.lnk -> hxxp:docs.daz3d.com\doku.php\public\read_me\index\1481

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-12-28 23:33 - 2015-12-28 23:31 - 001333760 _____ () C:\Program Files\ContentWatch\bin\libxml2.dll
2015-12-28 23:34 - 2016-05-26 21:57 - 000120320 _____ () C:\Program Files\ContentWatch\bin\curlpp.dll
2015-12-28 23:33 - 2016-05-26 21:57 - 000845872 _____ () C:\Program Files\ContentWatch\bin\db.dll
2015-12-28 23:33 - 2016-05-26 21:57 - 000635000 _____ () C:\Program Files\ContentWatch\bin\cp_activity_recorder.plugin
2015-12-28 23:33 - 2016-05-26 21:57 - 002456984 _____ () C:\Program Files\ContentWatch\bin\cp_advisor.plugin
2015-12-28 23:33 - 2016-05-26 21:57 - 000852704 _____ () C:\Program Files\ContentWatch\bin\encrypt_handler.plugin
2015-12-28 23:32 - 2016-05-26 21:57 - 000253160 _____ () C:\Program Files\ContentWatch\bin\msw_metro.plugin
2015-12-28 23:33 - 2016-05-26 21:57 - 000833976 _____ () C:\Program Files\ContentWatch\bin\web_handler.plugin
2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-29 13:16 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-29 13:16 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-20 18:09 - 2018-02-20 18:09 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-02-20 18:09 - 2018-02-20 18:09 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-03-13 15:17 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 15:17 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-27 09:32 - 2018-04-27 09:32 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-27 09:32 - 2018-04-27 09:32 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-27 09:32 - 2018-04-27 09:32 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-27 09:32 - 2018-04-27 09:32 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-27 09:32 - 2018-04-27 09:32 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-03-15 11:31 - 2018-03-15 11:31 - 046139776 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-04-30 10:05 - 2018-04-30 10:05 - 000113152 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\_ctypes.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 000080896 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\bz2.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 001585152 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\_hashlib.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000128512 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\win32api.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 000137728 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\pywintypes27.dll
2018-04-30 10:05 - 2018-04-30 10:05 - 000548864 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\pythoncom27.dll
2018-04-30 10:06 - 2018-04-30 10:06 - 000689664 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\unicodedata.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000438784 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\win32com.shell.shell.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 001489408 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\wx._core_.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 001007104 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\wx._gdi_.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 001039872 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\wx._windows_.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 001325056 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\wx._controls_.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000916992 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\wx._misc_.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 001084416 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\pysqlite2._sqlite.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000149504 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\win32file.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000136192 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\win32security.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 000007680 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\hashobjs_ext.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000020992 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\thumbnails_ext.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000118784 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\usb_ext.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 000047616 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\_socket.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 002224128 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\_ssl.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 000014848 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\common.time34.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000023040 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\win32event.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000033280 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\windows.conditional.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000019968 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\windows.winwrap.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000107520 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\windows.volumes.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000223232 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\win32gui.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 000173568 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\_elementtree.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 000169472 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\pyexpat.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000048128 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\win32inet.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000103424 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\wx._html2.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 000046080 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\_psutil_windows.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000633240 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\windows._cacheinvalidation.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 005408256 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\cello.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 000010752 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\select.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000011776 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\win32crypt.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 000301568 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\PIL._imaging.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 000032256 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\_multiprocessing.pyd
2018-04-30 10:05 - 2018-04-30 10:05 - 000026112 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\_yappi.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000044032 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\win32process.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000027648 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\win32pipe.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000029696 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\win32pdh.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000038400 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\windows.connectivity.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000071168 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\windows.device_monitor.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000020480 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\win32profile.pyd
