Solved Over 60 svchost.exe's, Chrome being very slow, and other oddities

Joe Jimm · May 13, 2018

So for about a week now weird things have been happening. One time my computer completely froze except for my mouse then beeped twice which kind of panicked me into turning off my computer. Right now many random processes are running incredibly slowly. Opening up a video I have on my desktop takes over a minute (with a very strong computer), when I try to open task manager via ctrl+alt+delete I'm stuck for about 30 seconds on "Waiting for security options", opening new pages and browsing in Chrome takes about 15-20 seconds per page when just this morning it's less than a second/instant.

I have even more than this many svchost.exe's (they don't even all fit into this gyazo) [though I checked the origin/folder of all of them and they are all C:\Windows\System32]) https://gyazo.com/50ebe895ac9dd9254c17f326df82cb95

Thinking it was a virus, I ran full scans on Norton and Malwarebytes in and out of safe mode, cleaned up my disk, installed another AV (only temporarily) to run a scan before uninstalling it to see if it could find anything my other two hadn't (idea of some other website). They all come up with nothing, but my computer is never this slow. What should I do?

Broni · May 13, 2018

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Joe Jimm · May 14, 2018

Sorry for the late response, was busy all day.

Joe Jimm · May 14, 2018

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-06 07:44

==================== End of FRST.txt ============================

Joe Jimm · May 14, 2018

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.05.2018
Ran by Saren (13-05-2018 21:27:23)
Running from C:\Users\Saren\Downloads
Windows 10 Home Version 1709 16299.431 (X64) (2018-03-24 13:06:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2557116828-1867652725-2878004429-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2557116828-1867652725-2878004429-503 - Limited - Disabled)
Guest (S-1-5-21-2557116828-1867652725-2878004429-501 - Limited - Disabled)
Saren (S-1-5-21-2557116828-1867652725-2878004429-1001 - Administrator - Enabled) => C:\Users\Saren
WDAGUtilityAccount (S-1-5-21-2557116828-1867652725-2878004429-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Norton Security (Enabled - Up to date) {589C5C7B-A77A-1B8E-C99B-B02AE9B836F0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
Discord (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Discord (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.31 - NVIDIA Corporation) Hidden
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher (HKLM-x32\...\{3ECF91A4-EE22-4A3A-921F-36ECAA04C13D}) (Version: 1.1.147.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.170 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\HearthstoneDeckTracker) (Version: 1.6.5 - HearthSim)
Hearthstone Deck Tracker (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\...\HearthstoneDeckTracker) (Version: 1.6.5 - HearthSim)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 6.0.1.2 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.21 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.9.18.3 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{025C1573-2F1D-46AF-BAB8-594EBF56A889}) (Version: 1.4.11 - HP Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Ready Mode Technology (HKLM\...\{CC3C017C-876D-4A31-A128-593FF92A1FE7}) (Version: 1.1.70.528 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{A9BCF224-9E30-4BFD-8917-2990841F6A87}) (Version: 19.50.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{185db067-38cd-4521-a43e-c39b96ee1389}) (Version: 19.50.1 - Intel Corporation)
IrfanView 4.50 (64-bit) (HKLM\...\IrfanView64) (Version: 4.50 - Irfan Skiljan)
Ironsight version 1 (HKLM-x32\...\Ironsight_is1) (Version: 1 - Aeria Games)
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9226.2114 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Nightbot 0.1.1 (only current user) (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\b66ff3d2-8923-5696-ac2e-977beadfec4e) (Version: 0.1.1 - NightDev, LLC)
Nightbot 0.1.1 (only current user) (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\...\b66ff3d2-8923-5696-ac2e-977beadfec4e) (Version: 0.1.1 - NightDev, LLC)
Norton Security (HKLM-x32\...\NGC) (Version: 22.14.0.54 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 397.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 397.31 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.31 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
OMEN Control (HKLM-x32\...\{AFE5BCE5-46DD-4DFA-9DD9-00F42E15ABD9}) (Version: 1.1.1 - HP)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.18.115 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Smashladder Launcher (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\SmashladderDolphinLauncher) (Version: 1.8.1 - Anther)
Smashladder Launcher (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\...\SmashladderDolphinLauncher) (Version: 1.8.1 - Anther)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 5.7.4731.1 - Hi-Rez Studios)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AAB396C1-4338-4825-BFA1-A085F3C55781}) (Version: 2.19.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{B8B01E04-5393-4902-98E6-0E2787F03C80}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 38.2 - Ubisoft)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.0.54\NavShExt.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.0.54\NavShExt.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-04-21] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.0.54\NavShExt.dll [2018-04-03] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02E88C0F-C8E4-485E-A8D9-9F7C1CDA694C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-29] (Microsoft Corporation)
Task: {0A11F4B2-F012-42AF-9621-23F03B0EC579} - System32\Tasks\HPCeeScheduleForSaren => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {1B35974E-5A55-4956-B6CE-36FEA67AEFC6} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {1BBD55F5-0598-430D-82A0-3DF075758CD6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {24E49FBC-E242-4C73-959A-EA616502EFFA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-04-07] (HP Inc.)
Task: {2E4B8E09-02C0-48D0-B2AE-698A5A9AC159} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.14.0.54\SymErr.exe [2018-04-03] (Symantec Corporation)
Task: {3493CDA0-0935-4C11-A5EF-171CEAF69EE8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {34CD46FA-831C-4673-83A6-3CD6706A8807} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-14] (NVIDIA Corporation)
Task: {34CD533F-231A-41C7-8636-E20604A15ABF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {39812537-D008-4BCB-AF9F-7B755D0089ED} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-23] (Microsoft Corporation)
Task: {39E31861-761A-499A-9897-C1762A008F60} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-04-03] (Symantec Corporation)
Task: {3B6AA60A-1CF0-4764-8E85-2377EFB08549} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {425E9F48-3561-48ED-B57C-A76FC2F0A19E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-23] (Microsoft Corporation)
Task: {43A68353-0F3C-429F-B9C1-7165CB37C6CE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-12] (AVAST Software)
Task: {46908D76-10EC-4A3D-882E-CAAF65F91B67} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-02-18] (Dropbox, Inc.)
Task: {5663D841-BA03-42D2-A401-E6F98B092878} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.14.0.54\SymErr.exe [2018-04-03] (Symantec Corporation)
Task: {63A2E740-1579-4100-BF92-9A8C162AE1AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {67609131-2AE0-46A5-8E13-B2A1F22BC57A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-22] (Google Inc.)
Task: {7F33054B-2FFB-42CC-AB61-4A154E75CDE8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-14] (NVIDIA Corporation)
Task: {86FC755C-397B-4CEE-A114-A08B226BAA3B} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.14.0.54\WSCStub.exe [2018-04-03] (Symantec Corporation)
Task: {8E68A682-DFEA-42BD-98EA-C5929AD71099} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-22] (Google Inc.)
Task: {9013C064-E3C2-4820-8B97-5C183F6482C5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-02-18] (Dropbox, Inc.)
Task: {93B87784-D3C7-40DF-ADFD-81323897D282} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {97DBD4FC-0CC8-4726-BFA1-B4B59CD2B978} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-28] (DropboxOEM)
Task: {A256A2D7-3969-4809-B710-4808E179A1F5} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {AC17AE5E-852B-4898-B990-496B0B5CE543} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-04-29] (Microsoft Corporation)
Task: {B74A2001-7BAB-4F1A-BC3E-E5681B22C45A} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [2017-07-28] ()
Task: {B76334BF-F9CB-4FD4-9DEB-C1B95D845302} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2017-02-02] (HP Inc.)
Task: {B84EDE39-29FC-49E7-9481-F531B98484C1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-14] (NVIDIA Corporation)
Task: {BB6EEACE-E471-4CF7-B21B-D881257141E7} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {D3BC2D77-EF91-4B1E-B474-DD348713C1CE} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-14] (NVIDIA Corporation)
Task: {D5172A49-82BA-4824-B815-F9B59EFE0C24} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.14.0.54\SymErr.exe [2018-04-03] (Symantec Corporation)
Task: {D974D44E-3942-405A-9417-89B944A9C928} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {E4659883-911A-4D2A-9E01-0F54B387DDEC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-04-29] (Microsoft Corporation)
Task: {E5ED5C8D-37A2-4A1E-A169-E27D77678BE7} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-09-21] (Intel(R) Corporation)
Task: {E902F655-6312-4FD7-A505-D25D26CEF902} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {EC76B2A6-8FD0-4181-8A2C-532B14D3C54F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {F54E8A34-6D23-4047-AC01-978A62895D83} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-04-29] (Microsoft Corporation)
Task: {F79D16E2-BA6A-492F-AAED-1BB9840108B3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-29] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSaren.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Joe Jimm · May 14, 2018

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-17 12:26 - 2018-03-14 06:05 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-19 15:09 - 2017-07-19 15:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2018-04-14 18:26 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-14 18:26 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-07-28 11:52 - 2017-07-28 11:52 - 000459680 _____ () C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
2017-11-17 11:12 - 2018-04-29 14:26 - 008939696 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-03-24 14:11 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-24 14:11 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-11 16:09 - 2018-05-09 15:05 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.170\libglesv2.dll
2018-05-11 16:09 - 2018-05-09 15:05 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.170\libegl.dll
2017-09-29 06:41 - 2017-09-29 06:41 - 001909248 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2018-03-24 14:10 - 2018-02-21 17:29 - 001266176 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 002988032 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2017-09-29 06:41 - 2017-09-29 06:41 - 002459648 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.dll
2018-04-06 19:17 - 2018-04-06 19:17 - 002141184 _____ () C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\ffmpeg.dll
2018-05-13 21:22 - 2018-05-13 21:22 - 000280576 _____ () \\?\C:\Users\Saren\AppData\Local\Temp\8C77.tmp.node
2018-05-13 21:22 - 2018-05-13 21:22 - 000132608 _____ () \\?\C:\Users\Saren\AppData\Local\Temp\9E98.tmp.node
2018-05-13 21:22 - 2018-05-13 21:22 - 000132096 _____ () \\?\C:\Users\Saren\AppData\Local\Temp\9EE8.tmp.node
2018-04-06 19:17 - 2018-04-06 19:17 - 002551808 _____ () C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\libglesv2.dll
2018-04-06 19:17 - 2018-04-06 19:17 - 000093184 _____ () C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\libegl.dll
2018-05-13 21:23 - 2018-05-13 21:23 - 000280576 _____ () \\?\C:\Users\Saren\AppData\Local\Temp\DF4A.tmp.node
2017-07-28 19:45 - 2017-07-28 19:45 - 000298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [476]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\sharepoint.com -> hxxps://piercestudent-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\...\sharepoint.com -> hxxps://piercestudent-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 14:03 - 2017-03-18 14:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212243673\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212244023\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Saren\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\albert_bierstadt_-_among_the_sierra_nevada,_california_-_google_art_project.jpg
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\Control Panel\Desktop\\Wallpaper -> C:\Users\Saren\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\albert_bierstadt_-_among_the_sierra_nevada,_california_-_google_art_project.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8BB847DF-239D-4129-BD85-D58F41F98A6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{3DC077A8-BC5A-467F-AD29-C3F2D4F5D3E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{4305F3FD-F2D2-4F5A-8C10-6A11CB77F90B}] => (Allow) LPort=13148
FirewallRules: [{6F156745-EDC2-45CE-A3CE-34CE78C49CD4}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
FirewallRules: [{9212F708-055D-4B38-BA6F-097DE77F1C0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{53CDAB0D-B591-4D95-819B-758FA6F9343F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{44413AF0-608B-46E5-B4C4-837A1FE40169}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{401D3A9F-1A95-46AF-8D16-CF52EB44EF86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{87D89B26-5EBA-4BCD-845D-2529A8382C00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{5793DF2B-B624-4986-A7DC-E66A20721A42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{16D14051-BF39-4C1B-8488-10288F6FC737}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{78B4D071-DA46-4EF9-A414-9894BB6A9A6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed Origins\ACOrigins.exe
FirewallRules: [{DB4D80D1-8008-4F18-8DB2-CC1669DD568D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed Origins\ACOrigins.exe
FirewallRules: [{5D220EA4-EE70-410F-94C8-45050B5210C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{3DAEAA6E-1A00-49AA-BD6C-1C31C6C269F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{FCC402C8-4C23-4E99-A8F8-DF58DA9BF4C1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1EF5C606-7BA4-4B3D-907D-7732AD034E0D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{951670A4-A3F9-408F-ADA4-6B487781158F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{28BBC99B-AB89-4631-B504-847622A4D067}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D36BD423-DA3E-460E-9C89-3AEF74698DD6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A355F7FC-F1F4-428F-8919-7B5733DB5448}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{FCAF5EB8-1A53-4C61-8589-BBF6FA736C1F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{C3D97399-AB6F-4473-9244-546B09370361}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{25938611-BDAE-47C7-8A6E-676BABE52E44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3171666E-DE3B-4680-B7E2-E549064EC937}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{394EDA33-854B-4105-B51F-597921D6CBF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2EAFF2C8-8EB8-4657-95CF-F5FFC7500C95}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{16CFD3EB-9166-4794-862A-DB86E7F68DFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{33F29E0E-1A04-4772-9B7A-E97264AB4025}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{AD24D556-5737-4B27-A82A-65C092DA2EF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B922C2C9-C908-4090-8748-22BA6782D359}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F5396045-0A99-4020-84DD-0E0825AC2BA4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1F8F1D5E-0E7C-49B5-874C-2B0D8F1E5CC9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F19B7E12-8214-400A-A29E-C3FB7101EDC3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{633AA000-1E15-4767-9308-5774522AB479}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B56990B2-E115-4C40-A503-B777FE09D463}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{65839A2B-4CB9-4EA0-8231-EBA07588741E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E41D210D-3B17-4B3A-B687-9E0A36B37B4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB4F0FA2-9F85-427D-BB85-E2FCA6208824}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FB752695-3B8B-4C2A-ABD8-2B3355DB3CFA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{05113ADF-2E29-479B-A000-A9C4D849AD05}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{08473105-CC88-4652-84F0-984EC6B4F077}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{4E8C1934-CB32-4ECC-9470-03CB5936B0B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{EAED5BF9-4D02-4B91-A4FB-B73A77CF71BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{44FD8D8E-86B2-4080-B12A-7F94F19C3384}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{691AFF3A-6617-464D-96A1-296D8329C02D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{212DD625-B5AF-45A9-B0E4-7D88AB089C17}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1F90E10C-6B2E-4423-A708-07B642106F84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{F3886FEF-F5F1-47A2-9E4A-C561A4D5527D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{53847776-44E6-4FC4-9D27-FD86630AFBA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{14A2E7DB-5910-4265-B94D-B98E8F475E69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{B1A59426-5F8C-4C49-9AD3-E6568102F02B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{152AE5DC-2D66-4D93-826B-44A8FC1B8354}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8DA06CDA-7270-46B8-B426-78362FE6971A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{071C44DF-D08B-43DD-A613-77992805F5E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{9011CA8B-1A84-42A8-8B1E-A45449F4F2F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5AE39268-1B2F-4C89-BF91-5AB452E86266}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{16DF2570-DD9F-44EE-8645-D890D4106F78}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{14ACFDDA-44EB-41D5-AF8E-D29BBF720D02}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{9ABEF03E-0DD3-45FF-8E27-D758B92C9E59}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{224312A1-DD74-4AD3-9CAE-503BCCCC6C31}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{2FFB633D-96D9-46B9-8C59-2F5FFB2BEFEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{D340F992-DAFC-4606-9C9D-EAD58C5C96E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{AFC87641-7C09-4BEC-80F8-A35A9AAE8AAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{0901673A-7F77-4AD6-B6D9-8A9DD610774F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{270DC80F-4AF8-44A2-BD02-AFEAEC95074C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

