Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser opens randomly


  • This topic is locked This topic is locked
24 replies to this topic

#1 dnparsons

dnparsons

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 06 August 2018 - 09:17 AM

My default browser (currently Chrome) will randomly open by itself to the default Home Page (Google).
 
I have tried running a number of full scans (Norton, MS Safefty Scanner, etc.), but no infected files are found.
 
Any help would be greatly appreciated.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by DavidParsons (administrator) on DAVIDPARSONS-PC (06-08-2018 09:57:50)
Running from C:\Users\DavidParsons\Desktop
Loaded Profiles: DavidParsons (Available Profiles: DavidParsons & DNP)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\nortonsecurity.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\nortonsecurity.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-09-25] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2104879264-961568624-574168726-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{35F54124-C28B-4B17-9430-C98D34EE01DB}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2104879264-961568624-574168726-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKU\S-1-5-21-2104879264-961568624-574168726-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=360&chn=1122&geo=US&ver=22.11.2.7&locale=en_US&guid=37C74F79-7BB5-4ADF-A575-AA1BCDC8C3E0&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-23] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-23] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2104879264-961568624-574168726-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Default [2018-08-06]
CHR Extension: (Slides) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-02]
CHR Extension: (Docs) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-02]
CHR Extension: (Google Drive) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-02]
CHR Extension: (YouTube) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-02]
CHR Extension: (Norton Security Toolbar) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-04-20]
CHR Extension: (Sheets) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-02]
CHR Extension: (Google Docs Offline) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-02]
CHR Extension: (Norton Identity Safe) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2018-02-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-02]
CHR Extension: (Chrome Media Router) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-25]
CHR Profile: C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-05]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-12] (Foxit Software Inc.)
R2 igfxCUIService2.0.0.0; C:\windows\system32\igfxCUIService.exe [333288 2016-10-14] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
S3 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [608136 2018-06-22] (Mailbird)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NortonSecurity; C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\NortonSecurity.exe [328648 2018-05-30] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.10.0.85\Definitions\BASHDefs\20180731.001\BHDrvx64.sys [1919568 2018-07-02] (Symantec Corporation)
R1 ccSet_NGC; C:\windows\system32\drivers\NGCx64\160E020.00D\ccSetx64.sys [187520 2018-05-29] (Symantec Corporation)
R3 e1dexpress; C:\windows\System32\DRIVERS\e1d62x64.sys [502256 2015-08-12] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-05-01] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-03-22] (Symantec Corporation)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R0 iaStorF; C:\windows\System32\drivers\iaStorF.sys [31728 2015-11-12] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.10.0.85\Definitions\IPSDefs\20180803.061\IDSvia64.sys [1298000 2018-05-22] (Symantec Corporation)
S3 iusb3adp; C:\windows\system32\drivers\iusb3adp.sys [37672 2015-07-28] (Intel)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [190696 2018-08-05] (Malwarebytes)
S3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [112864 2018-08-05] (Malwarebytes)
S3 MBAMProtection; C:\windows\System32\DRIVERS\mbam.sys [44768 2018-08-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253664 2018-08-05] (Malwarebytes)
S3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [94328 2018-08-05] (Malwarebytes)
R3 MEIx64; C:\windows\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-08] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
S3 NVSWCFilter; C:\windows\system32\drivers\nvswcfilter.sys [28344 2016-03-04] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 SRTSP; C:\windows\System32\Drivers\NGCx64\160E020.00D\SRTSP64.SYS [838224 2018-05-29] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NGCx64\160E020.00D\SRTSPX64.SYS [49232 2018-05-29] (Symantec Corporation)
R3 sshid; C:\windows\System32\DRIVERS\sshid.sys [51400 2016-05-27] (SteelSeries ApS)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\160E020.00D\SYMEFASI64.SYS [1942096 2018-05-29] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-15] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NGCx64\160E020.00D\Ironx64.SYS [307792 2018-05-29] (Symantec Corporation)
R1 SymNetS; C:\windows\System32\Drivers\NGCx64\160E020.00D\SYMNETS.SYS [566912 2018-05-29] (Symantec Corporation)
S3 wpCtrlDrv_NGC; C:\windows\System32\Drivers\NGCx64\160E020.00D\wpCtrlDrv.sys [1015592 2018-05-29] (Symantec Corporation)
S3 e1rexpress; system32\DRIVERS\e1r62x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-06 09:57 - 2018-08-06 09:59 - 000017875 _____ C:\Users\DavidParsons\Desktop\FRST.txt
2018-08-06 09:56 - 2018-08-06 09:56 - 002412544 _____ (Farbar) C:\Users\DavidParsons\Desktop\FRST64.exe
2018-08-06 04:44 - 2018-08-06 04:44 - 000000000 ____D C:\windows\System32\Tasks\Remediation
2018-08-05 19:23 - 2018-08-05 19:23 - 000003870 _____ C:\windows\System32\Tasks\CCleaner Update
2018-08-05 19:03 - 2018-08-05 19:03 - 000190696 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2018-08-05 19:03 - 2018-08-05 19:03 - 000112864 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2018-08-05 19:03 - 2018-08-05 19:03 - 000094328 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2018-08-05 19:03 - 2018-08-05 19:03 - 000044768 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2018-08-05 19:03 - 2018-08-05 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-08-05 19:00 - 2018-08-05 19:03 - 000253664 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-08-01 06:13 - 2018-08-01 06:13 - 000001825 _____ C:\Users\DavidParsons\Desktop\HOMM4 Editor.lnk
2018-07-30 13:26 - 2018-08-06 09:57 - 000000000 ____D C:\FRST
2018-07-23 23:53 - 2018-07-23 23:53 - 000001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2018-07-22 03:13 - 2018-06-16 13:07 - 025743872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-07-22 03:13 - 2018-06-16 12:36 - 020286464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-07-22 03:13 - 2018-06-16 11:46 - 015283200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-07-22 03:12 - 2018-06-20 20:58 - 000398376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2018-07-22 03:12 - 2018-06-20 20:00 - 000348824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-07-22 03:12 - 2018-06-16 12:46 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2018-07-22 03:12 - 2018-06-16 12:46 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2018-07-22 03:12 - 2018-06-16 12:33 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-07-22 03:12 - 2018-06-16 12:32 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2018-07-22 03:12 - 2018-06-16 12:31 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-07-22 03:12 - 2018-06-16 12:31 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-07-22 03:12 - 2018-06-16 12:31 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2018-07-22 03:12 - 2018-06-16 12:30 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2018-07-22 03:12 - 2018-06-16 12:27 - 005779968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-07-22 03:12 - 2018-06-16 12:24 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2018-07-22 03:12 - 2018-06-16 12:23 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2018-07-22 03:12 - 2018-06-16 12:20 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-07-22 03:12 - 2018-06-16 12:19 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2018-07-22 03:12 - 2018-06-16 12:19 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-07-22 03:12 - 2018-06-16 12:19 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-07-22 03:12 - 2018-06-16 12:19 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2018-07-22 03:12 - 2018-06-16 12:19 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2018-07-22 03:12 - 2018-06-16 12:12 - 000969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2018-07-22 03:12 - 2018-06-16 12:08 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2018-07-22 03:12 - 2018-06-16 12:06 - 000498176 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-07-22 03:12 - 2018-06-16 12:06 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2018-07-22 03:12 - 2018-06-16 12:05 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2018-07-22 03:12 - 2018-06-16 12:05 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2018-07-22 03:12 - 2018-06-16 12:04 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2018-07-22 03:12 - 2018-06-16 12:02 - 002295296 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-07-22 03:12 - 2018-06-16 12:02 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2018-07-22 03:12 - 2018-06-16 12:02 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2018-07-22 03:12 - 2018-06-16 12:01 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-07-22 03:12 - 2018-06-16 11:59 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2018-07-22 03:12 - 2018-06-16 11:59 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2018-07-22 03:12 - 2018-06-16 11:58 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2018-07-22 03:12 - 2018-06-16 11:57 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2018-07-22 03:12 - 2018-06-16 11:57 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2018-07-22 03:12 - 2018-06-16 11:56 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-07-22 03:12 - 2018-06-16 11:56 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2018-07-22 03:12 - 2018-06-16 11:55 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-07-22 03:12 - 2018-06-16 11:55 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2018-07-22 03:12 - 2018-06-16 11:53 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2018-07-22 03:12 - 2018-06-16 11:47 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2018-07-22 03:12 - 2018-06-16 11:44 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-07-22 03:12 - 2018-06-16 11:42 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-07-22 03:12 - 2018-06-16 11:42 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-07-22 03:12 - 2018-06-16 11:42 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2018-07-22 03:12 - 2018-06-16 11:42 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-07-22 03:12 - 2018-06-16 11:41 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2018-07-22 03:12 - 2018-06-16 11:40 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2018-07-22 03:12 - 2018-06-16 11:39 - 002135552 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-07-22 03:12 - 2018-06-16 11:39 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2018-07-22 03:12 - 2018-06-16 11:38 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2018-07-22 03:12 - 2018-06-16 11:37 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2018-07-22 03:12 - 2018-06-16 11:36 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2018-07-22 03:12 - 2018-06-16 11:34 - 004496384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-07-22 03:12 - 2018-06-16 11:32 - 013680128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-07-22 03:12 - 2018-06-16 11:30 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-07-22 03:12 - 2018-06-16 11:29 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-07-22 03:12 - 2018-06-16 11:28 - 002060288 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-07-22 03:12 - 2018-06-16 11:27 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-07-22 03:12 - 2018-06-16 11:27 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2018-07-22 03:12 - 2018-06-16 11:16 - 001545216 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-07-22 03:12 - 2018-06-16 11:08 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-07-22 03:12 - 2018-06-16 11:05 - 001313792 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-07-22 03:12 - 2018-06-16 11:04 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-07-22 03:12 - 2018-06-16 11:04 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-07-22 03:12 - 2018-06-13 12:23 - 000140992 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-07-22 03:12 - 2018-06-13 12:20 - 014185984 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2018-07-22 03:12 - 2018-06-13 12:19 - 001867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2018-07-22 03:12 - 2018-06-13 12:18 - 000680960 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-07-22 03:12 - 2018-06-13 11:55 - 012880384 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2018-07-22 03:12 - 2018-06-13 11:54 - 001499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2018-07-22 03:12 - 2018-06-13 11:40 - 003226112 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-07-22 03:12 - 2018-06-08 12:27 - 005577408 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-07-22 03:12 - 2018-06-08 12:27 - 000708288 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-07-22 03:12 - 2018-06-08 12:27 - 000262336 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-07-22 03:12 - 2018-06-08 12:27 - 000154816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2018-07-22 03:12 - 2018-06-08 12:27 - 000095424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2018-07-22 03:12 - 2018-06-08 12:23 - 000631640 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2018-07-22 03:12 - 2018-06-08 12:22 - 001665344 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-07-22 03:12 - 2018-06-08 12:21 - 000369664 _____ (Microsoft Corporation) C:\windows\system32\zipfldr.dll