2018-04-30 10:06 - 2018-04-30 10:06 - 000026624 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI87482\win32ts.pyd
2017-09-29 09:41 - 2017-09-29 09:41 - 000047616 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2018-04-10 19:15 - 2018-03-13 01:32 - 004173824 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2018-04-10 19:15 - 2018-03-13 01:31 - 003662336 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2017-08-16 20:21 - 2017-08-16 20:21 - 000033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2017-08-16 20:21 - 2017-08-16 20:21 - 000103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2017-08-16 20:21 - 2017-08-16 20:21 - 000111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll
2017-08-16 20:21 - 2017-08-16 20:21 - 000041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2017-08-16 20:21 - 2017-08-16 20:21 - 000405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll
2017-08-16 20:21 - 2017-08-16 20:21 - 000173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2017-08-16 20:21 - 2017-08-16 20:21 - 001934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2017-08-16 20:21 - 2017-08-16 20:21 - 000077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2017-08-16 20:21 - 2017-08-16 20:21 - 001780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2017-08-16 20:21 - 2017-08-16 20:21 - 000505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2017-08-16 20:21 - 2017-08-16 20:21 - 003812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2016-07-22 15:36 - 2004-07-26 17:11 - 000028672 ____N () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2018-04-25 17:03 - 2018-04-23 06:15 - 000866120 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-04-25 17:03 - 2018-04-23 06:15 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-05-31 17:16 - 2018-04-23 06:15 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-05-31 17:16 - 2018-04-23 06:16 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-04-25 17:03 - 2018-04-23 06:15 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-04-25 17:03 - 2018-04-23 06:15 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-05-31 17:16 - 2018-04-23 06:15 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-05-31 17:16 - 2018-04-23 06:17 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-04-25 17:03 - 2018-04-23 06:15 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-04-25 17:03 - 2018-04-23 06:15 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-05-31 17:16 - 2018-04-23 06:16 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-05-31 17:16 - 2018-04-23 06:17 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-21 13:51 - 2018-04-23 06:15 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 12:15 - 2018-04-23 06:17 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-05-31 17:16 - 2018-04-23 06:17 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-05-31 17:16 - 2018-04-23 06:17 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-05-31 17:16 - 2018-04-23 06:17 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-05-31 17:16 - 2018-04-23 06:17 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-05-31 17:16 - 2018-04-23 06:17 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-05-31 17:16 - 2018-04-23 06:17 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-05-31 17:16 - 2018-04-23 06:17 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-05-31 17:16 - 2018-04-23 06:15 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-05-31 17:16 - 2018-04-23 06:17 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-04-25 17:03 - 2018-04-23 06:15 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-04-25 17:03 - 2018-04-23 06:16 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-04-25 17:03 - 2018-04-23 06:15 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-01-11 17:20 - 2018-04-23 06:17 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-05-31 17:16 - 2018-04-23 06:17 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-04-25 17:03 - 2018-04-23 06:16 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-05-31 17:16 - 2018-04-23 06:17 - 000087904 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-05-31 17:16 - 2018-04-23 06:17 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-04-25 17:03 - 2018-04-23 06:16 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2016-11-29 20:24 - 2018-02-18 10:48 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2016-11-29 20:24 - 2018-02-18 10:48 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\coeikxfo.sys:changelist [332]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xwzddcby.sys:changelist [966]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2018-03-30 09:37 - 000000861 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3251292406-1508782717-557347702-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-3251292406-1508782717-557347702-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9F3F3F53-8526-445A-905D-EFC0C03EC501}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon League\Dungeon League.exe
FirewallRules: [{D78B2359-2392-4507-AD2F-16CADFA26512}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon League\Dungeon League.exe
FirewallRules: [{0483D7B7-D115-4608-84B6-6129F3A75696}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LuminoCity\Lumino City.exe
FirewallRules: [{D4429EB3-590E-4E8B-8E35-2F724C8B3067}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LuminoCity\Lumino City.exe
FirewallRules: [{E0D42CAA-3B73-4EB3-96B5-DDD21D166F4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{EC557696-5134-47E1-A297-6A7478E9753B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{AA46AE9D-E42A-4105-99C0-556C601D8DF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Worlds\LEGO_Worlds.exe
FirewallRules: [{1C589CEA-90F3-4BB7-89A4-E026624A6CD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Worlds\LEGO_Worlds.exe
FirewallRules: [{6D003454-3EAF-4C4D-A14B-437B2A100709}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{8163DD32-2F11-4878-B64B-0A9FE08B99E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{62CAF5BD-A91A-49DA-8DC3-486B4B43E7A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{BE6DA950-A333-480E-AE90-4662F0546417}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{A1006566-AE17-4F3D-92EC-DE148CDB8982}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{D53C0C75-F540-40F2-87CB-2E68FE6B4073}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{51E8677E-21B2-40A8-9397-690F05CA7E67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{1E80ADF7-12D6-4535-8FEC-47F428BA0A70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{274FE0D9-D21F-4EA8-9410-665F862BAB24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAC-MAN 256\PAC-MAN256.exe
FirewallRules: [{10626096-034B-404A-B092-CC34F47F8DD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAC-MAN 256\PAC-MAN256.exe
FirewallRules: [UDP Query User{A3CCC698-3BD4-4EB5-96C0-6E00C238DAF5}C:\gog games\divinity - original sin 2\bin\eocapp.exe] => (Allow) C:\gog games\divinity - original sin 2\bin\eocapp.exe
FirewallRules: [TCP Query User{4F7E2301-A516-440B-A83D-15F4A55F99EC}C:\gog games\divinity - original sin 2\bin\eocapp.exe] => (Allow) C:\gog games\divinity - original sin 2\bin\eocapp.exe