02-05-2018 00:04:53 Windows Update
04-05-2018 20:55:46 Windows Modules Installer
08-05-2018 20:48:56 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2018 09:27:38 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/13/2018 09:25:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/12/2018 10:05:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program svchost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: ac0

Start Time: 01d3ea2005aa97a5

Termination Time: 4294967295

Application Path: C:\Windows\System32\svchost.exe

Report Id: 5a3a4279-a3bc-4c0d-b480-bb4fe21c1e55

Faulting package full name:

Faulting package-relative application ID:

Error: (05/12/2018 09:37:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PowerDVD.exe version 14.0.6.7503 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 7574

Start Time: 01d3ea7388e46abd

Termination Time: 3

Application Path: C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe

Report Id: a79d9649-d068-41eb-a345-38b61d3c991c

Faulting package full name:

Faulting package-relative application ID:

Error: (05/12/2018 04:48:39 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/12/2018 11:58:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5406

Error: (05/12/2018 11:58:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5406

Error: (05/12/2018 11:58:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (05/13/2018 09:26:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (05/13/2018 09:23:37 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0AP91FB)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-0AP91FB\Saren SID (S-1-5-21-2557116828-1867652725-2878004429-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (05/13/2018 09:22:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0AP91FB)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-0AP91FB\Saren SID (S-1-5-21-2557116828-1867652725-2878004429-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/13/2018 09:21:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/13/2018 09:21:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/13/2018 09:20:33 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: Event-ID 14

Error: (05/13/2018 09:20:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:21:46 PM on ‎5/‎12/‎2018 was unexpected.

Error: (05/12/2018 10:02:43 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0AP91FB)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-0AP91FB\Saren SID (S-1-5-21-2557116828-1867652725-2878004429-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================

Date: 2018-05-13 21:27:04.381
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-13 21:27:04.380
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-13 21:26:44.275
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-13 21:26:44.273
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-13 21:26:38.234
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-13 21:26:38.233
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-13 21:25:50.991
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-13 21:25:50.990
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 29%
Total physical RAM: 16319.62 MB
Available physical RAM: 11441.52 MB
Total Virtual: 39871.62 MB
Available Virtual: 33973.01 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:919.04 GB) (Free:446.87 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:11.24 GB) (Free:1.38 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{2e212fc6-d37e-4851-b52d-627b73993935}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
\\?\Volume{8692fd08-285c-4d24-9f31-ecd0bf3c2217}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E198DDBE)

Partition: GPT.

==================== End of Addition.txt ============================

Joe Jimm · May 14, 2018

My first message frst.log says it's pending moderator approval, in case you can't see it

Joe Jimm · May 14, 2018

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018
Ran by Saren (administrator) on DESKTOP-0AP91FB (13-05-2018 21:25:46)
Running from C:\Users\Saren\Downloads
Loaded Profiles: Saren & (Available Profiles: Saren)
Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HPPhoenixCtrl\HPWMISVC.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.0.54\nortonsecurity.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.0.54\nortonsecurity.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
() C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SmashLadder) C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\SmashladderLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SmashLadder) C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\SmashladderLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SmashLadder) C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\SmashladderLauncher.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Saren\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
(AVAST Software) C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
(Microsoft Corporation) C:\Users\Saren\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-07] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [HPMSGSVC] => C:\Program Files (x86)\HP\HPPhoenixCtrl\HPMSGSVC.exe [502032 2016-06-16] (HP Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2018-01-15] (Razer Inc.)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\Run: [Discord] => C:\Users\Saren\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\Run: [com.squirrel.smashladderlauncher.SmashladderLauncher] => C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\Update.exe [1522688 2017-03-23] (GitHub)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\...\Run: [Discord] => C:\Users\Saren\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\...\Run: [com.squirrel.smashladderlauncher.SmashladderLauncher] => C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\Update.exe [1522688 2017-03-23] (GitHub)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{f53b6f4e-58aa-4874-af8f-1600e1544381}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-29] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-04-29] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-29] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-04-29] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-04-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-04-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-22] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default [2018-05-13]
CHR Extension: (Slides) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-18]
CHR Extension: (BetterTTV) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2018-02-22]
CHR Extension: (Docs) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-18]
CHR Extension: (Google Drive) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-18]
CHR Extension: (YouTube) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-18]
CHR Extension: (Adblock Plus) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-04-20]
CHR Extension: (Disable HTML5 Autoplay) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdhoaajjjgckpbkoglidkeendpkolai [2018-02-18]
CHR Extension: (Sheets) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-18]
CHR Extension: (Norton Identity Safe) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2018-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-18]
CHR Extension: (Chrome Media Router) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-04-27] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566440 2018-04-23] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-18] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [610464 2018-01-18] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-03-28] (Hi-Rez Studios) [File not signed]
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HPPhoenixCtrl\HPWMISVC.exe [554768 2016-06-16] (HP Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Corporation)
R2 IRMTService; C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [182896 2016-10-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-09-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.14.0.54\NortonSecurity.exe [328712 2018-04-03] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2016-12-07] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-04-18] (Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-18] (Apple Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\BASHDefs\20180509.001\BHDrvx64.sys [1879632 2018-04-30] (Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\ccSetx64.sys [187544 2018-04-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-03-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-03-24] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20180511.061\IDSvia64.sys [1299024 2018-04-10] (Symantec Corporation)
R3 IntelReadyModeDriver; C:\WINDOWS\System32\drivers\IntelReadyModeDriver.sys [34720 2016-10-13] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-05-12] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-05-13] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-05-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-13] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-05-13] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623040 2018-02-05] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdci.inf_amd64_0e9216e219c27e8d\nvlddmkm.sys [17161872 2018-04-22] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-11-28] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-12] (Realsil Semiconductor Corporation)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [139704 2017-08-19] (Razer, Inc.)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NGCx64\160E000.036\SRTSP64.SYS [835664 2018-04-03] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\SRTSPX64.SYS [49232 2018-04-03] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\160E000.036\SYMEFASI64.SYS [1942096 2018-04-03] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\160E000.036\SymELAM.sys [24608 2018-04-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-04-15] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\Ironx64.SYS [307792 2018-04-03] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NGCx64\160E000.036\SYMNETS.SYS [566936 2018-04-03] (Symantec Corporation)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\wpCtrlDrv.sys [1007592 2018-04-03] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Joe Jimm · May 14, 2018