2018-07-22 03:12 - 2018-06-08 12:21 - 000361984 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2018-07-22 03:12 - 2018-06-08 12:21 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2018-07-22 03:12 - 2018-06-08 12:21 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2018-07-22 03:12 - 2018-06-08 12:21 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2018-07-22 03:12 - 2018-06-08 12:21 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 002066432 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 001461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 001211904 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000512000 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000094208 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000026112 _____ (Microsoft Corporation) C:\windows\system32\oleres.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2018-07-22 03:12 - 2018-06-08 12:19 - 000357888 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2018-07-22 03:12 - 2018-06-08 12:19 - 000182272 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2018-07-22 03:12 - 2018-06-08 12:19 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2018-07-22 03:12 - 2018-06-08 12:19 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2018-07-22 03:12 - 2018-06-08 12:19 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2018-07-22 03:12 - 2018-06-08 12:19 - 000008704 _____ (Microsoft Corporation) C:\windows\system32\comcat.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:02 - 004050624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2018-07-22 03:12 - 2018-06-08 12:02 - 003962048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2018-07-22 03:12 - 2018-06-08 11:57 - 001314072 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 001417728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000330240 _____ (Microsoft Corporation) C:\windows\SysWOW64\zipfldr.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleres.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000269824 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:44 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2018-07-22 03:12 - 2018-06-08 11:44 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-07-22 03:12 - 2018-06-08 11:44 - 000030208 _____ (Microsoft Corporation) C:\windows\system32\dnscacheugc.exe
2018-07-22 03:12 - 2018-06-08 11:44 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2018-07-22 03:12 - 2018-06-08 11:43 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2018-07-22 03:12 - 2018-06-08 11:39 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2018-07-22 03:12 - 2018-06-08 11:38 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2018-07-22 03:12 - 2018-06-08 11:38 - 000129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys
2018-07-22 03:12 - 2018-06-08 11:34 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2018-07-22 03:12 - 2018-06-08 11:34 - 000159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-07-22 03:12 - 2018-06-08 11:34 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2018-07-22 03:12 - 2018-06-08 11:33 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2018-07-22 03:12 - 2018-06-08 11:33 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2018-07-22 03:12 - 2018-06-08 11:29 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\comcat.dll
2018-07-22 03:12 - 2018-06-08 11:28 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnscacheugc.exe
2018-07-22 03:12 - 2018-06-08 11:27 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2018-07-22 03:12 - 2018-06-08 11:21 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2018-07-22 03:12 - 2018-06-08 11:21 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2018-07-22 03:12 - 2018-06-08 11:21 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2018-07-22 03:12 - 2018-06-08 11:21 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2018-07-22 03:12 - 2018-06-08 11:19 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2018-07-22 03:12 - 2018-06-08 11:19 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:19 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:19 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 09:05 - 002860032 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-07-22 03:12 - 2018-06-08 09:05 - 001602048 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-07-22 03:12 - 2018-06-08 09:05 - 000783872 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-07-22 03:12 - 2018-06-08 09:05 - 000612352 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-07-22 03:12 - 2018-06-08 09:05 - 000470016 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2018-07-22 03:12 - 2018-06-08 09:05 - 000443392 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-07-22 03:12 - 2018-06-08 09:05 - 000301056 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-07-22 03:12 - 2018-06-08 09:05 - 000246272 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-07-22 03:12 - 2018-06-07 12:20 - 000022528 _____ (Microsoft Corporation) C:\windows\system32\wfapigp.dll
2018-07-22 03:12 - 2018-06-07 12:19 - 000828928 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2018-07-22 03:12 - 2018-06-07 12:19 - 000749568 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2018-07-22 03:12 - 2018-06-07 12:19 - 000108544 _____ (Microsoft Corporation) C:\windows\system32\icfupgd.dll
2018-07-22 03:12 - 2018-06-07 11:57 - 000463360 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2018-07-22 03:12 - 2018-06-07 11:49 - 000077312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2018-07-22 03:12 - 2018-06-07 11:34 - 000018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wfapigp.dll
2018-07-22 03:12 - 2018-05-31 12:28 - 001893568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-07-22 03:12 - 2018-05-31 12:28 - 000377024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2018-07-22 03:12 - 2018-05-31 12:28 - 000287936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2018-07-22 03:12 - 2018-05-02 11:32 - 000344064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2018-07-22 03:12 - 2018-05-02 11:32 - 000325632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2018-07-22 03:12 - 2018-05-02 11:32 - 000099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2018-07-22 03:12 - 2018-05-02 11:32 - 000056320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2018-07-22 03:12 - 2018-05-02 11:32 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2018-07-22 03:12 - 2018-05-02 11:32 - 000025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2018-07-22 03:12 - 2018-05-02 11:32 - 000007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2018-07-22 03:12 - 2018-04-26 09:05 - 000998912 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000918296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000065880 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000063832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000021848 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000020824 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000019288 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000018776 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000016216 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000015704 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000015704 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000015192 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000014168 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000014168 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000013656 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000013656 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000013656 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000013152 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012632 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011096 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011096 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011096 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011096 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-07-22 03:12 - 2018-04-25 12:02 - 000124416 _____ (Microsoft Corporation) C:\windows\system32\wkssvc.dll
2018-07-22 03:12 - 2018-04-25 11:18 - 000115200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2018-07-09 16:12 - 2018-07-26 13:14 - 000000000 ____D C:\Users\DavidParsons\AppData\Local\User Data
2018-07-09 16:12 - 2018-07-09 16:12 - 000000000 ____D C:\Users\DavidParsons\AppData\Local\nwjs
2018-07-09 05:53 - 2018-07-09 05:55 - 000000000 ____D C:\Users\DavidParsons\Documents\Games - Copy
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-06 04:29 - 2009-07-14 00:45 - 000022304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-06 04:29 - 2009-07-14 00:45 - 000022304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-06 04:25 - 2016-11-02 09:47 - 000000000 __SHD C:\Users\DavidParsons\IntelGraphicsProfiles
2018-08-06 04:25 - 2009-07-14 01:13 - 000848928 _____ C:\windows\system32\PerfStringBackup.INI
2018-08-06 04:25 - 2009-07-13 23:20 - 000000000 ____D C:\windows\inf
2018-08-06 04:19 - 2016-10-27 15:02 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-06 04:19 - 2009-07-14 01:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-08-05 19:34 - 2017-01-30 17:12 - 000000000 ____D C:\Program Files (x86)\Steam
2018-08-05 19:34 - 2016-11-04 01:33 - 000000000 ____D C:\Users\DavidParsons\AppData\Local\CrashDumps
2018-08-05 19:23 - 2017-02-22 13:30 - 000000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-05 19:23 - 2017-02-22 13:30 - 000000000 ____D C:\Program Files\CCleaner
2018-08-05 19:22 - 2016-11-03 21:17 - 000000000 ____D C:\Users\DavidParsons\Downloads\Misc
2018-08-05 19:03 - 2017-03-12 00:02 - 000001873 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-08-01 11:36 - 2016-11-02 13:18 - 000000000 ____D C:\Users\DavidParsons\AppData\Roaming\KeePass
2018-07-31 20:06 - 2018-02-02 20:53 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-31 20:06 - 2018-02-02 20:53 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-30 13:43 - 2016-11-02 13:19 - 000084046 _____ C:\Users\DavidParsons\Documents\NewDatabase.kdbx
2018-07-25 03:42 - 2017-11-17 21:33 - 000000000 ____D C:\Users\DavidParsons\Documents\Games
2018-07-23 23:53 - 2017-11-24 14:57 - 000001025 _____ C:\Users\Public\Desktop\Notepad++.lnk
2018-07-23 19:10 - 2018-01-22 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-23 19:09 - 2018-01-22 21:31 - 000098680 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2018-07-23 19:09 - 2018-01-22 21:31 - 000000000 ____D C:\Program Files (x86)\Java
2018-07-22 03:20 - 2009-07-14 00:45 - 000302984 _____ C:\windows\system32\FNTCACHE.DAT
2018-07-22 03:18 - 2015-08-13 16:59 - 000000000 ____D C:\windows\system32\appraiser