FirewallRules: [{EB137094-1F6B-4E4B-B989-64F54987434F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Human Fall Flat\Human.exe
FirewallRules: [{B4994CA6-5994-4B1D-BB07-45FF0719EB80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Human Fall Flat\Human.exe
FirewallRules: [{9F61B10E-9A6E-45DE-9A1A-E839926E7ACD}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{A8E28B4C-FCE6-4BE8-8FAA-9E5DA925DB21}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{FE025359-3509-431D-9B66-C6873B5BFBBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Halcyon 6 Lightspeed Edition\H6.exe
FirewallRules: [{AAB85382-C695-4F6F-8A90-2E0B4CD62B38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Halcyon 6 Lightspeed Edition\H6.exe
FirewallRules: [{6012907D-B5AE-4BBB-9FCD-1FE0936A5A35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DF589D17-D569-4731-9615-67D7E6445D7D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5861CC72-67BF-4784-8211-0E0DBC6AA24A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EAF1E01A-5B80-446D-851D-D96CACD11A88}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{ECC2451E-AFA7-4F97-8823-A980752DEC80}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{89EF3A99-1C03-40B4-83A6-183324816563}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{875E7B49-B964-485F-A1B1-1CB429442B06}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{F2983C6F-5DD8-4235-A250-D2D94A189437}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{5D8774A5-2982-46D9-A308-5C1D26E3D707}] => (Allow) LPort=1900
FirewallRules: [{A6646812-45BD-4343-9B99-455A566B2077}] => (Allow) LPort=2869
FirewallRules: [{BE6C2CCC-B51A-4595-9D01-5C5CAB02760C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{71563C85-1B25-43F1-ABFA-6368370F09B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeons & Dragons HD\ManaGame.exe
FirewallRules: [{87633ECA-2E1E-46E2-AA6D-7CF47B54B51D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeons & Dragons HD\ManaGame.exe
FirewallRules: [{D7ABB78D-D38A-48ED-B908-2E27687EBF6E}] => (Allow) C:\Users\Johnston\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{B260F934-9E68-4369-B357-9BCDD89284DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{02E3640F-9834-4CA8-B43B-2B2A2FC74713}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{C958E373-F5DF-4B3E-A8CB-B446ED3C036B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{1E383580-5439-4442-85BE-E7329BE49411}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{053D3885-21E3-4699-B965-35240519F51A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe
FirewallRules: [{9443B578-01A3-4416-9EC8-CCC4E24EB0B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe
FirewallRules: [{E10AB91F-E117-4E12-A5C0-2979944C9FC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Human Resource Machine\Human Resource Machine.exe
FirewallRules: [{01C10101-77D8-4355-8CF8-7592A6E3905E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Human Resource Machine\Human Resource Machine.exe
FirewallRules: [{3AC40E00-8126-46FC-AA63-342D4892A2E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{2615E5BA-2966-40DA-9C9D-8E8B26C43F09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{33FB7361-DB9F-4893-83EC-8836EDC73E7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TowerFall\TowerFall.exe
FirewallRules: [{9801A74F-F334-4E64-9137-6ACD2CD7CDEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TowerFall\TowerFall.exe
FirewallRules: [UDP Query User{147B716B-EE9C-49FB-88F4-2ABA94621740}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{7FBBBEC4-DA59-469B-96D5-CD64CB8622CD}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{F38329C6-950A-41A4-AC3C-BCA5A05711F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torment Tides of Numenera\WIN\TidesOfNumenera.exe
FirewallRules: [{308EDA00-DDC8-4256-B493-86EC416C2B27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torment Tides of Numenera\WIN\TidesOfNumenera.exe
FirewallRules: [UDP Query User{D71B7918-341F-4396-AF52-A3EDF046C028}C:\users\johnston\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\johnston\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{80A92762-3BB7-432C-A2CC-7F14B87C4AB1}C:\users\johnston\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\johnston\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0B8A73AE-9E6D-4AB8-BA73-22ED3B15FC43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ElderSign\ElderSign.exe
FirewallRules: [{ACF1AE72-D7B6-49BA-B4C9-D046D7262517}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ElderSign\ElderSign.exe
FirewallRules: [{E1F76ED3-78EB-49D0-B2B3-3464DAD3DC1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars - Rebellion\REBEXE.EXE
FirewallRules: [{A4162C88-C2B6-4290-91C8-2F0384BE3E94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars - Rebellion\REBEXE.EXE
FirewallRules: [{45C517B6-3674-44E4-B0E0-941621A28846}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{1BD205AF-459E-47E8-86A1-396C0E34ADB3}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{BD9028E7-24C3-4147-BE61-A055EFAFAE9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uncanny Valley\PPA2IP.exe
FirewallRules: [{DF6048BF-8159-494B-8ED4-6BF4260B5002}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uncanny Valley\PPA2IP.exe
FirewallRules: [{AAF0447B-7DD1-4925-9314-78C3A8A5783F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crawl\Crawl.exe
FirewallRules: [{B226DAEF-1F17-40FE-9E17-FFE1A2D23432}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crawl\Crawl.exe
FirewallRules: [{841AD0CA-79AE-4C4D-AA3F-7DEC049D228F}] => (Allow) C:\Users\Johnston\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4BCD7A08-5864-4417-AC3F-76EC5673629C}] => (Allow) C:\Users\Johnston\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{24A49EC3-AF3E-4DD5-A1F9-991B9BBBA7C0}] => (Allow) C:\Users\Johnston\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{41A38791-0A4A-44E7-BF25-8C00D33916F9}] => (Allow) C:\Users\Johnston\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4E0DC5CC-4394-42F4-8B1E-EC4C90796DFD}] => (Allow) C:\Users\Johnston\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7011D911-4EB8-4FAE-BDF6-2103A1415543}] => (Allow) C:\Users\Johnston\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{4DC436D0-7EAD-4F8A-8C56-3C85BCA54F8C}C:\users\johnston\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\johnston\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{468449AE-EF9E-4D74-AA5A-1B8C20AD52C1}C:\users\johnston\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\johnston\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7986EF0B-19BC-4D9E-928D-6FFDAA8322F0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C2A0839E-CF8A-4C62-9AB3-BEE4C719306E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C9455A7B-09E4-4EE7-98EF-6C654412EC6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{5E7AD39B-1E4F-4C55-9915-02CD27BDF6D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{5A4C2C49-55D3-4246-A9C0-DF052B8B9341}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{F423F9CD-BB44-4301-BCFD-826242CD0B75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{5D60DA49-07A9-4B0E-BC00-2CBC17DC089D}] => (Allow) C:\Program Files\ContentWatch\bin\cwdaemon.exe
FirewallRules: [{3E436DE2-A841-47A7-81CE-73EC58F3F402}] => (Allow) C:\Program Files\ContentWatch\bin\cwdaemon.exe