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-13 21:25 - 2018-05-13 21:26 - 000026142 _____ C:\Users\Saren\Desktop\FRST.txt
2018-05-13 21:25 - 2018-05-13 21:25 - 002404864 _____ (Farbar) C:\Users\Saren\Desktop\FRST64.exe
2018-05-13 21:25 - 2018-05-13 21:25 - 000000000 ____D C:\Users\Saren\Desktop\FRST-OlderVersion
2018-05-13 21:25 - 2018-05-13 21:25 - 000000000 ____D C:\FRST
2018-05-13 21:21 - 2018-05-13 21:21 - 000000000 ___HD C:\ProgramData\temp
2018-05-12 12:18 - 2018-05-12 12:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-05-12 11:10 - 2018-05-12 11:10 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-05-12 10:56 - 2018-05-13 21:22 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-05-12 10:56 - 2018-05-13 21:21 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-05-12 01:46 - 2018-05-13 21:21 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-05-12 01:46 - 2018-05-12 01:47 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-05-12 01:32 - 2018-05-12 01:32 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-05-12 01:31 - 2018-05-12 11:10 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-12 01:29 - 2018-05-12 01:29 - 000000000 ____D C:\WINDOWS\Panther
2018-05-12 01:28 - 2018-05-12 01:29 - 000000000 ____D C:\Users\Saren\AppData\Local\ElevatedDiagnostics
2018-05-11 22:31 - 2018-05-12 01:30 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-05-11 22:30 - 2018-05-12 01:47 - 000465064 _____ C:\WINDOWS\ntbtlog.txt
2018-05-11 21:59 - 2018-05-11 21:59 - 000000056 _____ C:\Users\Saren\Desktop\CPU 20XX Battle #2 - Challonge.url
2018-05-11 19:41 - 2018-05-11 20:39 - 000017837 _____ C:\Users\Saren\Desktop\20xxcte.xlsx
2018-05-08 20:50 - 2018-05-03 00:57 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-08 20:50 - 2018-05-03 00:51 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-08 20:50 - 2018-05-03 00:48 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-08 20:50 - 2018-05-03 00:47 - 008600472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-08 20:50 - 2018-05-03 00:43 - 000373664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-08 20:50 - 2018-05-03 00:38 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-08 20:50 - 2018-05-03 00:37 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-05-08 20:50 - 2018-05-03 00:37 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-05-08 20:50 - 2018-05-03 00:36 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-08 20:50 - 2018-05-03 00:36 - 000437664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-05-08 20:50 - 2018-05-03 00:32 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-05-08 20:50 - 2018-05-02 23:31 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-08 20:50 - 2018-05-02 23:26 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-05-08 20:50 - 2018-05-02 23:19 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-08 20:50 - 2018-05-02 23:18 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-08 20:50 - 2018-05-02 23:18 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-05-08 20:50 - 2018-05-02 23:18 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-05-08 20:50 - 2018-05-02 23:16 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-05-08 20:50 - 2018-05-02 23:16 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-08 20:50 - 2018-05-02 23:16 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-08 20:50 - 2018-05-02 23:16 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-05-08 20:50 - 2018-05-02 23:16 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-08 20:50 - 2018-05-02 23:15 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-08 20:50 - 2018-05-02 23:15 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-05-08 20:50 - 2018-05-02 23:14 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-05-08 20:50 - 2018-05-02 23:13 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-05-08 20:50 - 2018-05-02 23:12 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-05-08 20:50 - 2018-05-02 23:12 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-08 20:50 - 2018-05-02 23:12 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-05-08 20:50 - 2018-05-02 23:11 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 002784256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-08 20:50 - 2018-05-02 23:09 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-08 20:50 - 2018-05-02 23:08 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-08 20:50 - 2018-05-02 23:07 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-08 20:50 - 2018-05-02 23:05 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-05-08 20:50 - 2018-05-02 23:04 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-05-08 20:50 - 2018-05-02 23:02 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-05-08 20:50 - 2018-05-02 23:00 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-08 20:50 - 2018-05-02 23:00 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-05-08 20:50 - 2018-05-02 23:00 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-05-08 20:50 - 2018-05-02 22:59 - 018924544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-08 20:50 - 2018-05-02 22:58 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-08 20:50 - 2018-05-02 22:57 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-08 20:50 - 2018-05-02 22:57 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-08 20:50 - 2018-05-02 22:57 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-05-08 20:50 - 2018-05-02 22:56 - 002677248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-08 20:50 - 2018-05-02 22:56 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-05-08 20:50 - 2018-05-02 22:56 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-05-08 20:50 - 2018-05-02 22:55 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-08 20:50 - 2018-05-02 22:54 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-05-08 20:50 - 2018-05-02 22:53 - 006060544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-08 20:50 - 2018-05-02 22:53 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-08 20:50 - 2018-05-02 22:52 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-08 20:50 - 2018-05-02 22:52 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-08 20:50 - 2018-05-02 22:52 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-08 20:50 - 2018-05-02 22:51 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-08 20:50 - 2018-05-02 22:51 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-08 20:50 - 2018-05-02 22:50 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-08 20:50 - 2018-05-02 22:48 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-05-08 20:50 - 2018-04-15 15:04 - 000779952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-05-08 20:50 - 2018-04-15 15:03 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-05-08 20:50 - 2018-04-15 14:57 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-05-08 20:50 - 2018-04-15 14:51 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-05-08 20:50 - 2018-04-15 14:50 - 001925760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-05-08 20:50 - 2018-04-15 14:49 - 001954056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-05-08 20:50 - 2018-04-15 14:49 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-05-08 20:50 - 2018-04-15 14:48 - 001638424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-08 20:50 - 2018-04-15 14:47 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-05-08 20:50 - 2018-04-15 14:34 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-05-08 20:50 - 2018-04-15 14:33 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-05-08 20:50 - 2018-04-15 14:32 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-05-08 20:50 - 2018-04-15 14:26 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-08 20:50 - 2018-04-15 14:25 - 001430768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-05-08 20:50 - 2018-04-15 13:47 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-05-08 20:50 - 2018-04-15 13:47 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-05-08 20:50 - 2018-04-15 13:47 - 001490856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-05-08 20:50 - 2018-04-15 13:47 - 001433360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-08 20:50 - 2018-04-15 13:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-05-08 20:50 - 2018-04-15 13:47 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-05-08 20:50 - 2018-04-15 13:38 - 001123464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-05-08 20:50 - 2018-04-15 13:34 - 006482664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-08 20:50 - 2018-04-15 13:34 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-05-08 20:50 - 2018-04-15 13:16 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-05-08 20:50 - 2018-04-15 13:15 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-05-08 20:50 - 2018-04-15 13:14 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-05-08 20:50 - 2018-04-15 13:14 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-05-08 20:50 - 2018-04-15 13:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-05-08 20:50 - 2018-04-15 13:14 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-05-08 20:50 - 2018-04-15 13:14 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-05-08 20:50 - 2018-04-15 13:12 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-05-08 20:50 - 2018-04-15 13:12 - 013704704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-05-08 20:50 - 2018-04-15 13:12 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-05-08 20:50 - 2018-04-15 13:10 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-08 20:50 - 2018-04-15 13:10 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-05-08 20:50 - 2018-04-15 13:08 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-08 20:50 - 2018-04-15 13:08 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-08 20:50 - 2018-04-15 13:08 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-05-08 20:50 - 2018-04-15 13:07 - 012689920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-08 20:50 - 2018-04-15 13:07 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-08 20:50 - 2018-04-15 13:07 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-08 20:50 - 2018-04-15 13:07 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2018-05-08 20:50 - 2018-04-15 13:07 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-05-08 20:50 - 2018-04-15 13:07 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-05-08 20:50 - 2018-04-15 13:06 - 011924480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-08 20:50 - 2018-04-15 13:06 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-05-08 20:50 - 2018-04-15 13:06 - 000377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-05-08 20:50 - 2018-04-15 13:05 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-05-08 20:50 - 2018-04-15 13:04 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-08 20:50 - 2018-04-15 13:04 - 002523136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2018-05-08 20:50 - 2018-04-15 13:04 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-08 20:50 - 2018-04-15 13:04 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2018-05-08 20:50 - 2018-04-15 13:04 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-05-08 20:50 - 2018-04-15 13:03 - 004248064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-05-08 20:50 - 2018-04-15 13:03 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-08 20:50 - 2018-04-15 13:03 - 002741248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-05-08 20:50 - 2018-04-15 13:03 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-08 20:50 - 2018-04-15 13:03 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2018-05-08 20:50 - 2018-04-15 13:03 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-05-08 20:50 - 2018-04-15 13:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-05-08 20:50 - 2018-04-15 13:02 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-05-08 20:50 - 2018-04-15 13:02 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-05-08 20:50 - 2018-04-15 13:00 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-05-08 20:49 - 2018-05-03 00:56 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-05-08 20:49 - 2018-05-03 00:56 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-05-08 20:49 - 2018-05-03 00:54 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-05-08 20:49 - 2018-05-03 00:54 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-05-08 20:49 - 2018-05-03 00:53 - 000461216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-08 20:49 - 2018-05-03 00:53 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-05-08 20:49 - 2018-05-03 00:52 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-05-08 20:49 - 2018-05-03 00:52 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-08 20:49 - 2018-05-03 00:52 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-05-08 20:49 - 2018-05-03 00:50 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-08 20:49 - 2018-05-03 00:50 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-05-08 20:49 - 2018-05-03 00:50 - 000423328 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-05-08 20:49 - 2018-05-03 00:50 - 000069536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-05-08 20:49 - 2018-05-03 00:49 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-05-08 20:49 - 2018-05-03 00:48 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-05-08 20:49 - 2018-05-03 00:48 - 000793960 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-08 20:49 - 2018-05-03 00:48 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-05-08 20:49 - 2018-05-03 00:47 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-08 20:49 - 2018-05-03 00:45 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-08 20:49 - 2018-05-03 00:45 - 000711936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-05-08 20:49 - 2018-05-03 00:43 - 000702568 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2018-05-08 20:49 - 2018-05-03 00:41 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-05-08 20:49 - 2018-05-03 00:36 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-08 20:49 - 2018-05-03 00:36 - 000247200 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-05-08 20:49 - 2018-05-03 00:35 - 002472864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-05-08 20:49 - 2018-05-03 00:35 - 000358496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-05-08 20:49 - 2018-05-03 00:34 - 021356824 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-08 20:49 - 2018-05-03 00:34 - 000070864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-05-08 20:49 - 2018-05-02 23:44 - 000595448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2018-05-08 20:49 - 2018-05-02 23:43 - 000594056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-08 20:49 - 2018-05-02 23:39 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-05-08 20:49 - 2018-05-02 23:36 - 025254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-08 20:49 - 2018-05-02 23:31 - 006092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-08 20:49 - 2018-05-02 23:29 - 000285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-05-08 20:49 - 2018-05-02 23:28 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-05-08 20:49 - 2018-05-02 23:25 - 020290248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-08 20:49 - 2018-05-02 23:19 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-05-08 20:49 - 2018-05-02 23:19 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-08 20:49 - 2018-05-02 23:18 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-05-08 20:49 - 2018-05-02 23:17 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-05-08 20:49 - 2018-05-02 23:16 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-08 20:49 - 2018-05-02 23:16 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2018-05-08 20:49 - 2018-05-02 23:16 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-08 20:49 - 2018-05-02 23:16 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-08 20:49 - 2018-05-02 23:16 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-05-08 20:49 - 2018-05-02 23:15 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2018-05-08 20:49 - 2018-05-02 23:14 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-08 20:49 - 2018-05-02 23:14 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-05-08 20:49 - 2018-05-02 23:13 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-05-08 20:49 - 2018-05-02 23:12 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-08 20:49 - 2018-05-02 23:09 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-08 20:49 - 2018-05-02 23:09 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-08 20:49 - 2018-05-02 23:09 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-08 20:49 - 2018-05-02 23:09 - 001344000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-05-08 20:49 - 2018-05-02 23:08 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-08 20:49 - 2018-05-02 23:06 - 003630080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-05-08 20:49 - 2018-05-02 23:05 - 001717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-08 20:49 - 2018-05-02 23:05 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-05-08 20:49 - 2018-05-02 23:03 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-05-08 20:49 - 2018-05-02 23:03 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-05-08 20:49 - 2018-05-02 23:03 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2018-05-08 20:49 - 2018-05-02 22:58 - 006467072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-05-08 20:49 - 2018-05-02 22:57 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll
2018-05-08 20:49 - 2018-05-02 22:57 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll
2018-05-08 20:49 - 2018-05-02 22:57 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-08 20:49 - 2018-05-02 22:57 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-08 20:49 - 2018-05-02 22:53 - 007813120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-08 20:49 - 2018-05-02 22:53 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-08 20:49 - 2018-05-02 22:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-08 20:49 - 2018-05-02 22:49 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-05-08 20:49 - 2018-05-02 22:48 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-08 20:49 - 2018-05-02 22:48 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2018-05-08 20:49 - 2018-05-02 22:47 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-05-08 20:49 - 2018-04-15 15:07 - 001463344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-05-08 20:49 - 2018-04-15 14:49 - 000563632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-05-08 20:49 - 2018-04-15 14:48 - 005859248 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-05-08 20:49 - 2018-04-15 14:38 - 003180720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-05-08 20:49 - 2018-04-15 14:38 - 000979360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-05-08 20:49 - 2018-04-15 14:33 - 001269616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-05-08 20:49 - 2018-04-15 14:32 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-05-08 20:49 - 2018-04-15 14:30 - 002268024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-05-08 20:49 - 2018-04-15 14:29 - 001873944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2018-05-08 20:49 - 2018-04-15 14:29 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-05-08 20:49 - 2018-04-15 14:29 - 000198440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe

Joe Jimm · May 14, 2018

2018-05-08 20:49 - 2018-04-15 14:28 - 000688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-08 20:49 - 2018-04-15 14:26 - 002711176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-05-08 20:49 - 2018-04-15 14:26 - 001506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-05-08 20:49 - 2018-04-15 14:25 - 000661920 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2018-05-08 20:49 - 2018-04-15 14:25 - 000327008 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2018-05-08 20:49 - 2018-04-15 14:25 - 000092032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2018-05-08 20:49 - 2018-04-15 14:24 - 000063656 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2018-05-08 20:49 - 2018-04-15 14:23 - 001101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-05-08 20:49 - 2018-04-15 13:47 - 001323336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-05-08 20:49 - 2018-04-15 13:38 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-05-08 20:49 - 2018-04-15 13:38 - 000444280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-05-08 20:49 - 2018-04-15 13:37 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-05-08 20:49 - 2018-04-15 13:36 - 002386832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-05-08 20:49 - 2018-04-15 13:36 - 001575896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2018-05-08 20:49 - 2018-04-15 13:36 - 000832648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-05-08 20:49 - 2018-04-15 13:36 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-08 20:49 - 2018-04-15 13:35 - 002462704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-05-08 20:49 - 2018-04-15 13:34 - 001456104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-05-08 20:49 - 2018-04-15 13:34 - 001017048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-05-08 20:49 - 2018-04-15 13:34 - 000572312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2018-05-08 20:49 - 2018-04-15 13:34 - 000279472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2018-05-08 20:49 - 2018-04-15 13:34 - 000166408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2018-05-08 20:49 - 2018-04-15 13:34 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2018-05-08 20:49 - 2018-04-15 13:34 - 000052248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2018-05-08 20:49 - 2018-04-15 13:15 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
2018-05-08 20:49 - 2018-04-15 13:14 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-05-08 20:49 - 2018-04-15 13:14 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-05-08 20:49 - 2018-04-15 13:14 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-05-08 20:49 - 2018-04-15 13:14 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-05-08 20:49 - 2018-04-15 13:14 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-05-08 20:49 - 2018-04-15 13:13 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-05-08 20:49 - 2018-04-15 13:13 - 000084992 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-05-08 20:49 - 2018-04-15 13:12 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-05-08 20:49 - 2018-04-15 13:12 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2018-05-08 20:49 - 2018-04-15 13:11 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-05-08 20:49 - 2018-04-15 13:11 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-05-08 20:49 - 2018-04-15 13:11 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-05-08 20:49 - 2018-04-15 13:11 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2018-05-08 20:49 - 2018-04-15 13:11 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2018-05-08 20:49 - 2018-04-15 13:11 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2018-05-08 20:49 - 2018-04-15 13:11 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2018-05-08 20:49 - 2018-04-15 13:11 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 001576960 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2018-05-08 20:49 - 2018-04-15 13:09 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-05-08 20:49 - 2018-04-15 13:09 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-05-08 20:49 - 2018-04-15 13:09 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-05-08 20:49 - 2018-04-15 13:09 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-05-08 20:49 - 2018-04-15 13:09 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2018-05-08 20:49 - 2018-04-15 13:09 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2018-05-08 20:49 - 2018-04-15 13:08 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.Schema.Shell.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 003367936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2018-05-08 20:49 - 2018-04-15 13:06 - 013660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-08 20:49 - 2018-04-15 13:06 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-05-08 20:49 - 2018-04-15 13:06 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-05-08 20:49 - 2018-04-15 13:06 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2018-05-08 20:49 - 2018-04-15 13:06 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2018-05-08 20:49 - 2018-04-15 13:06 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2018-05-08 20:49 - 2018-04-15 13:05 - 004113408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-05-08 20:49 - 2018-04-15 13:05 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2018-05-08 20:49 - 2018-04-15 13:05 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-05-08 20:49 - 2018-04-15 13:05 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-05-08 20:49 - 2018-04-15 13:05 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-05-08 20:49 - 2018-04-15 13:05 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 002490880 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 001236480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000997376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-05-08 20:49 - 2018-04-15 13:04 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 003177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 002976256 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 002814976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 002462208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-05-08 20:49 - 2018-04-15 13:02 - 004814336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-05-08 20:49 - 2018-04-15 13:02 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-05-08 20:49 - 2018-04-15 13:02 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-05-08 20:49 - 2018-04-15 13:01 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-05-08 20:49 - 2018-04-15 13:01 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2018-05-08 20:49 - 2018-04-15 13:01 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-05-08 20:49 - 2018-04-15 13:01 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2018-05-08 20:49 - 2018-04-15 13:01 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-05-08 20:49 - 2018-04-15 13:01 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2018-05-08 20:49 - 2018-04-15 13:00 - 002223616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2018-05-08 20:49 - 2018-04-15 13:00 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2018-05-08 20:49 - 2018-04-15 12:59 - 001332736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2018-05-08 20:49 - 2018-04-15 12:59 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-05-08 20:49 - 2018-04-15 12:58 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2018-05-08 20:49 - 2018-04-15 12:58 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2018-05-08 20:49 - 2017-11-26 06:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-05-07 11:25 - 2018-05-07 11:31 - 000000000 ____D C:\Program Files (x86)\SEGA
2018-05-07 11:08 - 2018-05-07 11:33 - 000002125 _____ C:\Users\Saren\Desktop\RomeTW-BI - Shortcut.lnk
2018-05-07 11:08 - 2018-05-07 11:33 - 000002100 _____ C:\Users\Saren\Desktop\RomeTW - Shortcut.lnk
2018-05-05 21:53 - 2018-05-05 21:53 - 000004088 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-02 13:33 - 2018-05-02 13:34 - 000000000 ____D C:\Users\Saren\AppData\Roaming\The Creative Assembly
2018-05-02 10:59 - 2018-05-02 10:59 - 000164137 _____ C:\Users\Saren\Downloads\Material World Syllabus 2018 (2).pdf
2018-05-02 00:08 - 2018-05-02 00:09 - 000000000 ____D C:\Users\Saren\AppData\Roaming\Apple Computer
2018-05-02 00:08 - 2018-05-02 00:08 - 000000000 ____D C:\Users\Saren\AppData\Local\Apple Computer
2018-05-02 00:08 - 2018-05-02 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-05-02 00:08 - 2018-05-02 00:08 - 000000000 ____D C:\ProgramData\Apple Computer
2018-05-02 00:08 - 2018-05-02 00:08 - 000000000 ____D C:\Program Files\iTunes
2018-05-02 00:08 - 2018-05-02 00:08 - 000000000 ____D C:\Program Files\iPod
2018-05-02 00:07 - 2018-05-02 00:07 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-05-02 00:07 - 2018-05-02 00:07 - 000000000 ____D C:\Users\Saren\AppData\Local\Apple
2018-05-02 00:07 - 2018-05-02 00:07 - 000000000 ____D C:\Program Files\Bonjour
2018-05-02 00:07 - 2018-05-02 00:07 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-05-02 00:07 - 2018-05-02 00:07 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-05-02 00:05 - 2018-05-02 00:07 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-05-02 00:04 - 2018-05-02 00:04 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-04-28 23:44 - 2018-04-28 23:44 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-28 23:44 - 2018-04-22 00:00 - 000132392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-04-28 23:44 - 2018-03-01 19:04 - 000828216 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-04-28 23:44 - 2018-03-01 19:03 - 000960312 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-04-28 23:44 - 2018-03-01 19:03 - 000683832 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-04-28 23:44 - 2018-03-01 19:03 - 000575800 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-04-28 23:42 - 2018-04-22 22:00 - 031274352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 013726184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 011272024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 001562312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 001468616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439731.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 001418800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 001216472 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 001091784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 000627400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 000518160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 040347336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 035251400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 025987920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 004348376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 003759656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 001991216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439731.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 001359160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 001350152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 001157832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 001071312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 001064864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 000905528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 000814544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 000750096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 000653152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 000635384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 000608784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-04-28 23:42 - 2018-04-22 21:58 - 017779880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-04-28 23:42 - 2018-04-22 21:58 - 015191904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-04-28 23:42 - 2018-04-22 21:58 - 004823488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-04-28 23:42 - 2018-04-22 21:58 - 004086224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-04-28 23:42 - 2018-04-11 20:28 - 000046064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-04-28 23:41 - 2018-04-28 23:41 - 000000146 _____ C:\Users\Saren\Desktop\NVIDIA Control Panel - Shortcut.lnk
2018-04-28 23:38 - 2018-05-05 21:53 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-27 23:11 - 2018-05-09 19:50 - 000000826 _____ C:\Users\Saren\Desktop\5.9.lnk
2018-04-27 23:01 - 2018-04-27 23:01 - 005750195 _____ C:\Users\Saren\Downloads\FM-v5.9-BETA-Early (1).7z
2018-04-25 12:31 - 2018-04-25 12:31 - 000164137 _____ C:\Users\Saren\Downloads\Material World Syllabus 2018 (1).pdf
2018-04-23 21:31 - 2018-04-23 21:31 - 005750195 _____ C:\Users\Saren\Downloads\FM-v5.9-BETA-Early.7z
2018-04-22 16:21 - 2018-04-22 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ironsight
2018-04-22 16:12 - 2018-04-22 16:12 - 000000000 ____D C:\AeriaGames
2018-04-22 16:11 - 2018-04-22 16:11 - 000577056 _____ (gamigo AG) C:\Users\Saren\Downloads\Ironsight_US_downloader.exe
2018-04-21 13:47 - 2018-04-21 13:47 - 000006169 _____ C:\Users\Saren\Desktop\New Microsoft Excel Worksheet.xlsx
2018-04-20 15:36 - 2018-04-20 15:36 - 000319801 _____ C:\Users\Saren\Downloads\Sample CocaCola Paper.pdf
2018-04-20 15:36 - 2018-04-20 15:36 - 000054001 _____ C:\Users\Saren\Downloads\Checklist for Coca Cola Paper.pdf
2018-04-20 15:36 - 2018-04-20 15:36 - 000043645 _____ C:\Users\Saren\Downloads\Coca Cola Paper Evaluation Rubric.pdf
2018-04-19 23:35 - 2018-04-19 23:35 - 000043635 _____ C:\Users\Saren\Downloads\CDI Ganon says die! (youtubemp4.to).mp4
2018-04-19 23:30 - 2018-04-19 23:30 - 000257492 _____ C:\Users\Saren\Downloads\CD-i_Ganon.webp
2018-04-19 01:39 - 2018-04-19 01:39 - 000000056 _____ C:\Users\Saren\Desktop\20XX CPU Battle - Challonge.url
2018-04-18 18:29 - 2018-04-18 18:29 - 000035560 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\AppleLowerFilter.sys
2018-04-18 18:29 - 2018-04-18 18:29 - 000020640 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\AppleKmdfFilter.sys
2018-04-16 21:18 - 2018-04-16 21:18 - 000000069 _____ C:\Users\Saren\Desktop\The Lightest and Crispiest Cookie You'll Eat! - YouTube.url
2018-04-16 21:06 - 2018-04-16 21:06 - 000000069 _____ C:\Users\Saren\Desktop\1796 Pound Cakes! - YouTube.url
2018-04-15 23:18 - 2018-04-15 23:18 - 000000069 _____ C:\Users\Saren\Desktop\FIX Forward Head Posture! (Daily Corrective Routine) - YouTube.url
2018-04-15 07:44 - 2018-05-12 11:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2018-04-15 07:39 - 2018-04-15 07:39 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2018-04-15 07:38 - 2018-04-15 07:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-04-14 18:26 - 2018-05-13 21:21 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-14 18:26 - 2018-05-12 01:52 - 000002104 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-14 18:26 - 2018-04-14 18:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-14 18:26 - 2018-04-14 18:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-14 18:26 - 2018-04-14 18:26 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-14 18:26 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-14 18:25 - 2018-04-14 18:25 - 073208032 _____ (Malwarebytes ) C:\Users\Saren\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4720.exe
2018-04-14 18:21 - 2018-04-15 02:53 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2018-04-14 18:21 - 2018-04-14 18:32 - 000000000 ____D C:\Users\Saren\AppData\Local\Bluestacks
2018-04-14 18:20 - 2018-04-14 18:21 - 298116824 _____ (BlueStack Systems Inc.) C:\Users\Saren\Downloads\BlueStacks-Installer_BS3_native_099a130d273a88b68f9b7e954e1eff6a.exe
2018-04-14 14:59 - 2018-04-14 14:59 - 000000118 _____ C:\Users\Saren\Desktop\Bad Melee Podcast Episode 11- Can I Have a Hug- - YouTube.url
2018-04-14 14:59 - 2018-04-14 14:59 - 000000095 _____ C:\Users\Saren\Desktop\Bad Melee Podcast Episode 12- Lost in the SAUS - YouTube.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-13 21:26 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-05-13 21:24 - 2017-11-17 12:26 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-13 21:23 - 2018-04-06 19:17 - 000000000 ____D C:\Users\Saren\AppData\Roaming\Smashladder Launcher
2018-05-13 21:21 - 2018-03-24 05:50 - 000000000 ____D C:\Users\Saren
2018-05-13 21:21 - 2018-02-18 23:08 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-05-13 21:20 - 2018-03-24 06:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-13 21:20 - 2018-03-24 05:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-12 21:34 - 2018-03-01 21:00 - 000000000 ____D C:\Users\Saren\AppData\Roaming\obs-studio
2018-05-12 19:02 - 2018-03-28 17:11 - 000000000 ____D C:\ProgramData\Epic
2018-05-12 17:20 - 2018-03-24 06:01 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{57055B27-E034-4EC3-AD23-FB7150C1BDA3}
2018-05-12 11:41 - 2018-03-24 05:50 - 001377846 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-12 11:34 - 2017-09-29 01:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-12 10:59 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-12 01:42 - 2018-02-18 19:15 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-12 01:42 - 2018-02-18 19:15 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-11 22:18 - 2018-02-18 17:13 - 000000000 ____D C:\Users\Saren\AppData\Local\Battle.net
2018-05-11 16:10 - 2018-02-24 17:02 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-05-11 16:09 - 2018-02-22 19:03 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-11 15:10 - 2018-02-18 16:41 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-11 15:10 - 2018-02-18 16:21 - 000000000 ____D C:\Users\Saren\AppData\Local\CrashDumps
2018-05-11 12:14 - 2018-02-19 21:06 - 000000000 ____D C:\Program Files (x86)\StarCraft II
2018-05-11 12:08 - 2018-02-18 17:12 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-05-10 23:15 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
2018-05-10 20:34 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-10 20:34 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-10 20:28 - 2018-02-18 16:36 - 000000000 ____D C:\Users\Saren\AppData\Roaming\discord
2018-05-10 20:24 - 2018-03-24 13:59 - 000000000 ___RD C:\Users\Saren\3D Objects
2018-05-10 20:24 - 2017-03-17 20:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-10 20:21 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-05-10 20:20 - 2018-03-24 05:46 - 000394592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-10 20:18 - 2018-02-19 22:40 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSaren.job
2018-05-10 20:16 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-05-10 20:16 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-05-10 20:16 - 2017-09-29 06:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-10 20:16 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-05-10 20:16 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-10 20:16 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-05-10 20:16 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-05-10 20:16 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\servicing
2018-05-08 22:44 - 2018-03-24 06:00 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSaren
2018-05-08 20:59 - 2018-02-18 19:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-08 20:57 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-08 20:52 - 2017-09-29 06:42 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-05-08 20:51 - 2017-09-29 06:41 - 000073112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-05-08 20:51 - 2017-09-29 06:41 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-05-08 20:51 - 2017-09-29 06:41 - 000020888 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-05-07 10:46 - 2017-09-29 01:45 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-05-07 10:43 - 2017-11-17 12:26 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-05 21:53 - 2018-03-24 06:01 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-05 21:53 - 2018-03-24 06:01 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-05 21:53 - 2018-03-24 06:01 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-05 21:53 - 2018-03-24 06:01 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-05 21:53 - 2018-03-24 06:01 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-05 21:53 - 2018-03-24 06:01 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-05 21:53 - 2017-11-17 12:26 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-05 21:53 - 2017-11-17 12:25 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-02 00:07 - 2017-11-17 11:08 - 000000000 ____D C:\ProgramData\Apple
2018-05-01 21:39 - 2018-02-19 19:11 - 000000000 ____D C:\Users\Saren\AppData\Roaming\EasyAntiCheat
2018-05-01 20:22 - 2018-03-24 06:01 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2557116828-1867652725-2878004429-1001
2018-05-01 20:22 - 2018-02-18 16:22 - 000002374 _____ C:\Users\Saren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-01 20:22 - 2018-02-18 16:22 - 000000000 ___RD C:\Users\Saren\OneDrive
2018-05-01 20:20 - 2018-02-18 16:36 - 000000000 ____D C:\Users\Saren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2018-05-01 20:19 - 2018-02-18 16:36 - 000000000 ____D C:\Users\Saren\AppData\Local\Discord
2018-05-01 14:25 - 2018-04-12 21:10 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 14:25 - 2018-04-12 21:10 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-29 14:28 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-29 14:27 - 2017-11-17 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-04-29 14:27 - 2017-11-17 11:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-29 12:56 - 2018-02-27 21:51 - 000002578 _____ C:\Users\Saren\Desktop\Hearthstone Deck Tracker.lnk
2018-04-29 12:56 - 2018-02-27 21:51 - 000000000 ____D C:\Users\Saren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2018-04-29 12:56 - 2018-02-27 21:51 - 000000000 ____D C:\Users\Saren\AppData\Local\HearthstoneDeckTracker
2018-04-29 12:55 - 2018-02-18 16:36 - 000000000 ____D C:\Users\Saren\AppData\Local\SquirrelTemp
2018-04-28 23:45 - 2018-04-01 10:19 - 000000000 ____D C:\temp
2018-04-28 23:44 - 2018-02-19 14:35 - 000000000 ____D C:\Users\Saren\AppData\Local\NVIDIA
2018-04-27 23:10 - 2018-02-19 00:03 - 000000000 ____D C:\Users\Saren\Desktop\Melee
2018-04-25 13:48 - 2018-03-24 05:51 - 000000000 ____D C:\Users\Saren\AppData\Local\Packages
2018-04-22 22:03 - 2018-03-24 05:48 - 000553104 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-04-22 22:03 - 2018-03-24 05:48 - 000457776 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-04-22 22:01 - 2018-02-19 14:39 - 017161872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2018-04-22 04:04 - 2018-02-19 14:39 - 000044277 _____ C:\WINDOWS\system32\nvinfo.pb
2018-04-21 23:52 - 2017-11-17 12:26 - 005947328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-04-21 23:52 - 2017-11-17 12:26 - 002612808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-04-21 23:52 - 2017-11-17 12:26 - 001768008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-04-21 23:52 - 2017-11-17 12:26 - 000634304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-04-21 23:52 - 2017-11-17 12:26 - 000451144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-04-21 23:52 - 2017-11-17 12:26 - 000124200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-04-21 23:52 - 2017-11-17 12:26 - 000082880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-04-15 10:53 - 2018-02-19 19:03 - 000000000 ____D C:\Program Files\Common Files\AV
2018-04-15 07:39 - 2018-02-18 16:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-04-15 07:38 - 2018-02-18 16:38 - 000099920 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2018-04-15 07:38 - 2018-02-18 16:38 - 000010364 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2018-04-15 07:38 - 2018-02-18 16:38 - 000002333 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-04-15 07:38 - 2017-09-29 06:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-04-15 02:51 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-04-15 02:51 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-04-15 02:51 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-14 17:15 - 2018-02-19 18:56 - 000000000 ____D C:\Users\Saren\Documents\The Witcher 3