2018-07-14 05:12 - 2015-01-08 19:55 - 000000000 ____D C:\windows\system32\MRT
2018-07-14 05:09 - 2015-01-08 19:55 - 134675576 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-07-10 16:13 - 2018-01-11 06:46 - 000000000 ____D C:\ProgramData\Norton
2018-07-10 08:26 - 2009-07-14 01:08 - 000032588 _____ C:\windows\Tasks\SCHEDLGU.TXT
2018-07-09 05:49 - 2016-10-27 14:46 - 000000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2017-03-11 23:31 - 2017-03-11 23:31 - 000895425 _____ () C:\Users\DavidParsons\AppData\Local\ars.cache
2017-03-11 23:31 - 2017-03-11 23:31 - 000652418 _____ () C:\Users\DavidParsons\AppData\Local\census.cache
2017-03-11 23:21 - 2017-03-11 23:21 - 000000036 _____ () C:\Users\DavidParsons\AppData\Local\housecall.guid.cache
2018-01-20 08:10 - 2018-01-20 08:10 - 000002842 _____ () C:\Users\DavidParsons\AppData\Local\recently-used.xbel
2016-11-02 11:13 - 2016-11-02 11:13 - 000007605 _____ () C:\Users\DavidParsons\AppData\Local\Resmon.ResmonCfg
2017-03-11 23:31 - 2017-03-11 23:31 - 000000010 _____ () C:\Users\DavidParsons\AppData\Local\sponge.last.runtime.cache
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-11 17:37
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by DavidParsons (06-08-2018 09:59:17)
Running from C:\Users\DavidParsons\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-11-02 13:30:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2104879264-961568624-574168726-500 - Administrator - Disabled)
DavidParsons (S-1-5-21-2104879264-961568624-574168726-1001 - Administrator - Enabled) => C:\Users\DavidParsons
DNP (S-1-5-21-2104879264-961568624-574168726-1008 - Limited - Enabled) => C:\Users\DNP.DavidParsons-PC
Guest (S-1-5-21-2104879264-961568624-574168726-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2104879264-961568624-574168726-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Norton Security Suite (Enabled - Up to date) {589C5C7B-A77A-1B8E-C99B-B02AE9B836F0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Advanced Tactics Gold (HKLM-x32\...\Advanced Tactics Gold2.00c) (Version: 2.21s - Matrix Games)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 375.70 - NVIDIA Corporation) Hidden
Battle Brothers (HKLM-x32\...\1590012242_is1) (Version: 1.1.0.2 - GOG.com)
Battle Worlds - Kronos (HKLM-x32\...\1207660124_is1) (Version: 2.2.0.9 - GOG.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dragon Age - Origins - Ultimate Edition (HKLM-x32\...\1949616134_is1) (Version: 2.1.0.4 - GOG.com)
Eador - Masters of the Broken World (HKLM-x32\...\1207659194_is1) (Version: 2.6.0.26 - GOG.com)
e-Sword (HKLM-x32\...\{1D3D8773-56B9-44F0-ACC6-3DEA462E665F}) (Version: 11.01.0000 - Rick Meyers)
Expeditions - Conquistador (HKLM-x32\...\GOGPACKEXPEDITIONSCONQ_is1) (Version: 2.3.0.14 - GOG.com)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
GOG.com Heroes of Might and Magic 3 (HKLM\...\{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Heroes of Might and Magic 3 Complete (4.0) (HKLM-x32\...\1207658787_is1) (Version: 0.1.1.310 - GOG.com)
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\1207661193_is1) (Version: 2.1.0.24 - GOG.com)
Heroes of Might and Magic V with Hammers of Fate (HKLM-x32\...\1207661143_is1) (Version: 2.1.0.22 - GOG.com)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Network Connections 20.2.3001.0 (HKLM\...\PROSetDX) (Version: 20.2.3001.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.2.42 - Intel Corporation)
IRMG (HKLM-x32\...\{F00F3D18-AD99-4F18-8E6A-295B402FB0FC}) (Version: 1.7.9 - Idan Hollander(Edited by DWP))
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
KeePass Password Safe 2.10 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
Knights of Pen and Paper +1 Edition (HKLM-x32\...\1320675280_is1) (Version: 2.0.0.4 - GOG.com)
Legends of Eisenwald - Road to Iron Forest (HKLM-x32\...\Legends of Eisenwald: Road to Iron Forest_is1) (Version: 2.1.0.4 - GOG.com)
Legends of Eisenwald (HKLM-x32\...\1441229340_is1) (Version: 2.4.0.6 - GOG.com)
Mailbird (HKLM\...\{6AC56348-7669-4FE7-A89D-74500555FBA8}) (Version: 2.5.10 - Mailbird)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Norton Security Suite (HKLM-x32\...\NGC) (Version: 22.14.2.13 - Symantec Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Opus Magnum (HKLM-x32\...\1123993222_is1) (Version: 20180130 - GOG.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7701 - Realtek Semiconductor Corp.)
RTMG 1.5.6 (HKLM-x32\...\RTMG Random (Template) Map Generator_is1) (Version: 1.5.6 - SimonaK)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SMPlayer 17.5.0 (HKLM-x32\...\SMPlayer) (Version: 17.5.0 - Ricardo Villalba)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Thea: The Awakening (HKLM-x32\...\1452699415_is1) (Version: 1.20.3919.0 - GOG.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Xenonauts (HKLM-x32\...\1207664803_is1) (Version: 2.3.0.13 - GOG.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-12-31] ()
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\NavShExt.dll [2018-05-30] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\NavShExt.dll [2018-05-30] (Symantec Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2016-10-14] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\NavShExt.dll [2018-05-30] (Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {3FC34E31-C515-446A-B95F-1AD2E592B25E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-02] (Google Inc.)
Task: {49ECC514-51F3-4F8C-9CAD-15F12568912E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {7A9D073B-CD2A-4E9A-BAFE-D9AA6E35BC01} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2018-05-30] (Symantec Corporation)
Task: {7E2AC7B2-5B4B-40AA-B58C-A33267028868} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\WSCStub.exe [2018-05-30] (Symantec Corporation)
Task: {84825A32-AFE6-473D-99A3-D6489FCE80CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-02] (Google Inc.)
Task: {999FF868-9685-43F0-9E95-56745EB0633C} - System32\Tasks\{ECA16769-6376-4584-9A7E-DFC8075C2E3A} => C:\windows\system32\pcalua.exe -a C:\Users\DavidParsons\Downloads\Games\OpenGeneral\InstallOpenGeneral.exe -d C:\Users\DavidParsons\Downloads\Games\OpenGeneral
Task: {B276B639-52D8-4332-A8AC-5B7280BDD17E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {BC25FAF6-AE98-4876-B84B-B75D5D25ED05} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\SymErr.exe [2018-05-29] (Symantec Corporation)
Task: {D9EE9B4D-7D28-4199-A217-BB9D0C4468B7} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\SymErr.exe [2018-05-29] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-27 15:02 - 2016-06-14 21:14 - 000369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 003613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 000289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-10-27 15:02 - 2016-12-29 09:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 002667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 001990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 001842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 000208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 000035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 000921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-12-31 21:07 - 2017-12-31 21:07 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-07-31 20:06 - 2018-07-30 19:32 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libglesv2.dll
2018-07-31 20:06 - 2018-07-30 19:32 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libegl.dll
2016-11-02 13:17 - 2010-03-04 15:39 - 000286720 _____ () C:\Program Files (x86)\KeePass Password Safe 2\KeePass.XmlSerializers.dll
2015-10-16 06:14 - 2015-10-16 06:14 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2104879264-961568624-574168726-1001\...\hulu.com -> hxxps://www.hulu.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2017-03-11 21:58 - 000000826 ____N C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2104879264-961568624-574168726-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{4C07D8B2-6F9B-4732-9993-5A4BE854B150}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8D200AE2-07FB-402E-83E1-7AFAE7C17736}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDFB07C8-AA2B-487D-9063-474CBE617708}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{58DEBFBD-D414-47D9-93A3-B3BBDE271B9C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{946D5B29-CC5B-4CEA-A427-0B5F74EC6C4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{70998F83-54C5-4EE3-B716-9F0D0E814FBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C5AD5928-993C-418C-BEE7-C5DF02846E30}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CAAE443B-B579-4D9F-A846-886FAED20BC7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{70320098-45D2-43E5-89CF-554595FEAE7A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0A682E25-9C21-4ECF-8429-C08231924E96}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4F147817-F839-42B9-B980-BCF70D7E634E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9CE97264-40E8-4489-BAF5-696A61342CCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{257F2956-1817-4F61-A009-E30D965AC220}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [TCP Query User{B1BC4E9B-580D-4157-A609-012363D98592}C:\matrix games\advanced tactics gold\update.exe] => (Allow) C:\matrix games\advanced tactics gold\update.exe
FirewallRules: [UDP Query User{C8C08EB0-FB9B-4253-9D3F-063E6C520328}C:\matrix games\advanced tactics gold\update.exe] => (Allow) C:\matrix games\advanced tactics gold\update.exe
FirewallRules: [{D09F8F3E-74C4-41F8-8B2A-8CD523FF5AB8}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\DragonAgeToolset.exe
FirewallRules: [{FF1A5603-3B40-48F3-A9DE-69721EDEFDC7}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\DragonAgeToolset.exe
FirewallRules: [{CC27BAC6-CD6B-4CE3-B362-AA01A9B2D2DF}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\RPU.exe
FirewallRules: [{7FBF1BF1-52FB-4418-B7AD-4A4F7A87CD3B}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\RPU.exe
FirewallRules: [{679B12E1-C8EE-4E54-8583-4EF65FCD7E39}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\lightmapper\eclipseRay.exe
FirewallRules: [{7BD10282-07C5-4BA9-BEC8-A096C29DBEB3}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\lightmapper\eclipseRay.exe
FirewallRules: [{35B5B8C8-7C89-4CB6-B349-4AB5AC2BA235}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\GffEditor.exe
FirewallRules: [{C12152EA-55CE-457E-AD65-77A3ED78FEAD}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\GffEditor.exe
FirewallRules: [{B2B28F80-2174-4A41-9829-899C88FA18F9}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\ErfEditor.exe
FirewallRules: [{14ED6833-238F-428A-AB2C-862B92E9EC44}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\ErfEditor.exe
FirewallRules: [TCP Query User{627CC392-558F-4F82-B38E-7C5B276193F7}C:\windows\syswow64\regsvr32.exe] => (Allow) C:\windows\syswow64\regsvr32.exe
FirewallRules: [UDP Query User{9ECB131C-8265-4F9E-9413-26A0A1B16E9E}C:\windows\syswow64\regsvr32.exe] => (Allow) C:\windows\syswow64\regsvr32.exe
FirewallRules: [TCP Query User{4034B519-6D71-4D0A-A4D7-ED0C34A76210}C:\gog games\dragon age origins\bin_ship\daorigins.exe] => (Allow) C:\gog games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{BC72F25D-2441-4F03-9ACE-329019191C7E}C:\gog games\dragon age origins\bin_ship\daorigins.exe] => (Allow) C:\gog games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [{8FBFBD94-C0A3-4C66-861B-8017C08E262C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Field of Glory II\autorun.exe
FirewallRules: [{1D52D6D4-F7C0-4A0A-B34A-283AF7B90337}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Field of Glory II\autorun.exe
FirewallRules: [{FC1B2934-E0FE-402D-A51B-A1B68F0ED6EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Maker MV\RPGMV.exe
FirewallRules: [{F50BC17F-9BD6-4123-99B8-52249ECC0BBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Maker MV\RPGMV.exe
FirewallRules: [{2560032E-3512-405E-871A-10827196B1E2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EE0F925F-A999-419B-A035-5D23D9398BAA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7F65A623-0D1B-43D6-BCA6-32295B84D2C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E09B52EF-D0A2-4AC6-9601-8EA143C2B049}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8FC08F29-FBDA-4C21-AEC1-6B272DD5C941}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E12EF745-3A15-453B-95E2-E4381F527143}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{7696DFBE-2D58-4022-A8B7-4747C91A5815}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
 