FirewallRules: [{5D4B5363-BE69-4227-979A-2E9166101340}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{6A268774-6955-4C9F-9317-2ACFA278F817}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{E92A310F-9710-423A-B509-1A8FAA4AA389}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0935FF00-5C71-43D8-87BB-0ACA50B220B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E98390E6-BD72-4C55-B5F0-69F9B960E45D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E367AAA5-E46F-46FC-B6D1-DD5783CE8243}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{01D8D676-8FF5-4EB9-9E32-F1018079DC0F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{306980A5-81C3-44C9-B32E-2C5DB2951976}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F57C7A46-D728-4D74-BC6F-6ACDAD386405}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broken Age\BrokenAge.exe
FirewallRules: [{B86C44A0-FEE5-4B27-B40E-D73DA7469E2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broken Age\BrokenAge.exe
FirewallRules: [TCP Query User{ED72BDBA-1476-482F-96D2-6EA095361AE2}C:\warhammer\ultimate.chicken.horse.v1.2.00\ultimate.chicken.horse.v1.2.00\ultimatechickenhorse.exe] => (Allow) C:\warhammer\ultimate.chicken.horse.v1.2.00\ultimate.chicken.horse.v1.2.00\ultimatechickenhorse.exe
FirewallRules: [UDP Query User{4B1567CE-3B80-4645-8A50-EFDA2098C635}C:\warhammer\ultimate.chicken.horse.v1.2.00\ultimate.chicken.horse.v1.2.00\ultimatechickenhorse.exe] => (Allow) C:\warhammer\ultimate.chicken.horse.v1.2.00\ultimate.chicken.horse.v1.2.00\ultimatechickenhorse.exe
FirewallRules: [{23CE3062-BA95-42F5-B277-233E85891CBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TIS-100\tis100.exe
FirewallRules: [{09AF491E-642D-4C16-B4EB-787FA54039C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TIS-100\tis100.exe
FirewallRules: [{AB687844-678C-4C1C-A76F-3AE4C33B0F76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{EB622ACB-F18E-4568-97B9-7B8F7EA8691D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{91A38DCA-13F2-4D60-BF19-304C229F49A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Souls\TITAN.exe
FirewallRules: [{925BDFB9-26B6-44A2-9D4A-033DA293DD5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Souls\TITAN.exe
FirewallRules: [{CFBF7DA4-9E46-46DC-826D-35F7709747A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Angry Birds Space\AngryBirdsSpace.exe
FirewallRules: [{B4FD86D2-4E3C-430A-9DE9-8B0F078FF004}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Angry Birds Space\AngryBirdsSpace.exe
FirewallRules: [{FF5E4365-29DB-4A85-B5D7-39898EE1B6E6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{435FE9A7-EB9D-4854-92F2-945D848D15DE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{6E99EFD7-0E6E-4B29-85B1-54484EE46905}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{81B886FD-AEE1-48DB-A5A8-DCD3C7DB356F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{2F7C20E1-9710-498C-8E2F-6F62F4B5FE9D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C8C2D06A-9AFD-4E95-872C-8AE92289E9E9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BA8C3657-2231-4C1D-AB1D-272842D426BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pony Island\PonyIsland.exe
FirewallRules: [{894CFFB8-5A78-4255-BF86-F609C8109E3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pony Island\PonyIsland.exe
FirewallRules: [{AD44D43E-6687-4C95-924E-23837B384C85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pit People\pitpeople.exe
FirewallRules: [{D2098765-07B5-4EBC-A24F-DF40A5B6036A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pit People\pitpeople.exe
FirewallRules: [{260031F2-60A1-4B80-8BB7-834D611F30EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KentuckyRouteZero\KentuckyRouteZero.exe
FirewallRules: [{DF1D51F8-C569-42A1-A871-274909A3A7D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KentuckyRouteZero\KentuckyRouteZero.exe
FirewallRules: [{5CCAA057-33AF-47E0-BEF9-22EB9B62BB5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Flat Heroes\FlatHeroes.exe
FirewallRules: [{A894FD1E-A5ED-48F7-BD98-374C331AFB03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Flat Heroes\FlatHeroes.exe
FirewallRules: [{AC1F486A-7A45-46F7-AD78-8B28F057E1FF}] => (Allow) LPort=8318
FirewallRules: [{6199B814-C832-4C99-8D69-95B99BFEA203}] => (Allow) LPort=8298
FirewallRules: [{7796C9B7-9474-40B9-9217-9B4690B8819A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{4DF25AA8-6582-4633-9ABF-B0ECD1F9B12D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{79F02960-CACF-4479-B4BC-C4E395FE0565}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{203FA5A4-11AE-48C0-9AA2-55E3D5667D90}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{F657A5D9-A55F-4990-85E5-893C1C2709C9}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{00783558-A586-4985-88FC-C145F9CC6359}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{6917FECE-07C3-48E2-824C-F8A09ADC1B8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{312DF36F-DA10-4874-B9B8-D1E37A6FDAA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{AF0704A9-A970-4A0A-A3E9-C7E016C970A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RunningWithRifles\rwr_game.exe
FirewallRules: [{8B92802E-0522-454E-97E9-65A92E7923FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RunningWithRifles\rwr_game.exe
FirewallRules: [{8A6815F5-A670-4E28-8430-3C7F3E34521E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RunningWithRifles\rwr_config.exe
FirewallRules: [{6CD3DF99-BAE7-459F-86B9-AC41B94FDB77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RunningWithRifles\rwr_config.exe
FirewallRules: [TCP Query User{CD8E8F50-8DAE-4609-A15C-D756DF07D886}C:\program files\total war - warhammer ii\warhammer2.exe] => (Allow) C:\program files\total war - warhammer ii\warhammer2.exe
FirewallRules: [UDP Query User{3F8B428F-57E8-4FA5-A00D-D25BBA49CD20}C:\program files\total war - warhammer ii\warhammer2.exe] => (Allow) C:\program files\total war - warhammer ii\warhammer2.exe
FirewallRules: [TCP Query User{E395F22D-C8F4-49B5-AD6E-B367045B87A2}C:\warhammer\finding.paradise\finding.paradise\finding paradise\finding paradise.exe] => (Allow) C:\warhammer\finding.paradise\finding.paradise\finding paradise\finding paradise.exe
FirewallRules: [UDP Query User{2E4906B7-A4FF-4C45-99DF-805BD9DAAE7E}C:\warhammer\finding.paradise\finding.paradise\finding paradise\finding paradise.exe] => (Allow) C:\warhammer\finding.paradise\finding.paradise\finding paradise\finding paradise.exe
FirewallRules: [{8B38F8EC-F433-4A34-9C32-8E216357A0DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{4F6E229B-5754-4304-BBFA-2CC61749B3DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [TCP Query User{54C648D2-24F9-44C6-8028-BFE1B3F3A4AE}C:\warhammer\oneshot.v27.03.2017\oneshot.v27.03.2017\steamshim.exe] => (Allow) C:\warhammer\oneshot.v27.03.2017\oneshot.v27.03.2017\steamshim.exe
FirewallRules: [UDP Query User{DBA321D6-5536-4BAA-A7CF-AFE6D8AD71D6}C:\warhammer\oneshot.v27.03.2017\oneshot.v27.03.2017\steamshim.exe] => (Allow) C:\warhammer\oneshot.v27.03.2017\oneshot.v27.03.2017\steamshim.exe
FirewallRules: [{BAA466C8-77E9-497D-8FAB-25603EC222BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{840945C7-5BA8-4ACF-86CB-0C81F6D44656}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [TCP Query User{BCB70146-F6B8-44C9-B463-18711FF517B7}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{142548C1-53A2-4595-A4E7-1FD0A914CD72}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{109D65F9-2A1B-42E9-93EC-AEDFB77EA13B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Shrouded Isle\TheShroudedIsle.exe