Joe Jimm · May 14, 2018

Sorry, apparently only got half of the frst log. Here is the rest of it

Broni · May 14, 2018

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Joe Jimm · May 14, 2018

RogueKiller V12.12.17.0 (x64) [May 14 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Saren [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 05/14/2018 17:33:04 (Duration : 00:28:46)
Switches : -refid

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] SmashladderLauncher.exe(11948) -- C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\SmashladderLauncher.exe[-] -> Found
[Suspicious.Path] SmashladderLauncher.exe(12372) -- C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\SmashladderLauncher.exe[-] -> Found

¤¤¤ Registry : 14 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2557116828-1867652725-2878004429-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2557116828-1867652725-2878004429-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2557116828-1867652725-2878004429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05132018212245560\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-60WN4A0 +++++
--- User ---
[MBR] 52a26f40db865d5651ad9f357b0c6d39
[BSP] 4e91720a0ed02973cc6689f2bd98e558 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 941099 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1927938048 | Size: 980 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 1929945088 | Size: 11507 MB
User = LL1 ... OK
User = LL2 ... OK

There were two processes I chose not to remove because I recognized them and they usually get flagged but they're fine and it just says it's a unusual place for it to be not anything worse.

Joe Jimm · May 14, 2018

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/14/18
Scan Time: 6:10 PM
Log File: ba63c8dc-57dc-11e8-b1cb-10050146e010.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.5104
License: Premium

-System Information-
OS: Windows 10 (Build 16299.431)
CPU: x64
File System: NTFS
User: DESKTOP-0AP91FB\Saren

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 304982
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

Broni · May 14, 2018

Go on.

Joe Jimm · May 14, 2018

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-14.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-14-2018
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 1

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Not Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Joe Jimm · May 14, 2018

Was just posting them as I was doing them, so couldn't go much faster

Broni · May 14, 2018

Not much there...

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Joe Jimm · May 14, 2018

Alright it's working on those right now. My computer has been running fine the last two days, the days before that not so. However, I haven't done anything to fix it in those times. Plus, on the day that I made these threads it was fine the entire day UNTIL the evening. Around 8pm (PST)+ everything started getting very bad. The first time I encountered this issue it also only showed up at around 10-11pm so that is strange.

Joe Jimm · May 14, 2018

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018
Ran by Saren (administrator) on DESKTOP-0AP91FB (14-05-2018 18:29:58)
Running from C:\Users\Saren\Desktop
Loaded Profiles: Saren (Available Profiles: Saren)
Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HPPhoenixCtrl\HPWMISVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.0.54\nortonsecurity.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.0.54\nortonsecurity.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
() C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(SmashLadder) C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\SmashladderLauncher.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(SmashLadder) C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\SmashladderLauncher.exe
(SmashLadder) C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\SmashladderLauncher.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Saren\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.428_none_1704c21831ffb4a8\TiWorker.exe
(Discord Inc.) C:\Users\Saren\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\Saren\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\Saren\AppData\Local\Discord\app-0.0.301\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-07] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [HPMSGSVC] => C:\Program Files (x86)\HP\HPPhoenixCtrl\HPMSGSVC.exe [502032 2016-06-16] (HP Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2018-01-15] (Razer Inc.)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\Run: [Discord] => C:\Users\Saren\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\Run: [com.squirrel.smashladderlauncher.SmashladderLauncher] => C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\Update.exe [1522688 2017-03-23] (GitHub)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{f53b6f4e-58aa-4874-af8f-1600e1544381}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-29] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-04-29] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-29] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-04-29] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-04-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-04-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-22] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default [2018-05-14]
CHR Extension: (Slides) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-18]
CHR Extension: (BetterTTV) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2018-02-22]
CHR Extension: (Docs) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-18]
CHR Extension: (Google Drive) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-18]
CHR Extension: (YouTube) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-18]
CHR Extension: (Adblock Plus) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-04-20]
CHR Extension: (Disable HTML5 Autoplay) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdhoaajjjgckpbkoglidkeendpkolai [2018-02-18]
CHR Extension: (Sheets) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-18]
CHR Extension: (Norton Identity Safe) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2018-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-18]
CHR Extension: (Chrome Media Router) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-04-27] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566448 2018-04-26] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-18] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [610464 2018-01-18] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-03-28] (Hi-Rez Studios) [File not signed]
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HPPhoenixCtrl\HPWMISVC.exe [554768 2016-06-16] (HP Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Corporation)
R2 IRMTService; C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [182896 2016-10-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-09-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.14.0.54\NortonSecurity.exe [328712 2018-04-03] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2016-12-07] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-04-18] (Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-18] (Apple Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\BASHDefs\20180509.001\BHDrvx64.sys [1879632 2018-04-30] (Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\ccSetx64.sys [187544 2018-04-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-03-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-03-24] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20180514.061\IDSvia64.sys [1299024 2018-05-14] (Symantec Corporation)
R3 IntelReadyModeDriver; C:\WINDOWS\System32\drivers\IntelReadyModeDriver.sys [34720 2016-10-13] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-05-12] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-05-14] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-05-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-14] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-05-14] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623040 2018-02-05] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdci.inf_amd64_0e9216e219c27e8d\nvlddmkm.sys [17161872 2018-04-22] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-11-28] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-12] (Realsil Semiconductor Corporation)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [139704 2017-08-19] (Razer, Inc.)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NGCx64\160E000.036\SRTSP64.SYS [835664 2018-04-03] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\SRTSPX64.SYS [49232 2018-04-03] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\160E000.036\SYMEFASI64.SYS [1942096 2018-04-03] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\160E000.036\SymELAM.sys [24608 2018-04-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-04-15] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\Ironx64.SYS [307792 2018-04-03] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NGCx64\160E000.036\SYMNETS.SYS [566936 2018-04-03] (Symantec Corporation)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\wpCtrlDrv.sys [1007592 2018-04-03] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-14 18:23 - 2018-05-14 18:23 - 000000000 ___HD C:\ProgramData\temp
2018-05-14 18:19 - 2018-05-14 18:22 - 000000000 ____D C:\AdwCleaner
2018-05-14 17:33 - 2018-05-14 17:33 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-05-14 17:32 - 2018-05-14 18:09 - 000000000 ____D C:\ProgramData\RogueKiller
2018-05-14 17:32 - 2018-05-14 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-05-14 17:32 - 2018-05-14 17:32 - 000000000 ____D C:\Program Files\RogueKiller
2018-05-14 17:17 - 2018-05-14 17:17 - 036678264 _____ (Adlice Software ) C:\Users\Saren\Desktop\RogueKiller_setup_ref3.exe
2018-05-14 17:17 - 2018-05-14 17:17 - 007271632 _____ (Malwarebytes) C:\Users\Saren\Desktop\AdwCleaner.exe
2018-05-14 17:16 - 2018-05-14 17:16 - 000000150 _____ C:\Users\Saren\Desktop\Over 60 svchost.exe's, Chrome being very slow, and other oddities - Virus, Trojan, Spyware, and Malware Removal Logs.url
2018-05-14 17:16 - 2018-05-14 17:16 - 000000138 _____ C:\Users\Saren\Desktop\Over 60 svchost.exe's, Chrome being very slow, and other oddities - TechSpot Forums.url
2018-05-14 11:05 - 2018-05-14 11:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-05-13 21:27 - 2018-05-13 21:28 - 000052238 _____ C:\Users\Saren\Desktop\Addition.txt
2018-05-13 21:27 - 2018-05-13 21:28 - 000001153 _____ C:\Users\Saren\Downloads\FRST.txt
2018-05-13 21:25 - 2018-05-14 18:30 - 000023842 _____ C:\Users\Saren\Desktop\FRST.txt
2018-05-13 21:25 - 2018-05-14 18:29 - 000000000 ____D C:\FRST
2018-05-13 21:25 - 2018-05-13 21:25 - 002404864 _____ (Farbar) C:\Users\Saren\Desktop\FRST64.exe
2018-05-13 21:25 - 2018-05-13 21:25 - 000000000 ____D C:\Users\Saren\Desktop\FRST-OlderVersion
2018-05-12 11:10 - 2018-05-12 11:10 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-05-12 10:56 - 2018-05-14 18:23 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-05-12 10:56 - 2018-05-14 18:23 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-05-12 01:46 - 2018-05-14 18:23 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-05-12 01:46 - 2018-05-12 01:47 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-05-12 01:32 - 2018-05-12 01:32 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-05-12 01:31 - 2018-05-12 11:10 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-12 01:29 - 2018-05-12 01:29 - 000000000 ____D C:\WINDOWS\Panther
2018-05-12 01:28 - 2018-05-12 01:29 - 000000000 ____D C:\Users\Saren\AppData\Local\ElevatedDiagnostics
2018-05-11 22:31 - 2018-05-12 01:30 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-05-11 22:30 - 2018-05-12 01:47 - 000465064 _____ C:\WINDOWS\ntbtlog.txt
2018-05-11 21:59 - 2018-05-11 21:59 - 000000056 _____ C:\Users\Saren\Desktop\CPU 20XX Battle #2 - Challonge.url
2018-05-11 19:41 - 2018-05-11 20:39 - 000017837 _____ C:\Users\Saren\Desktop\20xxcte.xlsx
2018-05-08 20:50 - 2018-05-03 00:57 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-08 20:50 - 2018-05-03 00:51 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-08 20:50 - 2018-05-03 00:48 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-08 20:50 - 2018-05-03 00:47 - 008600472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-08 20:50 - 2018-05-03 00:43 - 000373664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-08 20:50 - 2018-05-03 00:38 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-08 20:50 - 2018-05-03 00:37 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-05-08 20:50 - 2018-05-03 00:37 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-05-08 20:50 - 2018-05-03 00:36 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-08 20:50 - 2018-05-03 00:36 - 000437664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-05-08 20:50 - 2018-05-03 00:32 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-05-08 20:50 - 2018-05-02 23:31 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-08 20:50 - 2018-05-02 23:26 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-05-08 20:50 - 2018-05-02 23:19 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-08 20:50 - 2018-05-02 23:18 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-08 20:50 - 2018-05-02 23:18 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-05-08 20:50 - 2018-05-02 23:18 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-05-08 20:50 - 2018-05-02 23:16 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-05-08 20:50 - 2018-05-02 23:16 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-08 20:50 - 2018-05-02 23:16 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-08 20:50 - 2018-05-02 23:16 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-05-08 20:50 - 2018-05-02 23:16 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-08 20:50 - 2018-05-02 23:15 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-08 20:50 - 2018-05-02 23:15 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-05-08 20:50 - 2018-05-02 23:14 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-05-08 20:50 - 2018-05-02 23:13 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-05-08 20:50 - 2018-05-02 23:12 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-05-08 20:50 - 2018-05-02 23:12 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-08 20:50 - 2018-05-02 23:12 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-05-08 20:50 - 2018-05-02 23:11 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 002784256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-08 20:50 - 2018-05-02 23:09 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-08 20:50 - 2018-05-02 23:08 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-08 20:50 - 2018-05-02 23:07 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-08 20:50 - 2018-05-02 23:05 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-05-08 20:50 - 2018-05-02 23:04 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-05-08 20:50 - 2018-05-02 23:02 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-05-08 20:50 - 2018-05-02 23:00 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-08 20:50 - 2018-05-02 23:00 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-05-08 20:50 - 2018-05-02 23:00 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll

Joe Jimm · May 14, 2018

2018-05-08 20:50 - 2018-05-02 22:59 - 018924544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-08 20:50 - 2018-05-02 22:58 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-08 20:50 - 2018-05-02 22:57 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-08 20:50 - 2018-05-02 22:57 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-08 20:50 - 2018-05-02 22:57 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-05-08 20:50 - 2018-05-02 22:56 - 002677248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-08 20:50 - 2018-05-02 22:56 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-05-08 20:50 - 2018-05-02 22:56 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-05-08 20:50 - 2018-05-02 22:55 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-08 20:50 - 2018-05-02 22:54 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-05-08 20:50 - 2018-05-02 22:53 - 006060544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-08 20:50 - 2018-05-02 22:53 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-08 20:50 - 2018-05-02 22:52 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-08 20:50 - 2018-05-02 22:52 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-08 20:50 - 2018-05-02 22:52 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-08 20:50 - 2018-05-02 22:51 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-08 20:50 - 2018-05-02 22:51 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-08 20:50 - 2018-05-02 22:50 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-08 20:50 - 2018-05-02 22:48 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-05-08 20:50 - 2018-04-15 15:04 - 000779952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-05-08 20:50 - 2018-04-15 15:03 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-05-08 20:50 - 2018-04-15 14:57 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-05-08 20:50 - 2018-04-15 14:51 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-05-08 20:50 - 2018-04-15 14:50 - 001925760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-05-08 20:50 - 2018-04-15 14:49 - 001954056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-05-08 20:50 - 2018-04-15 14:49 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-05-08 20:50 - 2018-04-15 14:48 - 001638424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-08 20:50 - 2018-04-15 14:47 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-05-08 20:50 - 2018-04-15 14:34 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-05-08 20:50 - 2018-04-15 14:33 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-05-08 20:50 - 2018-04-15 14:32 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-05-08 20:50 - 2018-04-15 14:26 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-08 20:50 - 2018-04-15 14:25 - 001430768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-05-08 20:50 - 2018-04-15 13:47 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-05-08 20:50 - 2018-04-15 13:47 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-05-08 20:50 - 2018-04-15 13:47 - 001490856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-05-08 20:50 - 2018-04-15 13:47 - 001433360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-08 20:50 - 2018-04-15 13:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-05-08 20:50 - 2018-04-15 13:47 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-05-08 20:50 - 2018-04-15 13:38 - 001123464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-05-08 20:50 - 2018-04-15 13:34 - 006482664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-08 20:50 - 2018-04-15 13:34 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-05-08 20:50 - 2018-04-15 13:16 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-05-08 20:50 - 2018-04-15 13:15 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-05-08 20:50 - 2018-04-15 13:14 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-05-08 20:50 - 2018-04-15 13:14 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-05-08 20:50 - 2018-04-15 13:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-05-08 20:50 - 2018-04-15 13:14 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-05-08 20:50 - 2018-04-15 13:14 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-05-08 20:50 - 2018-04-15 13:12 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-05-08 20:50 - 2018-04-15 13:12 - 013704704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-05-08 20:50 - 2018-04-15 13:12 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-05-08 20:50 - 2018-04-15 13:10 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-08 20:50 - 2018-04-15 13:10 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-05-08 20:50 - 2018-04-15 13:08 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-08 20:50 - 2018-04-15 13:08 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-08 20:50 - 2018-04-15 13:08 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-05-08 20:50 - 2018-04-15 13:07 - 012689920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-08 20:50 - 2018-04-15 13:07 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-08 20:50 - 2018-04-15 13:07 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-08 20:50 - 2018-04-15 13:07 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2018-05-08 20:50 - 2018-04-15 13:07 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-05-08 20:50 - 2018-04-15 13:07 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-05-08 20:50 - 2018-04-15 13:06 - 011924480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-08 20:50 - 2018-04-15 13:06 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-05-08 20:50 - 2018-04-15 13:06 - 000377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-05-08 20:50 - 2018-04-15 13:05 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-05-08 20:50 - 2018-04-15 13:04 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-08 20:50 - 2018-04-15 13:04 - 002523136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2018-05-08 20:50 - 2018-04-15 13:04 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-08 20:50 - 2018-04-15 13:04 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2018-05-08 20:50 - 2018-04-15 13:04 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-05-08 20:50 - 2018-04-15 13:03 - 004248064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-05-08 20:50 - 2018-04-15 13:03 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-08 20:50 - 2018-04-15 13:03 - 002741248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-05-08 20:50 - 2018-04-15 13:03 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-08 20:50 - 2018-04-15 13:03 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2018-05-08 20:50 - 2018-04-15 13:03 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-05-08 20:50 - 2018-04-15 13:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-05-08 20:50 - 2018-04-15 13:02 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-05-08 20:50 - 2018-04-15 13:02 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-05-08 20:50 - 2018-04-15 13:00 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-05-08 20:49 - 2018-05-03 00:56 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-05-08 20:49 - 2018-05-03 00:56 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-05-08 20:49 - 2018-05-03 00:54 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-05-08 20:49 - 2018-05-03 00:54 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-05-08 20:49 - 2018-05-03 00:53 - 000461216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-08 20:49 - 2018-05-03 00:53 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-05-08 20:49 - 2018-05-03 00:52 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-05-08 20:49 - 2018-05-03 00:52 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-08 20:49 - 2018-05-03 00:52 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-05-08 20:49 - 2018-05-03 00:50 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-08 20:49 - 2018-05-03 00:50 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-05-08 20:49 - 2018-05-03 00:50 - 000423328 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-05-08 20:49 - 2018-05-03 00:50 - 000069536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-05-08 20:49 - 2018-05-03 00:49 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-05-08 20:49 - 2018-05-03 00:48 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-05-08 20:49 - 2018-05-03 00:48 - 000793960 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-08 20:49 - 2018-05-03 00:48 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-05-08 20:49 - 2018-05-03 00:47 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-08 20:49 - 2018-05-03 00:45 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-08 20:49 - 2018-05-03 00:45 - 000711936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-05-08 20:49 - 2018-05-03 00:43 - 000702568 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2018-05-08 20:49 - 2018-05-03 00:41 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-05-08 20:49 - 2018-05-03 00:36 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-08 20:49 - 2018-05-03 00:36 - 000247200 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-05-08 20:49 - 2018-05-03 00:35 - 002472864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-05-08 20:49 - 2018-05-03 00:35 - 000358496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-05-08 20:49 - 2018-05-03 00:34 - 021356824 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-08 20:49 - 2018-05-03 00:34 - 000070864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-05-08 20:49 - 2018-05-02 23:44 - 000595448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2018-05-08 20:49 - 2018-05-02 23:43 - 000594056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-08 20:49 - 2018-05-02 23:39 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-05-08 20:49 - 2018-05-02 23:36 - 025254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-08 20:49 - 2018-05-02 23:31 - 006092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-08 20:49 - 2018-05-02 23:29 - 000285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-05-08 20:49 - 2018-05-02 23:28 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-05-08 20:49 - 2018-05-02 23:25 - 020290248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-08 20:49 - 2018-05-02 23:19 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-05-08 20:49 - 2018-05-02 23:19 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-08 20:49 - 2018-05-02 23:18 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-05-08 20:49 - 2018-05-02 23:17 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-05-08 20:49 - 2018-05-02 23:16 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-08 20:49 - 2018-05-02 23:16 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2018-05-08 20:49 - 2018-05-02 23:16 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-08 20:49 - 2018-05-02 23:16 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-08 20:49 - 2018-05-02 23:16 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-05-08 20:49 - 2018-05-02 23:15 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2018-05-08 20:49 - 2018-05-02 23:14 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-08 20:49 - 2018-05-02 23:14 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-05-08 20:49 - 2018-05-02 23:13 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-05-08 20:49 - 2018-05-02 23:12 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-08 20:49 - 2018-05-02 23:09 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-08 20:49 - 2018-05-02 23:09 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-08 20:49 - 2018-05-02 23:09 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-08 20:49 - 2018-05-02 23:09 - 001344000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-05-08 20:49 - 2018-05-02 23:08 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-08 20:49 - 2018-05-02 23:06 - 003630080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-05-08 20:49 - 2018-05-02 23:05 - 001717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-08 20:49 - 2018-05-02 23:05 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-05-08 20:49 - 2018-05-02 23:03 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-05-08 20:49 - 2018-05-02 23:03 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-05-08 20:49 - 2018-05-02 23:03 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2018-05-08 20:49 - 2018-05-02 22:58 - 006467072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-05-08 20:49 - 2018-05-02 22:57 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll
2018-05-08 20:49 - 2018-05-02 22:57 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll
2018-05-08 20:49 - 2018-05-02 22:57 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-08 20:49 - 2018-05-02 22:57 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-08 20:49 - 2018-05-02 22:53 - 007813120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-08 20:49 - 2018-05-02 22:53 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-08 20:49 - 2018-05-02 22:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-08 20:49 - 2018-05-02 22:49 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-05-08 20:49 - 2018-05-02 22:48 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-08 20:49 - 2018-05-02 22:48 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2018-05-08 20:49 - 2018-05-02 22:47 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-05-08 20:49 - 2018-04-15 15:07 - 001463344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-05-08 20:49 - 2018-04-15 14:49 - 000563632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-05-08 20:49 - 2018-04-15 14:48 - 005859248 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-05-08 20:49 - 2018-04-15 14:38 - 003180720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-05-08 20:49 - 2018-04-15 14:38 - 000979360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-05-08 20:49 - 2018-04-15 14:33 - 001269616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-05-08 20:49 - 2018-04-15 14:32 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-05-08 20:49 - 2018-04-15 14:30 - 002268024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-05-08 20:49 - 2018-04-15 14:29 - 001873944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2018-05-08 20:49 - 2018-04-15 14:29 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-05-08 20:49 - 2018-04-15 14:29 - 000198440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2018-05-08 20:49 - 2018-04-15 14:28 - 000688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-08 20:49 - 2018-04-15 14:26 - 002711176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-05-08 20:49 - 2018-04-15 14:26 - 001506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-05-08 20:49 - 2018-04-15 14:25 - 000661920 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2018-05-08 20:49 - 2018-04-15 14:25 - 000327008 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2018-05-08 20:49 - 2018-04-15 14:25 - 000092032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2018-05-08 20:49 - 2018-04-15 14:24 - 000063656 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2018-05-08 20:49 - 2018-04-15 14:23 - 001101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-05-08 20:49 - 2018-04-15 13:47 - 001323336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-05-08 20:49 - 2018-04-15 13:38 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-05-08 20:49 - 2018-04-15 13:38 - 000444280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-05-08 20:49 - 2018-04-15 13:37 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-05-08 20:49 - 2018-04-15 13:36 - 002386832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-05-08 20:49 - 2018-04-15 13:36 - 001575896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2018-05-08 20:49 - 2018-04-15 13:36 - 000832648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-05-08 20:49 - 2018-04-15 13:36 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-08 20:49 - 2018-04-15 13:35 - 002462704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-05-08 20:49 - 2018-04-15 13:34 - 001456104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-05-08 20:49 - 2018-04-15 13:34 - 001017048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-05-08 20:49 - 2018-04-15 13:34 - 000572312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2018-05-08 20:49 - 2018-04-15 13:34 - 000279472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2018-05-08 20:49 - 2018-04-15 13:34 - 000166408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2018-05-08 20:49 - 2018-04-15 13:34 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2018-05-08 20:49 - 2018-04-15 13:34 - 000052248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2018-05-08 20:49 - 2018-04-15 13:15 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
2018-05-08 20:49 - 2018-04-15 13:14 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-05-08 20:49 - 2018-04-15 13:14 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-05-08 20:49 - 2018-04-15 13:14 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-05-08 20:49 - 2018-04-15 13:14 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-05-08 20:49 - 2018-04-15 13:14 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-05-08 20:49 - 2018-04-15 13:13 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-05-08 20:49 - 2018-04-15 13:13 - 000084992 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-05-08 20:49 - 2018-04-15 13:12 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-05-08 20:49 - 2018-04-15 13:12 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2018-05-08 20:49 - 2018-04-15 13:11 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-05-08 20:49 - 2018-04-15 13:11 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-05-08 20:49 - 2018-04-15 13:11 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-05-08 20:49 - 2018-04-15 13:11 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2018-05-08 20:49 - 2018-04-15 13:11 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2018-05-08 20:49 - 2018-04-15 13:11 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2018-05-08 20:49 - 2018-04-15 13:11 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2018-05-08 20:49 - 2018-04-15 13:11 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 001576960 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2018-05-08 20:49 - 2018-04-15 13:10 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2018-05-08 20:49 - 2018-04-15 13:09 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-05-08 20:49 - 2018-04-15 13:09 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-05-08 20:49 - 2018-04-15 13:09 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-05-08 20:49 - 2018-04-15 13:09 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-05-08 20:49 - 2018-04-15 13:09 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2018-05-08 20:49 - 2018-04-15 13:09 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2018-05-08 20:49 - 2018-04-15 13:08 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.Schema.Shell.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-05-08 20:49 - 2018-04-15 13:08 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 003367936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2018-05-08 20:49 - 2018-04-15 13:07 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2018-05-08 20:49 - 2018-04-15 13:06 - 013660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-08 20:49 - 2018-04-15 13:06 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-05-08 20:49 - 2018-04-15 13:06 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-05-08 20:49 - 2018-04-15 13:06 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2018-05-08 20:49 - 2018-04-15 13:06 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2018-05-08 20:49 - 2018-04-15 13:06 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2018-05-08 20:49 - 2018-04-15 13:05 - 004113408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-05-08 20:49 - 2018-04-15 13:05 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2018-05-08 20:49 - 2018-04-15 13:05 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-05-08 20:49 - 2018-04-15 13:05 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-05-08 20:49 - 2018-04-15 13:05 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-05-08 20:49 - 2018-04-15 13:05 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 002490880 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 001236480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000997376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-05-08 20:49 - 2018-04-15 13:04 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-05-08 20:49 - 2018-04-15 13:04 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 003177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