==================== Restore Points =========================
 
03-02-2018 18:29:02 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
03-02-2018 18:29:20 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
26-02-2018 18:26:15 Windows Update
28-02-2018 20:30:06 Windows Update
16-03-2018 03:23:50 Windows Update
01-04-2018 14:27:37 Windows Update
08-04-2018 07:26:01 Windows Update
14-04-2018 09:37:19 Windows Update
21-04-2018 02:12:37 Windows Update
12-05-2018 04:20:58 Windows Update
17-06-2018 02:43:58 Windows Update
24-06-2018 07:58:17 Installed Mailbird
09-07-2018 05:48:40 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
09-07-2018 05:49:07 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
09-07-2018 05:49:19 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
09-07-2018 05:49:50 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
14-07-2018 05:09:29 Windows Update
22-07-2018 03:13:35 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/06/2018 04:21:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/05/2018 07:00:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1247, time stamp: 0x59f37972
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x1620
Faulting application start time: 0x01d42d1027f6b839
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 69d26dd9-9903-11e8-ae4b-708bcd806a39
 
Error: (08/05/2018 07:00:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Exception code: 0xc0000005
Fault offset: 0x00000000001c6e66
Faulting process id: 0x804
Faulting application start time: 0x01d42d1028b06379
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Report Id: 67594019-9903-11e8-ae4b-708bcd806a39
 
Error: (08/05/2018 03:06:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/05/2018 05:14:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/04/2018 02:32:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/04/2018 03:27:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/03/2018 03:35:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (08/05/2018 07:00:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (08/04/2018 10:34:09 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.
 
Error: (08/02/2018 12:33:37 AM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.
 
Error: (07/28/2018 07:51:53 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.
 
Error: (07/25/2018 08:56:57 AM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.
 
Error: (07/25/2018 05:30:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/25/2018 05:30:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (07/10/2018 06:52:15 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.
 
 
Windows Defender:
===================================
Date: 2018-01-12 01:33:38.629
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{DBF64B4E-0362-4921-8E68-BF4DBD8BE86C}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2018-01-12 01:07:14.018
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{B5E6F7C8-DF0C-45C3-993E-3E0B65852E8A}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2018-01-12 01:02:34.871
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{9463AFF2-EC8C-48EE-A344-441440656DC9}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2018-01-12 01:01:11.540
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{E5368119-FD6B-484B-8E54-04A4422AF780}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 14%
Total physical RAM: 16283.55 MB
Available physical RAM: 13867.37 MB
Total Virtual: 32565.27 MB
Available Virtual: 30172.67 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:931.02 GB) (Free:674.17 GB) NTFS
 
\\?\Volume{758274c3-a0fe-11e6-88dd-806e6f6e6963}\ (System) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B075FAC9)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,244 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 06 August 2018 - 01:01 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

SearchScopes: HKU\S-1-5-21-2104879264-961568624-574168726-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=360&chn=1122&geo=US&ver=22.11.2.7&locale=en_US&guid=37C74F79-7BB5-4ADF-A575-AA1BCDC8C3E0&doi=2016-09-01&gct=kwd&qsrc=2869
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\Exts\Chrome.crx <not found

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your log show that Malwarebytes is Diaabled.
This program works well with Norton.
There are a number of error with MBAM reported on your Addition.txt log.

If the problem persists follow these instructions.

Download and run the Malwarebytes Cleanup Utility
https://support.malwarebytes.com/docs/DOC-1112

When completed restart the computer normally to reset the registry.

Reinstall the Malwarebytes and scan the computer. Remove all the entries that will be found.

===

Let me know if Chrome problem persists.

#3 dnparsons

dnparsons
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 06 August 2018 - 07:10 PM

Thanks for the quick response.
 
I created fixlist.txt and ran FRST64. The log is at the end of the post.
I downloaded and ran the Malwarebytes Cleanup Utility.
I downloaded, installed, and ran the latest free Home version of Malwarebytes.
When the scan completed, it reported no threats detected.
The computer restarted at a number of points. At the end I did a Shutdown and hard boot.
 
While going through this process, the browser did not open by itself. In the past, the computer might run without incident for hours before acting up again. I would like to give it 24 hours before declaring that this is resolved.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by DavidParsons (06-08-2018 19:02:17) Run:1
Running from C:\Users\DavidParsons\Desktop
Loaded Profiles: DavidParsons (Available Profiles: DavidParsons & DNP)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
SearchScopes: HKU\S-1-5-21-2104879264-961568624-574168726-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=360&chn=1122&geo=US&ver=22.11.2.7&locale=en_US&guid=37C74F79-7BB5-4ADF-A575-AA1BCDC8C3E0&doi=2016-09-01&gct=kwd&qsrc=2869
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\Exts\Chrome.crx <not found
 
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2104879264-961568624-574168726-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => removed successfully
HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
"HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe" => removed successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2601:589:c400:5491:64c3:4d5:73d6:5108
   Temporary IPv6 Address. . . . . . : 2601:589:c400:5491:f53c:9534:847:b375
   Link-local IPv6 Address . . . . . : fe80::64c3:4d5:73d6:5108%12
   Default Gateway . . . . . . . . . : fe80::4aee:cff:fef0:28c6%12
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.hsd1.fl.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : hsd1.fl.comcast.net.
   IPv6 Address. . . . . . . . . . . : 2601:589:c400:5491:64c3:4d5:73d6:5108
   Temporary IPv6 Address. . . . . . : 2601:589:c400:5491:f53c:9534:847:b375
   Link-local IPv6 Address . . . . . : fe80::64c3:4d5:73d6:5108%12
   IPv4 Address. . . . . . . . . . . : 192.168.0.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::4aee:cff:fef0:28c6%12
                                       192.168.0.1
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.hsd1.fl.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 19:02:39 ====


#4 dnparsons

dnparsons
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 07 August 2018 - 08:10 PM

Thanks for your help.
 
The browser did not misbehave today, so I am going to consider this resolved.


#5 dnparsons

dnparsons
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 08 August 2018 - 05:29 AM

I'm afraid I celebrated too soon. The  browser has opened 3 times since I logged in an hour ago. I'm not sure what to do, now.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,244 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 08 August 2018 - 07:25 AM

This could be a Syncing issue?

Are you Syncing Chrome with other devices?
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

#7 dnparsons

dnparsons
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 09 August 2018 - 06:02 AM

I went through the steps in that thread. After I reset sync in Chrome, I decided not to log in to Chrome sync under settings and just left it off. A browser window opened as I was going through the recommendations in the second post, so I downloaded and ran Adwcleaner. The scan was clean. After I ran the basic repair and re-booted, the incidents stopped for the rest of the afternoon. A browser window opened around 6PM, but things remained quiet after that for the rest of the evening.
 
Within seconds after booting and logging in to the desktop this morning, browser windows started opening up. They opened as fast as I could close them. Maybe 2 dozen opened over the course of the next minute, then the incidents stopped as quickly as they started. Since then it has been quiet.
 
Any suggestions on the next step?


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,244 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 09 August 2018 - 07:12 AM

Hi,

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#9 dnparsons

dnparsons
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 09 August 2018 - 09:09 AM

I followed your instructions to run RogueKiller. The report is below:
 
RogueKiller V12.12.30.0 (x64) [Aug  6 2018] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : DavidParsons [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 08/09/2018 09:46:04 (Duration : 00:13:41)
 
¤¤¤ Processes : 1 ¤¤¤
[Tr.SystemaRev] nortonsecurity.exe(1952) -- C:\Program Files (x86)\Norton Security Suite\Engine\22.14.2.13\NortonSecurity.exe[7] -> Found
 
¤¤¤ Registry : 6 ¤¤¤
[Tr.SystemaRev] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MailbirdUpdater.exe ("C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe" /runservice) -> Found
[Tr.SystemaRev] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MailbirdUpdater.exe ("C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe" /runservice) -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2104879264-961568624-574168726-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2104879264-961568624-574168726-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2104879264-961568624-574168726-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2104879264-961568624-574168726-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 2 ¤¤¤
[Tr.SystemaRev][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mailbird\Check for updates.lnk [LNK@] C:\PROGRA~2\Mailbird\MAILBI~1.EXE /checknow -> Found
[Tr.SystemaRev][File] C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-75WN4A0 SCSI Disk Device +++++
--- User ---
[MBR] 94482a3d17dc2ddf935f0faeb9b46beb
[BSP] bb3634a505f00f60ccd5c3639b07d6ac : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 499 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1024000 | Size: 953368 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,244 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 09 August 2018 - 10:18 AM

Hi,

Check this out.
What is SYSTEMAREV Virus?
http://www.virusremovalguidelines.com/adware/guide-to-remove-systemarev-virus

Run the RogueKiller program and delete all the entries listed as [Tr.SystemaRev] in all the sections.