FirewallRules: [{743746A5-1EF5-481E-B1E6-3BBE8AC50068}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Shrouded Isle\TheShroudedIsle.exe
FirewallRules: [TCP Query User{CE9C41AB-9A3C-4D70-A0A7-4CAA1170B9CB}C:\warhammer\west.of.loathing.v1.01\west.of.loathing.v1.01\west of loathing.exe] => (Allow) C:\warhammer\west.of.loathing.v1.01\west.of.loathing.v1.01\west of loathing.exe
FirewallRules: [UDP Query User{84C362BD-577C-41AF-BEBA-69A113AC5ECD}C:\warhammer\west.of.loathing.v1.01\west.of.loathing.v1.01\west of loathing.exe] => (Allow) C:\warhammer\west.of.loathing.v1.01\west.of.loathing.v1.01\west of loathing.exe
FirewallRules: [TCP Query User{ED27048A-519A-4C68-B018-06399A671BA9}C:\program files (x86)\pyre\x64\pyre.exe] => (Allow) C:\program files (x86)\pyre\x64\pyre.exe
FirewallRules: [UDP Query User{EB907A36-B50E-4655-8DCF-23E80105479C}C:\program files (x86)\pyre\x64\pyre.exe] => (Allow) C:\program files (x86)\pyre\x64\pyre.exe
FirewallRules: [TCP Query User{BF1067A0-04C5-4B7D-8811-7660A1DD214E}C:\warhammer\no.heroes.here\no.heroes.here\noheroeshere\nhh_build.exe] => (Allow) C:\warhammer\no.heroes.here\no.heroes.here\noheroeshere\nhh_build.exe
FirewallRules: [UDP Query User{AFAF3EF1-4B33-49DC-A117-5375440F2288}C:\warhammer\no.heroes.here\no.heroes.here\noheroeshere\nhh_build.exe] => (Allow) C:\warhammer\no.heroes.here\no.heroes.here\noheroeshere\nhh_build.exe
FirewallRules: [TCP Query User{D0E3E01C-7AB2-4713-B13F-6AF4E38F5774}C:\gog games\tangledeep\tangledeep.exe] => (Allow) C:\gog games\tangledeep\tangledeep.exe
FirewallRules: [UDP Query User{D9AE0A8B-3430-4099-814C-39A3F5148A44}C:\gog games\tangledeep\tangledeep.exe] => (Allow) C:\gog games\tangledeep\tangledeep.exe
FirewallRules: [{533E8D64-5D47-4CC3-98E6-54801E6D647A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cortex Command\Cortex Command.exe
FirewallRules: [{4D350889-DEEE-42FD-A994-4463B90C35FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cortex Command\Cortex Command.exe
FirewallRules: [{023FE55A-4AB7-46AF-9FBD-78314742666B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{72502551-0508-46F0-844E-6A4F830163E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{6860F084-A2DE-4C4B-8B56-8293AFCE23DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MonsterLovesYou\MonsterLovesYou.exe
FirewallRules: [{B0840045-2434-4766-A1FD-51E48587B101}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MonsterLovesYou\MonsterLovesYou.exe
FirewallRules: [{0AD3457A-2864-457C-8E07-6A3326751DCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spore\runme.exe
FirewallRules: [{FA661F3B-41FA-4002-A9E8-AEC388593036}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spore\runme.exe
FirewallRules: [{B0DB03A0-029E-40F8-980B-B87F901FC9F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{045B980D-5476-487D-9357-13DCF8891955}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{47FDAD89-AE82-48E0-AEF4-10C48FEA940C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Infinifactory\infinifactory.exe
FirewallRules: [{A7B95166-24C9-42D5-B164-FAD4759BCD7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Infinifactory\infinifactory.exe
FirewallRules: [{1722C8BF-443D-465A-B19F-BAAE16D8E80B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{00EC06CF-489B-401E-90BD-DAC201B5CFA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{8C991F89-A090-4B18-9FFA-37D5B67DE89D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Into the Breach\Breach.exe
FirewallRules: [{62368223-14A7-4067-8306-EE57CD4312F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Into the Breach\Breach.exe
FirewallRules: [{CE2DBBF4-1E62-4A65-BAEF-A2FF4DF8523F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{FE4BE9DD-8879-4BED-8416-9AA0C1700323}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{01A32598-A40E-4DBE-A46E-CBA74CF74B19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\june\LastDayOfJune.exe
FirewallRules: [{D55248E9-8BCB-46E3-A8E4-EF8A5B4DD986}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\june\LastDayOfJune.exe
FirewallRules: [{8E80A71C-7E50-449B-AAB0-BAD6823B1324}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{7A893A43-95DE-47B2-8FD0-C27987BF916B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{FE36E22B-B0BA-470C-97B9-FA5D180AB72C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Holy Potatoes! We're in Space!\HPWIS.exe
FirewallRules: [{2B0062F5-503C-49F4-99F8-7C9B3BCAC363}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Holy Potatoes! We're in Space!\HPWIS.exe
FirewallRules: [{6BFD26F2-5F91-4646-9822-2CADFBF7527C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ASTRONEER Early Access\Astro.exe
FirewallRules: [{4F73F061-C94A-43A9-8E1B-1EE66A127C0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ASTRONEER Early Access\Astro.exe
FirewallRules: [TCP Query User{DCDAF2C9-1CE6-46DE-99A5-740D78F2F7E3}C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [UDP Query User{417CEAA3-F372-4761-B559-6F4D6FE9CC10}C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [TCP Query User{37317CCA-9041-470C-A260-C3AD9C8FEE76}C:\users\johnston\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\johnston\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{461F3E11-31FF-48EB-B3AA-22D1763B72C3}C:\users\johnston\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\johnston\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{DB307507-1497-4DE3-8B30-568A6D152356}C:\program files (x86)\standingstonegames\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\standingstonegames\dungeons & dragons online\dndclient.exe
FirewallRules: [UDP Query User{A7C4623E-5B85-472F-90A1-A5A7F52B3800}C:\program files (x86)\standingstonegames\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\standingstonegames\dungeons & dragons online\dndclient.exe
FirewallRules: [{307621D8-F012-4EF0-A460-64D98B8596AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C2448669-67B3-47D6-A1EF-757396B6F263}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's The Division\thedivision.exe
FirewallRules: [{B5C25934-8208-4954-A394-BE7FA04C2AAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's The Division\thedivision.exe
FirewallRules: [{390969D9-6C0C-4DDF-9D5B-1B7DD23CF118}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AirMech\AirMech.exe
FirewallRules: [{11C266E5-9DC5-4C91-8FB7-BF981039C61D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AirMech\AirMech.exe
FirewallRules: [{0C5A975A-2EE1-4DB6-BEB0-8477A7CC2F6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{C1EE31BC-F31F-48D5-BEC7-3FAA2E529A0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{23402CAF-022D-4E5C-953C-654CDA2972B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{0FA2A468-F3E4-4413-AE04-750262D69E48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{A7600116-3DF3-4421-84B3-E221D8F73D96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Maelstrom\MaelstromV2.exe
FirewallRules: [{39E3C916-17B0-47F0-9BD0-D8F187275B14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Maelstrom\MaelstromV2.exe
FirewallRules: [{077772B7-0D05-4F52-96AE-ABEF01E984AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FEZ\FEZ.exe
FirewallRules: [{95B3600D-E66E-46BE-A2D5-49705F561272}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FEZ\FEZ.exe
FirewallRules: [{6D64C197-D7B9-4B4A-B0E0-0E4837DFFDD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{D3DE215D-FF9C-491B-BF20-6D68174243D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{F4F3410A-0F11-4C58-B340-ACB7838A15EA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