Joe Jimm · May 14, 2018

2018-05-08 20:49 - 2018-04-15 13:03 - 002976256 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 002814976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 002462208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2018-05-08 20:49 - 2018-04-15 13:03 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-05-08 20:49 - 2018-04-15 13:02 - 004814336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-05-08 20:49 - 2018-04-15 13:02 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-05-08 20:49 - 2018-04-15 13:02 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-05-08 20:49 - 2018-04-15 13:01 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-05-08 20:49 - 2018-04-15 13:01 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2018-05-08 20:49 - 2018-04-15 13:01 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-05-08 20:49 - 2018-04-15 13:01 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2018-05-08 20:49 - 2018-04-15 13:01 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-05-08 20:49 - 2018-04-15 13:01 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2018-05-08 20:49 - 2018-04-15 13:00 - 002223616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2018-05-08 20:49 - 2018-04-15 13:00 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-05-08 20:49 - 2018-04-15 13:00 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2018-05-08 20:49 - 2018-04-15 12:59 - 001332736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2018-05-08 20:49 - 2018-04-15 12:59 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-05-08 20:49 - 2018-04-15 12:58 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2018-05-08 20:49 - 2018-04-15 12:58 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2018-05-08 20:49 - 2017-11-26 06:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-05-07 11:25 - 2018-05-07 11:31 - 000000000 ____D C:\Program Files (x86)\SEGA
2018-05-07 11:08 - 2018-05-07 11:33 - 000002125 _____ C:\Users\Saren\Desktop\RomeTW-BI - Shortcut.lnk
2018-05-07 11:08 - 2018-05-07 11:33 - 000002100 _____ C:\Users\Saren\Desktop\RomeTW - Shortcut.lnk
2018-05-05 21:53 - 2018-05-05 21:53 - 000004088 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-02 13:33 - 2018-05-14 11:26 - 000000000 ____D C:\Users\Saren\AppData\Roaming\The Creative Assembly
2018-05-02 10:59 - 2018-05-02 10:59 - 000164137 _____ C:\Users\Saren\Downloads\Material World Syllabus 2018 (2).pdf
2018-05-02 00:08 - 2018-05-02 00:09 - 000000000 ____D C:\Users\Saren\AppData\Roaming\Apple Computer
2018-05-02 00:08 - 2018-05-02 00:08 - 000000000 ____D C:\Users\Saren\AppData\Local\Apple Computer
2018-05-02 00:08 - 2018-05-02 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-05-02 00:08 - 2018-05-02 00:08 - 000000000 ____D C:\ProgramData\Apple Computer
2018-05-02 00:08 - 2018-05-02 00:08 - 000000000 ____D C:\Program Files\iTunes
2018-05-02 00:08 - 2018-05-02 00:08 - 000000000 ____D C:\Program Files\iPod
2018-05-02 00:07 - 2018-05-02 00:07 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-05-02 00:07 - 2018-05-02 00:07 - 000000000 ____D C:\Users\Saren\AppData\Local\Apple
2018-05-02 00:07 - 2018-05-02 00:07 - 000000000 ____D C:\Program Files\Bonjour
2018-05-02 00:07 - 2018-05-02 00:07 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-05-02 00:07 - 2018-05-02 00:07 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-05-02 00:05 - 2018-05-02 00:07 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-05-02 00:04 - 2018-05-02 00:04 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-04-28 23:44 - 2018-04-28 23:44 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-28 23:44 - 2018-04-22 00:00 - 000132392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-04-28 23:44 - 2018-03-01 19:04 - 000828216 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-04-28 23:44 - 2018-03-01 19:03 - 000960312 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-04-28 23:44 - 2018-03-01 19:03 - 000683832 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-04-28 23:44 - 2018-03-01 19:03 - 000575800 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-04-28 23:42 - 2018-04-22 22:00 - 031274352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 013726184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 011272024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 001562312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 001468616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439731.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 001418800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 001216472 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 001091784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 000627400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-04-28 23:42 - 2018-04-22 22:00 - 000518160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 040347336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 035251400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 025987920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 004348376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 003759656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 001991216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439731.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 001359160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 001350152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 001157832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 001071312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 001064864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 000905528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 000814544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 000750096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 000653152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 000635384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-04-28 23:42 - 2018-04-22 21:59 - 000608784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-04-28 23:42 - 2018-04-22 21:58 - 017779880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-04-28 23:42 - 2018-04-22 21:58 - 015191904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-04-28 23:42 - 2018-04-22 21:58 - 004823488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-04-28 23:42 - 2018-04-22 21:58 - 004086224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-04-28 23:42 - 2018-04-11 20:28 - 000046064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-04-28 23:41 - 2018-04-28 23:41 - 000000146 _____ C:\Users\Saren\Desktop\NVIDIA Control Panel - Shortcut.lnk
2018-04-28 23:38 - 2018-05-05 21:53 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-27 23:11 - 2018-05-09 19:50 - 000000826 _____ C:\Users\Saren\Desktop\5.9.lnk
2018-04-27 23:01 - 2018-04-27 23:01 - 005750195 _____ C:\Users\Saren\Downloads\FM-v5.9-BETA-Early (1).7z
2018-04-25 12:31 - 2018-04-25 12:31 - 000164137 _____ C:\Users\Saren\Downloads\Material World Syllabus 2018 (1).pdf
2018-04-23 21:31 - 2018-04-23 21:31 - 005750195 _____ C:\Users\Saren\Downloads\FM-v5.9-BETA-Early.7z
2018-04-22 16:21 - 2018-04-22 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ironsight
2018-04-22 16:12 - 2018-04-22 16:12 - 000000000 ____D C:\AeriaGames
2018-04-22 16:11 - 2018-04-22 16:11 - 000577056 _____ (gamigo AG) C:\Users\Saren\Downloads\Ironsight_US_downloader.exe
2018-04-21 13:47 - 2018-04-21 13:47 - 000006169 _____ C:\Users\Saren\Desktop\New Microsoft Excel Worksheet.xlsx
2018-04-20 15:36 - 2018-04-20 15:36 - 000319801 _____ C:\Users\Saren\Downloads\Sample CocaCola Paper.pdf
2018-04-20 15:36 - 2018-04-20 15:36 - 000054001 _____ C:\Users\Saren\Downloads\Checklist for Coca Cola Paper.pdf
2018-04-20 15:36 - 2018-04-20 15:36 - 000043645 _____ C:\Users\Saren\Downloads\Coca Cola Paper Evaluation Rubric.pdf
2018-04-19 23:35 - 2018-04-19 23:35 - 000043635 _____ C:\Users\Saren\Downloads\CDI Ganon says die! (youtubemp4.to).mp4
2018-04-19 23:30 - 2018-04-19 23:30 - 000257492 _____ C:\Users\Saren\Downloads\CD-i_Ganon.webp
2018-04-19 01:39 - 2018-04-19 01:39 - 000000056 _____ C:\Users\Saren\Desktop\20XX CPU Battle - Challonge.url
2018-04-18 18:29 - 2018-04-18 18:29 - 000035560 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\AppleLowerFilter.sys
2018-04-18 18:29 - 2018-04-18 18:29 - 000020640 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\AppleKmdfFilter.sys
2018-04-16 21:18 - 2018-04-16 21:18 - 000000069 _____ C:\Users\Saren\Desktop\The Lightest and Crispiest Cookie You'll Eat! - YouTube.url
2018-04-16 21:06 - 2018-04-16 21:06 - 000000069 _____ C:\Users\Saren\Desktop\1796 Pound Cakes! - YouTube.url
2018-04-15 23:18 - 2018-04-15 23:18 - 000000069 _____ C:\Users\Saren\Desktop\FIX Forward Head Posture! (Daily Corrective Routine) - YouTube.url
2018-04-15 07:44 - 2018-05-13 21:28 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2018-04-15 07:39 - 2018-04-15 07:39 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2018-04-15 07:38 - 2018-04-15 07:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-04-14 18:26 - 2018-05-14 18:23 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-14 18:26 - 2018-05-12 01:52 - 000002104 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-14 18:26 - 2018-04-14 18:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-14 18:26 - 2018-04-14 18:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-14 18:26 - 2018-04-14 18:26 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-14 18:26 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-14 18:25 - 2018-04-14 18:25 - 073208032 _____ (Malwarebytes ) C:\Users\Saren\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4720.exe
2018-04-14 18:21 - 2018-04-15 02:53 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2018-04-14 18:21 - 2018-04-14 18:32 - 000000000 ____D C:\Users\Saren\AppData\Local\Bluestacks
2018-04-14 18:20 - 2018-04-14 18:21 - 298116824 _____ (BlueStack Systems Inc.) C:\Users\Saren\Downloads\BlueStacks-Installer_BS3_native_099a130d273a88b68f9b7e954e1eff6a.exe
2018-04-14 14:59 - 2018-04-14 14:59 - 000000118 _____ C:\Users\Saren\Desktop\Bad Melee Podcast Episode 11- Can I Have a Hug- - YouTube.url
2018-04-14 14:59 - 2018-04-14 14:59 - 000000095 _____ C:\Users\Saren\Desktop\Bad Melee Podcast Episode 12- Lost in the SAUS - YouTube.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-14 18:29 - 2018-03-24 05:50 - 001413946 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-14 18:29 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-14 18:27 - 2017-09-29 01:45 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-05-14 18:25 - 2017-11-17 12:26 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-14 18:24 - 2018-04-06 19:17 - 000000000 ____D C:\Users\Saren\AppData\Roaming\Smashladder Launcher
2018-05-14 18:23 - 2018-03-24 06:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-14 18:23 - 2018-02-19 22:40 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSaren.job
2018-05-14 18:23 - 2018-02-18 23:08 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-05-14 18:22 - 2018-03-24 05:50 - 000000000 ____D C:\Users\Saren
2018-05-14 18:22 - 2017-09-29 01:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-14 17:40 - 2018-03-24 05:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-14 16:44 - 2018-03-24 06:01 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{57055B27-E034-4EC3-AD23-FB7150C1BDA3}
2018-05-14 14:58 - 2018-03-01 21:00 - 000000000 ____D C:\Users\Saren\AppData\Roaming\obs-studio
2018-05-14 12:30 - 2018-02-18 16:41 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-14 10:39 - 2018-03-24 06:00 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSaren
2018-05-13 21:32 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-13 21:31 - 2017-11-17 11:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-13 21:28 - 2018-02-18 16:36 - 000000000 ____D C:\Users\Saren\AppData\Roaming\discord
2018-05-13 21:27 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-05-12 19:02 - 2018-03-28 17:11 - 000000000 ____D C:\ProgramData\Epic