Restart the computer normally.

p.s.

If these programs are not working normally after the fix reinstall them.
norton security.
MailbirdUpdater


Keep me posted.

#11 dnparsons

dnparsons
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 09 August 2018 - 08:21 PM

After each re-boot, the Norton process would re-appear and get flagged by RogueKiller, even though I had RogueKiller delete it. Based on this, I deleted it with RogueKiller, but before re-booting, I uninstalled Norton and re-installed it.
 
I was also planning to uninstall Mailbird, and not re-install it, but the uninstall file was corrupt and Mailbird refused to uninstall. For now, I renamed the Mailbird folder under Program Files, and ran CCleaner to backup and delete the Mailbird registry entries that were pointing to missing files.
 
Since I re-booted a few hours ago the Norton process is not getting flagged by RogueKiller, and I have had no random browser openings.
 
... fingers crossed.

Edited by dnparsons, 09 August 2018 - 08:22 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,244 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 10 August 2018 - 06:57 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

This topic will be closed in 6 days.
Return before if you have too.

#13 dnparsons

dnparsons
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 10 August 2018 - 06:52 PM

The browser has opened by itself twice in the last hour. When I ran RogueKiller it informed me of an update. I uninstalled it and downloaded the latest version from the Adlice site. I had to be careful because the download page on their site has a bunch of googleads that are disguised as "Download Now" buttons. The scan only detected the 4 PUMs. Based on their PUM page, I checked all 4 and removed them. The report is below:
 
RogueKiller V12.12.31.0 (x64) [Aug 10 2018] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : DavidParsons [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 08/10/2018 19:19:31 (Duration : 00:14:35)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2104879264-961568624-574168726-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2104879264-961568624-574168726-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2104879264-961568624-574168726-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2104879264-961568624-574168726-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-75WN4A0 SCSI Disk Device +++++
--- User ---
[MBR] 94482a3d17dc2ddf935f0faeb9b46beb
[BSP] bb3634a505f00f60ccd5c3639b07d6ac : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 499 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1024000 | Size: 953368 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,244 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 11 August 2018 - 06:53 AM

Hi,

Please run the Farbar program and scan the computer.
Post fresh FRST.TXT and Addition.txt logs for my review.

To create a fresh Addition.txt file make that the box to create one is checked.

#15 dnparsons

dnparsons
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 11 August 2018 - 08:05 AM