18-04-2018 18:58:49 Scheduled Checkpoint
28-04-2018 11:05:11 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2018 09:36:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.16299.15, time stamp: 0x290d9f78
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x548
Faulting application start time: 0x01d3e088343bb114
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 810eb7dc-3369-4bbc-895d-124821641d26
Faulting package full name: 9020QuinnDamerell.Baconit_4.9.1.0_x64__m9y180tpb7212
Faulting package-relative application ID: App

Error: (04/30/2018 09:06:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.16299.15, time stamp: 0x290d9f78
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x1be4
Faulting application start time: 0x01d3e084034fadc3
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 9b53d521-1039-450f-972b-28436eb12b18
Faulting package full name: 9020QuinnDamerell.Baconit_4.9.1.0_x64__m9y180tpb7212
Faulting package-relative application ID: App

Error: (04/30/2018 08:36:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.16299.15, time stamp: 0x290d9f78
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x18ac
Faulting application start time: 0x01d3e07fd254944c
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 926d7ae4-8e72-4543-a7a0-7e07e73bae82
Faulting package full name: 9020QuinnDamerell.Baconit_4.9.1.0_x64__m9y180tpb7212
Faulting package-relative application ID: App

Error: (04/30/2018 08:20:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Baconit.exe, version: 1.0.0.0, time stamp: 0x577542e8
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.248, time stamp: 0xc27fa098
Exception code: 0xc000027b
Fault offset: 0x00000000006e80e9
Faulting process id: 0x1dcc
Faulting application start time: 0x01d3e07d8de0d2b2
Faulting application path: C:\Program Files\WindowsApps\9020QuinnDamerell.Baconit_4.9.1.0_x64__m9y180tpb7212\Baconit.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: d36e11b8-1e21-4b44-acff-2990bb0cb368
Faulting package full name: 9020QuinnDamerell.Baconit_4.9.1.0_x64__m9y180tpb7212
Faulting package-relative application ID: App

Error: (04/30/2018 08:20:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.16299.15, time stamp: 0x290d9f78
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x12b0
Faulting application start time: 0x01d3e07cfd2fb15a
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 69a1a25b-b75f-4e37-9093-fead3dccd0b3
Faulting package full name: 9020QuinnDamerell.Baconit_4.9.1.0_x64__m9y180tpb7212
Faulting package-relative application ID: App

Error: (04/30/2018 12:36:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.16299.15, time stamp: 0x290d9f78
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x16d8
Faulting application start time: 0x01d3e03ccde508ad
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 36b92d5d-48d4-46dc-9add-6fa6759ede5e
Faulting package full name: 9020QuinnDamerell.Baconit_4.9.1.0_x64__m9y180tpb7212
Faulting package-relative application ID: App