Thx for sticking with this. The browser is opening every few seconds as I type this in Notepad++. The reports requested are below:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by DavidParsons (administrator) on DAVIDPARSONS-PC (11-08-2018 08:17:55)
Running from C:\Users\DavidParsons\Desktop
Loaded Profiles: DavidParsons (Available Profiles: DavidParsons & DNP)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.0.54\NortonSecurity.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.0.54\NortonSecurity.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-09-25] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2104879264-961568624-574168726-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-2104879264-961568624-574168726-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1523200 2010-03-04] (Dominik Reichl)
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{35F54124-C28B-4B17-9430-C98D34EE01DB}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2104879264-961568624-574168726-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKU\S-1-5-21-2104879264-961568624-574168726-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1122&geo=US&ver=22.14.0.54&locale=en_US&guid=37C74F79-7BB5-4ADF-A575-AA1BCDC8C3E0&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-23] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-23] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2104879264-961568624-574168726-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-08-11]
CHR Extension: (Slides) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-08]
CHR Extension: (Docs) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-08]
CHR Extension: (Google Drive) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-08]
CHR Extension: (YouTube) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-08-09]
CHR Extension: (Sheets) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-08]
CHR Extension: (Google Docs Offline) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-08]
CHR Extension: (Gmail) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-08]
CHR Extension: (Chrome Media Router) - C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-08]
CHR Profile: C:\Users\DavidParsons\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-09]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-12] (Foxit Software Inc.)
R2 igfxCUIService2.0.0.0; C:\windows\system32\igfxCUIService.exe [333288 2016-10-14] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.14.0.54\NortonSecurity.exe [328712 2018-04-04] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.14.0.54\Definitions\BASHDefs\20180807.003\BHDrvx64.sys [1919568 2018-08-07] (Symantec Corporation)
R1 ccSet_NGC; C:\windows\system32\drivers\NGCx64\160E000.036\ccSetx64.sys [187544 2018-04-03] (Symantec Corporation)
R3 e1dexpress; C:\windows\System32\DRIVERS\e1d62x64.sys [502256 2015-08-12] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-04-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-08-09] (Symantec Corporation)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [152688 2018-06-19] (Malwarebytes)
R0 iaStorF; C:\windows\System32\drivers\iaStorF.sys [31728 2015-11-12] (Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.14.0.54\Definitions\IPSDefs\20180810.001\IDSvia64.sys [1305168 2018-08-08] (Symantec Corporation)
S3 iusb3adp; C:\windows\system32\drivers\iusb3adp.sys [37672 2015-07-28] (Intel)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [191208 2018-08-06] (Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [114920 2018-08-11] (Malwarebytes)
R3 MBAMProtection; C:\windows\System32\DRIVERS\mbam.sys [48360 2018-08-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253664 2018-08-11] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [92792 2018-08-11] (Malwarebytes)
R3 MEIx64; C:\windows\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-08] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
S3 NVSWCFilter; C:\windows\system32\drivers\nvswcfilter.sys [28344 2016-03-04] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 SRTSP; C:\windows\system32\drivers\NGCx64\160E000.036\SRTSP64.SYS [835664 2018-04-03] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NGCx64\160E000.036\SRTSPX64.SYS [49232 2018-04-03] (Symantec Corporation)
R3 sshid; C:\windows\System32\DRIVERS\sshid.sys [51400 2016-05-27] (SteelSeries ApS)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\160E000.036\SYMEFASI64.SYS [1942096 2018-04-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-08-09] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NGCx64\160E000.036\Ironx64.SYS [307792 2018-04-03] (Symantec Corporation)
R1 SymNetS; C:\windows\system32\drivers\NGCx64\160E000.036\SYMNETS.SYS [566936 2018-04-03] (Symantec Corporation)
S3 wpCtrlDrv_NGC; C:\windows\system32\drivers\NGCx64\160E000.036\wpCtrlDrv.sys [1007592 2018-04-03] (Symantec Corporation)
S3 e1rexpress; system32\DRIVERS\e1r62x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-11 08:17 - 2018-08-11 08:19 - 000017018 _____ C:\Users\DavidParsons\Desktop\FRST.txt
2018-08-11 08:08 - 2018-08-11 08:08 - 002412544 _____ (Farbar) C:\Users\DavidParsons\Desktop\FRST64.exe
2018-08-10 19:19 - 2018-08-10 19:19 - 000000864 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-08-10 19:19 - 2018-08-10 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-08-10 19:19 - 2018-08-10 19:19 - 000000000 ____D C:\Program Files\RogueKiller
2018-08-10 18:57 - 2018-08-10 18:57 - 000000000 ____D C:\windows\System32\Tasks\Remediation
2018-08-10 12:42 - 2018-08-10 12:42 - 000004502 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-08-09 12:45 - 2018-08-09 12:45 - 000004228 _____ C:\windows\System32\Tasks\Norton Security Scan for DavidParsons
2018-08-09 12:45 - 2018-08-09 12:45 - 000000000 ____D C:\windows\system32\Drivers\NSSx64
2018-08-09 12:45 - 2018-08-09 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2018-08-09 12:45 - 2018-08-09 12:45 - 000000000 ____D C:\Program Files (x86)\Norton Security Scan
2018-08-09 12:25 - 2018-08-09 12:25 - 000000000 ____D C:\windows\System32\Tasks\Norton Security with Backup
2018-08-09 12:19 - 2018-08-09 12:19 - 000099920 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2018-08-09 12:19 - 2018-08-09 12:19 - 000010364 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2018-08-09 12:19 - 2018-08-09 12:19 - 000003206 _____ C:\windows\System32\Tasks\Norton WSC Integration
2018-08-09 12:19 - 2018-08-09 12:19 - 000002162 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-08-09 12:19 - 2018-08-09 12:19 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2018-08-09 12:17 - 2018-08-09 12:45 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2018-08-09 12:17 - 2018-08-09 12:19 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-08-09 12:17 - 2018-08-09 12:17 - 000000000 ____D C:\windows\system32\Drivers\NGCx64
2018-08-09 12:17 - 2018-08-09 12:17 - 000000000 ____D C:\Program Files\Norton Security
2018-08-09 09:46 - 2018-08-10 22:38 - 000028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2018-08-09 09:43 - 2018-08-09 10:03 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-08 10:40 - 2018-08-08 10:42 - 000000000 ____D C:\AdwCleaner
2018-08-06 19:38 - 2018-08-11 07:57 - 000253664 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-08-06 19:38 - 2018-08-11 07:57 - 000114920 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2018-08-06 19:38 - 2018-08-11 07:57 - 000092792 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2018-08-06 19:38 - 2018-08-11 07:57 - 000048360 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2018-08-06 19:38 - 2018-08-06 19:38 - 000191208 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2018-08-06 19:38 - 2018-08-06 19:38 - 000001873 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-08-06 19:38 - 2018-08-06 19:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-08-06 19:38 - 2018-08-06 19:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-08-06 19:38 - 2018-08-06 19:38 - 000000000 ____D C:\Program Files\Malwarebytes
2018-08-06 19:38 - 2018-06-19 14:09 - 000152688 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2018-08-05 19:23 - 2018-08-05 19:23 - 000003870 _____ C:\windows\System32\Tasks\CCleaner Update
2018-08-01 06:13 - 2018-08-01 06:13 - 000001825 _____ C:\Users\DavidParsons\Desktop\HOMM4 Editor.lnk
2018-07-30 13:26 - 2018-08-11 08:17 - 000000000 ____D C:\FRST
2018-07-23 23:53 - 2018-07-23 23:53 - 000001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2018-07-22 03:13 - 2018-06-16 13:07 - 025743872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-07-22 03:13 - 2018-06-16 12:36 - 020286464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-07-22 03:13 - 2018-06-16 11:46 - 015283200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-07-22 03:12 - 2018-06-20 20:58 - 000398376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2018-07-22 03:12 - 2018-06-20 20:00 - 000348824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-07-22 03:12 - 2018-06-16 12:46 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2018-07-22 03:12 - 2018-06-16 12:46 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2018-07-22 03:12 - 2018-06-16 12:33 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-07-22 03:12 - 2018-06-16 12:32 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2018-07-22 03:12 - 2018-06-16 12:31 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-07-22 03:12 - 2018-06-16 12:31 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-07-22 03:12 - 2018-06-16 12:31 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2018-07-22 03:12 - 2018-06-16 12:30 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2018-07-22 03:12 - 2018-06-16 12:27 - 005779968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-07-22 03:12 - 2018-06-16 12:24 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2018-07-22 03:12 - 2018-06-16 12:23 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2018-07-22 03:12 - 2018-06-16 12:20 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-07-22 03:12 - 2018-06-16 12:19 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2018-07-22 03:12 - 2018-06-16 12:19 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-07-22 03:12 - 2018-06-16 12:19 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-07-22 03:12 - 2018-06-16 12:19 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2018-07-22 03:12 - 2018-06-16 12:19 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2018-07-22 03:12 - 2018-06-16 12:12 - 000969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2018-07-22 03:12 - 2018-06-16 12:08 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2018-07-22 03:12 - 2018-06-16 12:06 - 000498176 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-07-22 03:12 - 2018-06-16 12:06 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2018-07-22 03:12 - 2018-06-16 12:05 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2018-07-22 03:12 - 2018-06-16 12:05 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2018-07-22 03:12 - 2018-06-16 12:04 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2018-07-22 03:12 - 2018-06-16 12:02 - 002295296 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-07-22 03:12 - 2018-06-16 12:02 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2018-07-22 03:12 - 2018-06-16 12:02 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2018-07-22 03:12 - 2018-06-16 12:01 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-07-22 03:12 - 2018-06-16 11:59 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2018-07-22 03:12 - 2018-06-16 11:59 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2018-07-22 03:12 - 2018-06-16 11:58 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2018-07-22 03:12 - 2018-06-16 11:57 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2018-07-22 03:12 - 2018-06-16 11:57 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2018-07-22 03:12 - 2018-06-16 11:56 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-07-22 03:12 - 2018-06-16 11:56 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2018-07-22 03:12 - 2018-06-16 11:55 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-07-22 03:12 - 2018-06-16 11:55 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2018-07-22 03:12 - 2018-06-16 11:53 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2018-07-22 03:12 - 2018-06-16 11:47 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2018-07-22 03:12 - 2018-06-16 11:44 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-07-22 03:12 - 2018-06-16 11:42 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-07-22 03:12 - 2018-06-16 11:42 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-07-22 03:12 - 2018-06-16 11:42 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2018-07-22 03:12 - 2018-06-16 11:42 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-07-22 03:12 - 2018-06-16 11:41 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2018-07-22 03:12 - 2018-06-16 11:40 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2018-07-22 03:12 - 2018-06-16 11:39 - 002135552 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-07-22 03:12 - 2018-06-16 11:39 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2018-07-22 03:12 - 2018-06-16 11:38 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2018-07-22 03:12 - 2018-06-16 11:37 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2018-07-22 03:12 - 2018-06-16 11:36 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2018-07-22 03:12 - 2018-06-16 11:34 - 004496384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-07-22 03:12 - 2018-06-16 11:32 - 013680128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-07-22 03:12 - 2018-06-16 11:30 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-07-22 03:12 - 2018-06-16 11:29 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-07-22 03:12 - 2018-06-16 11:28 - 002060288 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-07-22 03:12 - 2018-06-16 11:27 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-07-22 03:12 - 2018-06-16 11:27 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2018-07-22 03:12 - 2018-06-16 11:16 - 001545216 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-07-22 03:12 - 2018-06-16 11:08 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-07-22 03:12 - 2018-06-16 11:05 - 001313792 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-07-22 03:12 - 2018-06-16 11:04 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-07-22 03:12 - 2018-06-16 11:04 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-07-22 03:12 - 2018-06-13 12:23 - 000140992 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-07-22 03:12 - 2018-06-13 12:20 - 014185984 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2018-07-22 03:12 - 2018-06-13 12:19 - 001867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2018-07-22 03:12 - 2018-06-13 12:18 - 000680960 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-07-22 03:12 - 2018-06-13 11:55 - 012880384 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2018-07-22 03:12 - 2018-06-13 11:54 - 001499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2018-07-22 03:12 - 2018-06-13 11:40 - 003226112 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-07-22 03:12 - 2018-06-08 12:27 - 005577408 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-07-22 03:12 - 2018-06-08 12:27 - 000708288 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-07-22 03:12 - 2018-06-08 12:27 - 000262336 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-07-22 03:12 - 2018-06-08 12:27 - 000154816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2018-07-22 03:12 - 2018-06-08 12:27 - 000095424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2018-07-22 03:12 - 2018-06-08 12:23 - 000631640 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2018-07-22 03:12 - 2018-06-08 12:22 - 001665344 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-07-22 03:12 - 2018-06-08 12:21 - 000369664 _____ (Microsoft Corporation) C:\windows\system32\zipfldr.dll