Error: (04/30/2018 12:06:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.16299.15, time stamp: 0x290d9f78
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x4d4
Faulting application start time: 0x01d3e0389d08c4f7
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 4a59972d-2026-4cea-8168-658beb6966df
Faulting package full name: 9020QuinnDamerell.Baconit_4.9.1.0_x64__m9y180tpb7212
Faulting package-relative application ID: App

Error: (04/29/2018 11:36:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.16299.15, time stamp: 0x290d9f78
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x206c
Faulting application start time: 0x01d3e0346d509400
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 88d2599e-294b-48cf-add2-7e779eafb784
Faulting package full name: 9020QuinnDamerell.Baconit_4.9.1.0_x64__m9y180tpb7212
Faulting package-relative application ID: App


System errors:
=============
Error: (04/30/2018 10:31:37 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/30/2018 10:31:37 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/30/2018 10:31:37 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/30/2018 10:31:37 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/30/2018 10:31:37 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/30/2018 10:31:37 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/30/2018 10:31:37 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/30/2018 10:31:37 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Windows Defender:
===================================
Date: 2018-04-30 10:11:20.818
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Johnston\AppData\Roaming\LocalDataNT\msimg32.dll;service:_usbhubsvc4
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.267.545.0, AS: 1.267.545.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4

Date: 2018-04-30 09:54:01.380
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Johnston\AppData\Roaming\LocalDataNT\msimg32.dll;service:_usbhubsvc4
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.267.545.0, AS: 1.267.545.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4

Date: 2018-04-29 20:31:06.351
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Johnston\AppData\Local\cwoueti\cwoueti.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\dtmbkuesvc.exe
Signature Version: AV: 1.267.545.0, AS: 1.267.545.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4

Date: 2018-04-29 20:01:14.412
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Johnston\AppData\Roaming\LocalDataNT\msimg32.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\SysWOW64\svchost.exe
Signature Version: AV: 1.267.545.0, AS: 1.267.545.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4

Date: 2018-04-29 20:01:14.199
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Johnston\AppData\Roaming\LocalDataNT\msimg32.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\SysWOW64\svchost.exe
Signature Version: AV: 1.267.545.0, AS: 1.267.545.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4

CodeIntegrity:
===================================

Date: 2018-04-30 10:31:01.665
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-30 10:31:01.663
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-30 10:30:59.881
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-30 10:30:59.875
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-30 10:22:21.281
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-30 10:22:21.280
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-30 10:20:49.730
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-30 10:20:49.729
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 41%
Total physical RAM: 12274.56 MB
Available physical RAM: 7180.96 MB
Total Virtual: 14130.56 MB
Available Virtual: 7689.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:697.75 GB) (Free:91.79 GB) NTFS ==>[drive with boot components (obtained from BCD)]

\\?\Volume{8a4c8a4c-0000-0000-0000-e06fae000000}\ () (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
\\?\Volume{8a4c8a4c-0000-0000-0000-108cae000000}\ () (Fixed) (Total:0.44 GB) (Free:0.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 8A4C8A4C)
Partition 1: (Active) - (Size=697.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================



#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:40 AM

Posted 30 April 2018 - 12:28 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)

There is a rootkit in your system.

You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file Attached File  Fixlist.txt   1.1KB   8 downloads and save it in the same location the FRST64 is saved in the flash drive.

Boot to the Recovery Console's Command prompt in the infected computer.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums

Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums
After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:
  • Insert the USB drive containing FRST64 and the Fixlist
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First press the Scan button. That will deactivate the rootkit, once the scan is finished, press the Fix button.
  • These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Please copy and paste them in your reply.
Once finished in the Recovery Environment, restart the computer in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.
I will expect the following reports:

Frst.txt produced in the Recovery Console
Fixlog.txt produced in the Recovery Console
Frst.txt produced in Normal Mode
Addition.txt produced in Normal Mode

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 GeekFreak

GeekFreak
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 30 April 2018 - 05:19 PM

!!!!!!!!! You're Amazing! I followed your instructions and when I rebooted my antivirus software automatically was enabled. I tried a anti-rootkit scan before but it didn't find anything, but this seemed to work. I ran FRST in normal mode and after it scanned it had nothing further to fix.

Attached are the logs:

I'll check back in here to see if you have anything further to say.
 

Thanks Again,
Marc

Attached Files



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:40 AM

Posted 30 April 2018 - 09:55 PM

Good job.
  • Highlight the entire content of the quote box below.