2018-07-22 03:12 - 2018-06-08 12:21 - 000361984 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2018-07-22 03:12 - 2018-06-08 12:21 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2018-07-22 03:12 - 2018-06-08 12:21 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2018-07-22 03:12 - 2018-06-08 12:21 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2018-07-22 03:12 - 2018-06-08 12:21 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 002066432 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 001461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 001211904 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000512000 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000094208 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000026112 _____ (Microsoft Corporation) C:\windows\system32\oleres.dll
2018-07-22 03:12 - 2018-06-08 12:20 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2018-07-22 03:12 - 2018-06-08 12:19 - 000357888 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2018-07-22 03:12 - 2018-06-08 12:19 - 000182272 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2018-07-22 03:12 - 2018-06-08 12:19 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2018-07-22 03:12 - 2018-06-08 12:19 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2018-07-22 03:12 - 2018-06-08 12:19 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2018-07-22 03:12 - 2018-06-08 12:19 - 000008704 _____ (Microsoft Corporation) C:\windows\system32\comcat.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:18 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 12:02 - 004050624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2018-07-22 03:12 - 2018-06-08 12:02 - 003962048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2018-07-22 03:12 - 2018-06-08 11:57 - 001314072 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 001417728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000330240 _____ (Microsoft Corporation) C:\windows\SysWOW64\zipfldr.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleres.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2018-07-22 03:12 - 2018-06-08 11:55 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000269824 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:54 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:44 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2018-07-22 03:12 - 2018-06-08 11:44 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-07-22 03:12 - 2018-06-08 11:44 - 000030208 _____ (Microsoft Corporation) C:\windows\system32\dnscacheugc.exe
2018-07-22 03:12 - 2018-06-08 11:44 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2018-07-22 03:12 - 2018-06-08 11:43 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2018-07-22 03:12 - 2018-06-08 11:39 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2018-07-22 03:12 - 2018-06-08 11:38 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2018-07-22 03:12 - 2018-06-08 11:38 - 000129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys
2018-07-22 03:12 - 2018-06-08 11:34 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2018-07-22 03:12 - 2018-06-08 11:34 - 000159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-07-22 03:12 - 2018-06-08 11:34 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2018-07-22 03:12 - 2018-06-08 11:33 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2018-07-22 03:12 - 2018-06-08 11:33 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2018-07-22 03:12 - 2018-06-08 11:29 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\comcat.dll
2018-07-22 03:12 - 2018-06-08 11:28 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnscacheugc.exe
2018-07-22 03:12 - 2018-06-08 11:27 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2018-07-22 03:12 - 2018-06-08 11:21 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2018-07-22 03:12 - 2018-06-08 11:21 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2018-07-22 03:12 - 2018-06-08 11:21 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2018-07-22 03:12 - 2018-06-08 11:21 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2018-07-22 03:12 - 2018-06-08 11:19 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2018-07-22 03:12 - 2018-06-08 11:19 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:19 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:19 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 11:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-07-22 03:12 - 2018-06-08 09:05 - 002860032 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-07-22 03:12 - 2018-06-08 09:05 - 001602048 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-07-22 03:12 - 2018-06-08 09:05 - 000783872 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-07-22 03:12 - 2018-06-08 09:05 - 000612352 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-07-22 03:12 - 2018-06-08 09:05 - 000470016 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2018-07-22 03:12 - 2018-06-08 09:05 - 000443392 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-07-22 03:12 - 2018-06-08 09:05 - 000301056 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-07-22 03:12 - 2018-06-08 09:05 - 000246272 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-07-22 03:12 - 2018-06-07 12:20 - 000022528 _____ (Microsoft Corporation) C:\windows\system32\wfapigp.dll
2018-07-22 03:12 - 2018-06-07 12:19 - 000828928 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2018-07-22 03:12 - 2018-06-07 12:19 - 000749568 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2018-07-22 03:12 - 2018-06-07 12:19 - 000108544 _____ (Microsoft Corporation) C:\windows\system32\icfupgd.dll
2018-07-22 03:12 - 2018-06-07 11:57 - 000463360 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2018-07-22 03:12 - 2018-06-07 11:49 - 000077312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2018-07-22 03:12 - 2018-06-07 11:34 - 000018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wfapigp.dll
2018-07-22 03:12 - 2018-05-31 12:28 - 001893568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-07-22 03:12 - 2018-05-31 12:28 - 000377024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2018-07-22 03:12 - 2018-05-31 12:28 - 000287936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2018-07-22 03:12 - 2018-05-02 11:32 - 000344064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2018-07-22 03:12 - 2018-05-02 11:32 - 000325632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2018-07-22 03:12 - 2018-05-02 11:32 - 000099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2018-07-22 03:12 - 2018-05-02 11:32 - 000056320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2018-07-22 03:12 - 2018-05-02 11:32 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2018-07-22 03:12 - 2018-05-02 11:32 - 000025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2018-07-22 03:12 - 2018-05-02 11:32 - 000007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2018-07-22 03:12 - 2018-04-26 09:05 - 000998912 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000918296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000065880 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000063832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000021848 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000020824 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000019288 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000018776 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000016216 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000015704 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000015704 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000015192 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000014168 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000014168 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000013656 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000013656 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000013656 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000013152 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012632 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011096 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011096 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011096 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-07-22 03:12 - 2018-04-26 09:05 - 000011096 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-07-22 03:12 - 2018-04-25 12:02 - 000124416 _____ (Microsoft Corporation) C:\windows\system32\wkssvc.dll
2018-07-22 03:12 - 2018-04-25 11:18 - 000115200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-11 08:09 - 2009-07-14 00:45 - 000022304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-11 08:09 - 2009-07-14 00:45 - 000022304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-11 08:04 - 2009-07-14 01:13 - 000848928 _____ C:\windows\system32\PerfStringBackup.INI
2018-08-11 08:04 - 2009-07-13 23:20 - 000000000 ____D C:\windows\inf
2018-08-11 08:01 - 2016-11-02 09:47 - 000000000 __SHD C:\Users\DavidParsons\IntelGraphicsProfiles
2018-08-11 07:57 - 2016-10-27 15:02 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-11 07:57 - 2009-07-14 01:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-08-11 01:11 - 2016-11-02 13:18 - 000000000 ____D C:\Users\DavidParsons\AppData\Roaming\KeePass
2018-08-10 19:18 - 2016-11-03 21:17 - 000000000 ____D C:\Users\DavidParsons\Downloads\Misc
2018-08-10 12:42 - 2016-11-02 17:39 - 000842240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-08-10 12:42 - 2016-11-02 17:39 - 000175104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-10 12:42 - 2016-11-02 17:39 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-08-10 12:42 - 2016-11-02 17:39 - 000000000 ____D C:\windows\system32\Macromed
2018-08-10 12:42 - 2016-11-02 17:39 - 000000000 ____D C:\Users\DavidParsons\AppData\Local\Adobe
2018-08-09 18:38 - 2016-11-02 13:19 - 000084270 _____ C:\Users\DavidParsons\Documents\NewDatabase.kdbx
2018-08-09 13:40 - 2018-06-24 07:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mailbird
2018-08-09 13:39 - 2018-01-11 07:11 - 000000000 ____D C:\Program Files\Common Files\AV
2018-08-09 12:45 - 2018-01-11 06:46 - 000000000 ____D C:\ProgramData\Norton
2018-08-09 12:34 - 2018-01-11 06:46 - 000000000 ____D C:\Users\DavidParsons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2018-08-09 12:16 - 2018-01-11 06:46 - 000000000 ____D C:\Users\Public\Downloads\Norton
2018-08-09 11:45 - 2018-01-11 06:46 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-08-09 11:44 - 2017-05-27 12:49 - 000000000 ____D C:\windows\system32\appmgmt
2018-08-09 10:53 - 2009-07-13 23:20 - 000000000 ____D C:\windows\Registration
2018-08-09 10:02 - 2017-02-21 23:42 - 000000000 ____D C:\Program Files (x86)\MailbirdOld
2018-08-08 16:19 - 2018-02-02 20:53 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 16:19 - 2018-02-02 20:53 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-05 19:34 - 2017-01-30 17:12 - 000000000 ____D C:\Program Files (x86)\Steam
2018-08-05 19:34 - 2016-11-04 01:33 - 000000000 ____D C:\Users\DavidParsons\AppData\Local\CrashDumps
2018-08-05 19:23 - 2017-02-22 13:30 - 000000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-05 19:23 - 2017-02-22 13:30 - 000000000 ____D C:\Program Files\CCleaner
2018-07-26 13:14 - 2018-07-09 16:12 - 000000000 ____D C:\Users\DavidParsons\AppData\Local\User Data
2018-07-25 03:42 - 2017-11-17 21:33 - 000000000 ____D C:\Users\DavidParsons\Documents\Games
2018-07-23 23:53 - 2017-11-24 14:57 - 000001025 _____ C:\Users\Public\Desktop\Notepad++.lnk
2018-07-23 19:10 - 2018-01-22 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-23 19:09 - 2018-01-22 21:31 - 000098680 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2018-07-23 19:09 - 2018-01-22 21:31 - 000000000 ____D C:\Program Files (x86)\Java
2018-07-22 03:20 - 2009-07-14 00:45 - 000302984 _____ C:\windows\system32\FNTCACHE.DAT
2018-07-22 03:18 - 2015-08-13 16:59 - 000000000 ____D C:\windows\system32\appraiser
2018-07-14 05:12 - 2015-01-08 19:55 - 000000000 ____D C:\windows\system32\MRT
2018-07-14 05:09 - 2015-01-08 19:55 - 134675576 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2017-03-11 23:31 - 2017-03-11 23:31 - 000895425 _____ () C:\Users\DavidParsons\AppData\Local\ars.cache
2017-03-11 23:31 - 2017-03-11 23:31 - 000652418 _____ () C:\Users\DavidParsons\AppData\Local\census.cache
2017-03-11 23:21 - 2017-03-11 23:21 - 000000036 _____ () C:\Users\DavidParsons\AppData\Local\housecall.guid.cache
2018-01-20 08:10 - 2018-01-20 08:10 - 000002842 _____ () C:\Users\DavidParsons\AppData\Local\recently-used.xbel
2016-11-02 11:13 - 2016-11-02 11:13 - 000007605 _____ () C:\Users\DavidParsons\AppData\Local\Resmon.ResmonCfg
2017-03-11 23:31 - 2017-03-11 23:31 - 000000010 _____ () C:\Users\DavidParsons\AppData\Local\sponge.last.runtime.cache
 