Start::
FirewallRules: [{5D8774A5-2982-46D9-A308-5C1D26E3D707}] => (Allow) LPort=1900
FirewallRules: [{A6646812-45BD-4343-9B99-455A566B2077}] => (Allow) LPort=2869
FirewallRules: [{AC1F486A-7A45-46F7-AD78-8B28F057E1FF}] => (Allow) LPort=8318
FirewallRules: [{6199B814-C832-4C99-8D69-95B99BFEA203}] => (Allow) LPort=8298
GroupPolicyScripts: Restriction <==== ATTENTION
Task: {571511B4-CF36-4426-AF55-97858BD01525} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {571511B4-CF36-4426-AF55-97858BD01525} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
2018-04-30 16:43 - 2018-04-30 16:43 - 000000000 ____D C:\Users\Johnston\AppData\Local\timwlog
2018-04-30 16:36 - 2018-04-30 16:36 - 000000000 ____D C:\Users\Johnston\AppData\Local\mbknoaw
2018-04-30 16:25 - 2018-04-30 16:25 - 000000000 ____D C:\Users\Johnston\AppData\Local\zacnxsw
2018-04-30 13:40 - 2018-04-30 13:40 - 000000000 ____D C:\Users\Johnston\AppData\Local\avcbkso
2018-04-30 10:05 - 2018-04-30 10:05 - 000000000 ____D C:\Users\Johnston\AppData\Local\dwitlas
2018-04-30 09:56 - 2018-04-30 10:00 - 000000000 _____ C:\Users\Johnston\AppData\Local\{763473B9-4945-4404-A2B0-7BCD1F70CC86}
2018-04-30 09:49 - 2018-04-30 09:49 - 000000000 ____D C:\Users\Johnston\AppData\Local\wiesznx
2018-04-29 14:36 - 2018-04-29 14:36 - 000000000 ____D C:\Users\Johnston\AppData\Local\codhvgs
2018-04-29 13:35 - 2018-04-29 13:35 - 000000000 ____D C:\Users\Johnston\AppData\Local\pwbcmzu
2018-04-28 23:15 - 2018-04-28 23:15 - 000000000 ____D C:\Users\Johnston\AppData\Local\ticboha
2018-04-28 23:01 - 2018-04-28 23:01 - 000000000 ____D C:\Users\Johnston\AppData\Local\pwnsldm
2018-04-28 17:55 - 2018-04-28 17:55 - 000000000 ____D C:\Users\Johnston\AppData\Local\wmhbnro
2018-04-28 17:37 - 2018-04-30 20:50 - 000000000 ____D C:\Users\Johnston\AppData\Local\wmcagent
2018-04-28 17:37 - 2018-04-30 13:19 - 000000000 ____D C:\Users\Johnston\AppData\Local\spcehom
2018-04-28 17:34 - 2018-04-28 17:34 - 000000000 ____D C:\Users\Johnston\AppData\Local\usdozvm
2018-04-30 09:56 - 2018-04-30 10:00 - 000000000 _____ () C:\Users\Johnston\AppData\Local\{763473B9-4945-4404-A2B0-7BCD1F70CC86}
2018-04-30 17:59 - 2018-04-30 17:59 - 000113152 _____ () C:\Users\Johnston\AppData\Local\Temp\_MEI104722
C:\WINDOWS\system32\Drivers\coeikxfo.sys
2018-04-29 20:01 - 2018-04-29 20:01 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xwzddcby.sys
C:\WINDOWS\system32\drivers\wdklosvy.sys
C:\Users\Johnston\AppData\Local\cwoueti
C:\Users\Johnston\AppData\Local\dwitlas
C:\Users\Johnston\AppData\Local\{763473B9-4945-4404-A2B0-7BCD1F70CC86}
C:\Users\Johnston\AppData\Local\wiesznx
C:\Users\Johnston\AppData\Local\codhvgs
C:\Users\Johnston\AppData\Local\pwbcmzu
C:\Users\Johnston\AppData\Local\ticboha
C:\Users\Johnston\AppData\Local\pwnsldm
C:\Users\Johnston\AppData\Local\wmhbnro
C:\Users\Johnston\AppData\Local\spcehom
C:\Users\Johnston\AppData\Local\wmcagent
C:\Users\Johnston\AppData\Local\usdozvm
C:\Users\Johnston\AppData\Local\cwoueti
C:\WINDOWS\SysWOW64\msrtgon
2018-04-28 17:32 - 2018-04-28 17:32 - 000000000 ____D C:\WINDOWS\system32\msrtgon
2018-04-28 17:31 - 2018-04-28 17:31 - 000000000 ____D C:\Users\Johnston\AppData\Roaming\et
Task: {01D66701-91A6-45FC-9E56-129E5EC6217F} - no filepath
Task: {0549DE65-9FF9-4762-8587-564F62614A75} - no filepath
Task: {09CF315A-39DB-4F96-AD92-DB42568F971E} - no filepath
Task: {0FFB7A64-CB3B-4AC6-A02C-9C2532F95202} - no filepath
Task: {1B8BB1DD-4492-4327-89D9-272293C99305} - no filepath
Task: {905978D0-3F73-466E-A1D6-D895FBE57A85} - no filepath
C:\WINDOWS\system32\runexehelper.exe
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log
  • Copy/pasted Fixlog.txt log

Edited by JSntgRvr, 30 April 2018 - 09:57 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:40 AM

Posted 02 May 2018 - 01:48 PM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 GeekFreak

GeekFreak
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 03 May 2018 - 12:25 PM

Yes, sorry for the delay, I've had a busy couple days at work.  Actually running the scans now.



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:40 AM

Posted 03 May 2018 - 12:42 PM

Thanks.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 GeekFreak

GeekFreak
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 03 May 2018 - 03:05 PM

First time I ran FRST it stalled on something with Mozilla so I ran it again, it did generate two logs though.

Attached Files



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:40 AM

Posted 03 May 2018 - 03:38 PM

How is it doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 GeekFreak

GeekFreak
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 03 May 2018 - 07:10 PM

Everything seems to be going well.  One problem I have though is that I seem to have lost a bunch of documents in the process, documents important to my work.  I take notes as I work with clients each day and it seems that I'm missing all the ones I logged within the past 6 weeks.  I'm assuming this was simply necessary as part of the cleaning process, and it teaches me that I need to be better about creating backups.

Other than that, startup is noticeably quicker than before, my anti-virus software works fine now, and I'm not noticing any strange browser activity (pop ups and random ads), so it appears as if you've saved my computer.  Thanks!



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:40 AM

Posted 04 May 2018 - 06:39 PM

Congratulations.

Use this application to remove quarantined items:

Please download DelFix by Xplode and save to your Desktop.
  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)
Since there are no signs of infection anymore in your logs I guess we're done here.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system.Keeping your programs up-to-date

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :Best regards. :)

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:40 AM

Posted 07 May 2018 - 01:51 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users