Some files in TEMP:
====================
2018-08-09 13:47 - 2018-06-08 12:22 - 001665344 _____ (Microsoft Corporation) C:\Users\DavidParsons\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-11 17:37
 
==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by DavidParsons (11-08-2018 08:19:24)
Running from C:\Users\DavidParsons\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-11-02 13:30:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2104879264-961568624-574168726-500 - Administrator - Disabled)
DavidParsons (S-1-5-21-2104879264-961568624-574168726-1001 - Administrator - Enabled) => C:\Users\DavidParsons
DNP (S-1-5-21-2104879264-961568624-574168726-1008 - Limited - Enabled) => C:\Users\DNP.DavidParsons-PC
Guest (S-1-5-21-2104879264-961568624-574168726-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2104879264-961568624-574168726-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Online (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Norton Security Online (Enabled - Up to date) {589C5C7B-A77A-1B8E-C99B-B02AE9B836F0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Online (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Advanced Tactics Gold (HKLM-x32\...\Advanced Tactics Gold2.00c) (Version: 2.21s - Matrix Games)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 375.70 - NVIDIA Corporation) Hidden
Battle Brothers (HKLM-x32\...\1590012242_is1) (Version: 1.1.0.2 - GOG.com)
Battle Worlds - Kronos (HKLM-x32\...\1207660124_is1) (Version: 2.2.0.9 - GOG.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dragon Age - Origins - Ultimate Edition (HKLM-x32\...\1949616134_is1) (Version: 2.1.0.4 - GOG.com)
Eador - Masters of the Broken World (HKLM-x32\...\1207659194_is1) (Version: 2.6.0.26 - GOG.com)
e-Sword (HKLM-x32\...\{1D3D8773-56B9-44F0-ACC6-3DEA462E665F}) (Version: 11.01.0000 - Rick Meyers)
Expeditions - Conquistador (HKLM-x32\...\GOGPACKEXPEDITIONSCONQ_is1) (Version: 2.3.0.14 - GOG.com)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
GOG.com Heroes of Might and Magic 3 (HKLM\...\{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Heroes of Might and Magic 3 Complete (4.0) (HKLM-x32\...\1207658787_is1) (Version: 0.1.1.310 - GOG.com)
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\1207661193_is1) (Version: 2.1.0.24 - GOG.com)
Heroes of Might and Magic V with Hammers of Fate (HKLM-x32\...\1207661143_is1) (Version: 2.1.0.22 - GOG.com)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Network Connections 20.2.3001.0 (HKLM\...\PROSetDX) (Version: 20.2.3001.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.2.42 - Intel Corporation)
IRMG (HKLM-x32\...\{F00F3D18-AD99-4F18-8E6A-295B402FB0FC}) (Version: 1.7.9 - Idan Hollander(Edited by DWP))
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
KeePass Password Safe 2.10 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
Knights of Pen and Paper +1 Edition (HKLM-x32\...\1320675280_is1) (Version: 2.0.0.4 - GOG.com)
Legends of Eisenwald - Road to Iron Forest (HKLM-x32\...\Legends of Eisenwald: Road to Iron Forest_is1) (Version: 2.1.0.4 - GOG.com)
Legends of Eisenwald (HKLM-x32\...\1441229340_is1) (Version: 2.4.0.6 - GOG.com)
Mailbird (HKLM\...\{6AC56348-7669-4FE7-A89D-74500555FBA8}) (Version: 2.5.10 - Mailbird)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Norton Security Online (HKLM-x32\...\NGC) (Version: 22.14.0.54 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.175 - Symantec Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Opus Magnum (HKLM-x32\...\1123993222_is1) (Version: 20180130 - GOG.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7701 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.31.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.31.0 - Adlice Software)
RTMG 1.5.6 (HKLM-x32\...\RTMG Random (Template) Map Generator_is1) (Version: 1.5.6 - SimonaK)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SMPlayer 17.5.0 (HKLM-x32\...\SMPlayer) (Version: 17.5.0 - Ricardo Villalba)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Thea: The Awakening (HKLM-x32\...\1452699415_is1) (Version: 1.20.3919.0 - GOG.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Xenonauts (HKLM-x32\...\1207664803_is1) (Version: 2.3.0.13 - GOG.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-12-31] ()
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.0.54\NavShExt.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.0.54\NavShExt.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2016-10-14] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.0.54\NavShExt.dll [2018-04-03] (Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0049293C-CEBF-473D-9A24-0EEB2D25B314} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Online\Upgrade.exe [2018-04-03] (Symantec Corporation)
Task: {3A466160-7A60-4442-A298-0ECA05C3249C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-08-10] (Adobe Systems Incorporated)
Task: {3FC34E31-C515-446A-B95F-1AD2E592B25E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-02] (Google Inc.)
Task: {49ECC514-51F3-4F8C-9CAD-15F12568912E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {4A11D5F4-BECA-47A3-AE9C-157F094AD6ED} - System32\Tasks\Norton Security with Backup\Norton Security Online Error Analyzer => C:\Program Files\Norton Security\Engine\22.14.0.54\SymErr.exe [2018-04-03] (Symantec Corporation)
Task: {728CB844-8FE7-4689-8E5D-B157A918B3B6} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.14.0.54\WSCStub.exe [2018-04-03] (Symantec Corporation)
Task: {84825A32-AFE6-473D-99A3-D6489FCE80CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-02] (Google Inc.)
Task: {8A74F51B-A8B0-439E-9C0E-0407849B6C80} - System32\Tasks\Norton Security Scan for DavidParsons => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.175\Nss.exe [2018-03-26] (Symantec Corporation)
Task: {8B16C64D-4C44-4FB2-9509-D8789C05913F} - System32\Tasks\Norton Security with Backup\Norton Security Online Error Processor => C:\Program Files\Norton Security\Engine\22.14.0.54\SymErr.exe [2018-04-03] (Symantec Corporation)
Task: {999FF868-9685-43F0-9E95-56745EB0633C} - System32\Tasks\{ECA16769-6376-4584-9A7E-DFC8075C2E3A} => C:\windows\system32\pcalua.exe -a C:\Users\DavidParsons\Downloads\Games\OpenGeneral\InstallOpenGeneral.exe -d C:\Users\DavidParsons\Downloads\Games\OpenGeneral
Task: {B276B639-52D8-4332-A8AC-5B7280BDD17E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\DavidParsons\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-27 15:02 - 2016-06-14 21:14 - 000369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 003613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 000289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-10-27 15:02 - 2016-12-29 09:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-08-06 19:38 - 2018-07-03 12:59 - 002535120 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-08-06 19:38 - 2018-06-18 13:32 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 002667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 001990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 001842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 000208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 000035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 000921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-12-31 21:07 - 2017-12-31 21:07 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-11-02 13:17 - 2010-03-04 15:39 - 000286720 _____ () C:\Program Files (x86)\KeePass Password Safe 2\KeePass.XmlSerializers.dll
2015-10-16 06:14 - 2015-10-16 06:14 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-10-27 15:02 - 2016-06-14 21:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2104879264-961568624-574168726-1001\...\hulu.com -> hxxps://www.hulu.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2017-03-11 21:58 - 000000826 ____N C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2104879264-961568624-574168726-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{4C07D8B2-6F9B-4732-9993-5A4BE854B150}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8D200AE2-07FB-402E-83E1-7AFAE7C17736}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDFB07C8-AA2B-487D-9063-474CBE617708}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{58DEBFBD-D414-47D9-93A3-B3BBDE271B9C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{946D5B29-CC5B-4CEA-A427-0B5F74EC6C4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{70998F83-54C5-4EE3-B716-9F0D0E814FBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C5AD5928-993C-418C-BEE7-C5DF02846E30}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CAAE443B-B579-4D9F-A846-886FAED20BC7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{70320098-45D2-43E5-89CF-554595FEAE7A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0A682E25-9C21-4ECF-8429-C08231924E96}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4F147817-F839-42B9-B980-BCF70D7E634E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9CE97264-40E8-4489-BAF5-696A61342CCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{257F2956-1817-4F61-A009-E30D965AC220}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [TCP Query User{B1BC4E9B-580D-4157-A609-012363D98592}C:\matrix games\advanced tactics gold\update.exe] => (Allow) C:\matrix games\advanced tactics gold\update.exe
FirewallRules: [UDP Query User{C8C08EB0-FB9B-4253-9D3F-063E6C520328}C:\matrix games\advanced tactics gold\update.exe] => (Allow) C:\matrix games\advanced tactics gold\update.exe
FirewallRules: [{D09F8F3E-74C4-41F8-8B2A-8CD523FF5AB8}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\DragonAgeToolset.exe
FirewallRules: [{FF1A5603-3B40-48F3-A9DE-69721EDEFDC7}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\DragonAgeToolset.exe
FirewallRules: [{CC27BAC6-CD6B-4CE3-B362-AA01A9B2D2DF}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\RPU.exe
FirewallRules: [{7FBF1BF1-52FB-4418-B7AD-4A4F7A87CD3B}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\RPU.exe
FirewallRules: [{679B12E1-C8EE-4E54-8583-4EF65FCD7E39}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\lightmapper\eclipseRay.exe
FirewallRules: [{7BD10282-07C5-4BA9-BEC8-A096C29DBEB3}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\lightmapper\eclipseRay.exe
FirewallRules: [{35B5B8C8-7C89-4CB6-B349-4AB5AC2BA235}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\GffEditor.exe
FirewallRules: [{C12152EA-55CE-457E-AD65-77A3ED78FEAD}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\GffEditor.exe
FirewallRules: [{B2B28F80-2174-4A41-9829-899C88FA18F9}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\ErfEditor.exe
FirewallRules: [{14ED6833-238F-428A-AB2C-862B92E9EC44}] => (Allow) C:\GOG Games\Dragon Age Origins\tools\ErfEditor.exe
FirewallRules: [TCP Query User{627CC392-558F-4F82-B38E-7C5B276193F7}C:\windows\syswow64\regsvr32.exe] => (Allow) C:\windows\syswow64\regsvr32.exe
FirewallRules: [UDP Query User{9ECB131C-8265-4F9E-9413-26A0A1B16E9E}C:\windows\syswow64\regsvr32.exe] => (Allow) C:\windows\syswow64\regsvr32.exe
FirewallRules: [TCP Query User{4034B519-6D71-4D0A-A4D7-ED0C34A76210}C:\gog games\dragon age origins\bin_ship\daorigins.exe] => (Allow) C:\gog games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{BC72F25D-2441-4F03-9ACE-329019191C7E}C:\gog games\dragon age origins\bin_ship\daorigins.exe] => (Allow) C:\gog games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [{8FBFBD94-C0A3-4C66-861B-8017C08E262C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Field of Glory II\autorun.exe
FirewallRules: [{1D52D6D4-F7C0-4A0A-B34A-283AF7B90337}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Field of Glory II\autorun.exe
FirewallRules: [{FC1B2934-E0FE-402D-A51B-A1B68F0ED6EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Maker MV\RPGMV.exe
FirewallRules: [{F50BC17F-9BD6-4123-99B8-52249ECC0BBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Maker MV\RPGMV.exe
FirewallRules: [{2560032E-3512-405E-871A-10827196B1E2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EE0F925F-A999-419B-A035-5D23D9398BAA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7F65A623-0D1B-43D6-BCA6-32295B84D2C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E09B52EF-D0A2-4AC6-9601-8EA143C2B049}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E12EF745-3A15-453B-95E2-E4381F527143}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{7696DFBE-2D58-4022-A8B7-4747C91A5815}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{40B9A74E-AE36-44B8-BA42-E84070120740}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
26-02-2018 18:26:15 Windows Update
28-02-2018 20:30:06 Windows Update
16-03-2018 03:23:50 Windows Update
01-04-2018 14:27:37 Windows Update
08-04-2018 07:26:01 Windows Update
14-04-2018 09:37:19 Windows Update
21-04-2018 02:12:37 Windows Update
12-05-2018 04:20:58 Windows Update
17-06-2018 02:43:58 Windows Update
24-06-2018 07:58:17 Installed Mailbird
09-07-2018 05:48:40 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
09-07-2018 05:49:07 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
09-07-2018 05:49:19 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
09-07-2018 05:49:50 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
14-07-2018 05:09:29 Windows Update
22-07-2018 03:13:35 Windows Update
06-08-2018 19:02:24 Restore Point Created by FRST
09-08-2018 11:43:42 Removed Mailbird
09-08-2018 11:44:21 Removed Mailbird
09-08-2018 13:36:01 Removed Mailbird
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/11/2018 07:58:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/10/2018 06:33:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/10/2018 08:59:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/10/2018 01:33:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/09/2018 05:56:22 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/09/2018 05:56:22 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/09/2018 05:56:22 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/09/2018 05:56:22 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
 
System errors:
=============
Error: (08/09/2018 05:56:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/09/2018 05:56:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (08/09/2018 11:42:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Security service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (08/09/2018 10:02:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Security service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (08/08/2018 07:51:37 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.
 
Error: (08/08/2018 10:43:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (BWDATOOLSET) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/08/2018 10:43:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/08/2018 10:43:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Windows Defender:
===================================
Date: 2018-01-12 01:33:38.629
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{DBF64B4E-0362-4921-8E68-BF4DBD8BE86C}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2018-01-12 01:07:14.018
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{B5E6F7C8-DF0C-45C3-993E-3E0B65852E8A}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2018-01-12 01:02:34.871
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{9463AFF2-EC8C-48EE-A344-441440656DC9}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2018-01-12 01:01:11.540
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{E5368119-FD6B-484B-8E54-04A4422AF780}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 17%
Total physical RAM: 16283.55 MB
Available physical RAM: 13434.52 MB
Total Virtual: 32565.27 MB
Available Virtual: 29801.8 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:931.02 GB) (Free:674.9 GB) NTFS
 
\\?\Volume{758274c3-a0fe-11e6-88dd-806e6f6e6963}\ (System) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B075FAC9)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users