2018-05-12 10:59 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-12 01:42 - 2018-02-18 19:15 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-12 01:42 - 2018-02-18 19:15 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-11 22:18 - 2018-02-18 17:13 - 000000000 ____D C:\Users\Saren\AppData\Local\Battle.net
2018-05-11 16:10 - 2018-02-24 17:02 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-05-11 16:09 - 2018-02-22 19:03 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-11 15:10 - 2018-02-18 16:21 - 000000000 ____D C:\Users\Saren\AppData\Local\CrashDumps
2018-05-11 12:14 - 2018-02-19 21:06 - 000000000 ____D C:\Program Files (x86)\StarCraft II
2018-05-11 12:08 - 2018-02-18 17:12 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-05-10 23:15 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
2018-05-10 20:34 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-10 20:24 - 2018-03-24 13:59 - 000000000 ___RD C:\Users\Saren\3D Objects
2018-05-10 20:24 - 2017-03-17 20:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-10 20:21 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-05-10 20:20 - 2018-03-24 05:46 - 000394592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-10 20:16 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-05-10 20:16 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-05-10 20:16 - 2017-09-29 06:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-10 20:16 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-05-10 20:16 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-10 20:16 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-05-10 20:16 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-05-10 20:16 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\servicing
2018-05-08 20:59 - 2018-02-18 19:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-08 20:57 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-08 20:52 - 2017-09-29 06:42 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-05-08 20:51 - 2017-09-29 06:41 - 000073112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-05-08 20:51 - 2017-09-29 06:41 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-05-08 20:51 - 2017-09-29 06:41 - 000020888 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-05-07 10:43 - 2017-11-17 12:26 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-05 21:53 - 2018-03-24 06:01 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-05 21:53 - 2018-03-24 06:01 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-05 21:53 - 2018-03-24 06:01 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-05 21:53 - 2018-03-24 06:01 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-05 21:53 - 2018-03-24 06:01 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-05 21:53 - 2018-03-24 06:01 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-05 21:53 - 2017-11-17 12:26 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-05 21:53 - 2017-11-17 12:25 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-02 00:07 - 2017-11-17 11:08 - 000000000 ____D C:\ProgramData\Apple
2018-05-01 21:39 - 2018-02-19 19:11 - 000000000 ____D C:\Users\Saren\AppData\Roaming\EasyAntiCheat
2018-05-01 20:22 - 2018-03-24 06:01 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2557116828-1867652725-2878004429-1001
2018-05-01 20:22 - 2018-02-18 16:22 - 000002374 _____ C:\Users\Saren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-01 20:22 - 2018-02-18 16:22 - 000000000 ___RD C:\Users\Saren\OneDrive
2018-05-01 20:20 - 2018-02-18 16:36 - 000000000 ____D C:\Users\Saren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2018-05-01 20:19 - 2018-02-18 16:36 - 000000000 ____D C:\Users\Saren\AppData\Local\Discord
2018-05-01 14:25 - 2018-04-12 21:10 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 14:25 - 2018-04-12 21:10 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-29 14:27 - 2017-11-17 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-04-29 12:56 - 2018-02-27 21:51 - 000002578 _____ C:\Users\Saren\Desktop\Hearthstone Deck Tracker.lnk
2018-04-29 12:56 - 2018-02-27 21:51 - 000000000 ____D C:\Users\Saren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2018-04-29 12:56 - 2018-02-27 21:51 - 000000000 ____D C:\Users\Saren\AppData\Local\HearthstoneDeckTracker
2018-04-29 12:55 - 2018-02-18 16:36 - 000000000 ____D C:\Users\Saren\AppData\Local\SquirrelTemp
2018-04-28 23:45 - 2018-04-01 10:19 - 000000000 ____D C:\temp
2018-04-28 23:44 - 2018-02-19 14:35 - 000000000 ____D C:\Users\Saren\AppData\Local\NVIDIA
2018-04-27 23:10 - 2018-02-19 00:03 - 000000000 ____D C:\Users\Saren\Desktop\Melee
2018-04-25 13:48 - 2018-03-24 05:51 - 000000000 ____D C:\Users\Saren\AppData\Local\Packages
2018-04-22 22:03 - 2018-03-24 05:48 - 000553104 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-04-22 22:03 - 2018-03-24 05:48 - 000457776 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-04-22 22:01 - 2018-02-19 14:39 - 017161872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2018-04-22 04:04 - 2018-02-19 14:39 - 000044277 _____ C:\WINDOWS\system32\nvinfo.pb
2018-04-21 23:52 - 2017-11-17 12:26 - 005947328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-04-21 23:52 - 2017-11-17 12:26 - 002612808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-04-21 23:52 - 2017-11-17 12:26 - 001768008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-04-21 23:52 - 2017-11-17 12:26 - 000634304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-04-21 23:52 - 2017-11-17 12:26 - 000451144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-04-21 23:52 - 2017-11-17 12:26 - 000124200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-04-21 23:52 - 2017-11-17 12:26 - 000082880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-04-15 10:53 - 2018-02-19 19:03 - 000000000 ____D C:\Program Files\Common Files\AV
2018-04-15 07:39 - 2018-02-18 16:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-04-15 07:38 - 2018-02-18 16:38 - 000099920 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2018-04-15 07:38 - 2018-02-18 16:38 - 000010364 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2018-04-15 07:38 - 2018-02-18 16:38 - 000002333 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-04-15 07:38 - 2017-09-29 06:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-04-15 02:51 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-04-15 02:51 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-04-15 02:51 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-14 17:15 - 2018-02-19 18:56 - 000000000 ____D C:\Users\Saren\Documents\The Witcher 3

Some files in TEMP:
====================
2018-05-14 17:32 - 2018-04-15 14:49 - 001954056 _____ (Microsoft Corporation) C:\Users\Saren\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-06 07:44

==================== End of FRST.txt ============================

Joe Jimm · May 14, 2018

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.05.2018
Ran by Saren (14-05-2018 18:30:46)
Running from C:\Users\Saren\Desktop
Windows 10 Home Version 1709 16299.431 (X64) (2018-03-24 13:06:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2557116828-1867652725-2878004429-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2557116828-1867652725-2878004429-503 - Limited - Disabled)
Guest (S-1-5-21-2557116828-1867652725-2878004429-501 - Limited - Disabled)
Saren (S-1-5-21-2557116828-1867652725-2878004429-1001 - Administrator - Enabled) => C:\Users\Saren
WDAGUtilityAccount (S-1-5-21-2557116828-1867652725-2878004429-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Norton Security (Enabled - Up to date) {589C5C7B-A77A-1B8E-C99B-B02AE9B836F0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
Discord (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.31 - NVIDIA Corporation) Hidden
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher (HKLM-x32\...\{3ECF91A4-EE22-4A3A-921F-36ECAA04C13D}) (Version: 1.1.147.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.170 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\HearthstoneDeckTracker) (Version: 1.6.5 - HearthSim)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 6.0.1.2 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.21 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.9.18.3 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{025C1573-2F1D-46AF-BAB8-594EBF56A889}) (Version: 1.4.11 - HP Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Ready Mode Technology (HKLM\...\{CC3C017C-876D-4A31-A128-593FF92A1FE7}) (Version: 1.1.70.528 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{A9BCF224-9E30-4BFD-8917-2990841F6A87}) (Version: 19.50.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{185db067-38cd-4521-a43e-c39b96ee1389}) (Version: 19.50.1 - Intel Corporation)
IrfanView 4.50 (64-bit) (HKLM\...\IrfanView64) (Version: 4.50 - Irfan Skiljan)
Ironsight version 1 (HKLM-x32\...\Ironsight_is1) (Version: 1 - Aeria Games)
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9226.2126 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Nightbot 0.1.1 (only current user) (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\b66ff3d2-8923-5696-ac2e-977beadfec4e) (Version: 0.1.1 - NightDev, LLC)
Norton Security (HKLM-x32\...\NGC) (Version: 22.14.0.54 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 397.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 397.31 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.31 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
OMEN Control (HKLM-x32\...\{AFE5BCE5-46DD-4DFA-9DD9-00F42E15ABD9}) (Version: 1.1.1 - HP)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.18.115 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.17.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.17.0 - Adlice Software)
Smashladder Launcher (HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\SmashladderDolphinLauncher) (Version: 1.8.1 - Anther)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 5.7.4731.1 - Hi-Rez Studios)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AAB396C1-4338-4825-BFA1-A085F3C55781}) (Version: 2.19.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{B8B01E04-5393-4902-98E6-0E2787F03C80}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 38.2 - Ubisoft)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.0.54\NavShExt.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.0.54\NavShExt.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-04-21] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.14.0.54\buShell.dll [2018-04-03] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.0.54\NavShExt.dll [2018-04-03] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12C8D579-CCC8-4C39-9405-DA09433BC31C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-05-13] (Microsoft Corporation)
Task: {1B35974E-5A55-4956-B6CE-36FEA67AEFC6} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {1BBD55F5-0598-430D-82A0-3DF075758CD6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {1CDAC592-4D86-468D-8E69-773C6DED733E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-13] (Microsoft Corporation)
Task: {20CE8CF1-34D3-4F03-8EAC-1F061E7D2927} - System32\Tasks\HPCeeScheduleForSaren => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {24E49FBC-E242-4C73-959A-EA616502EFFA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-04-07] (HP Inc.)
Task: {2E4B8E09-02C0-48D0-B2AE-698A5A9AC159} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.14.0.54\SymErr.exe [2018-04-03] (Symantec Corporation)
Task: {3493CDA0-0935-4C11-A5EF-171CEAF69EE8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {34CD46FA-831C-4673-83A6-3CD6706A8807} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-14] (NVIDIA Corporation)
Task: {34CD533F-231A-41C7-8636-E20604A15ABF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {3B6AA60A-1CF0-4764-8E85-2377EFB08549} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {43A68353-0F3C-429F-B9C1-7165CB37C6CE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-12] (AVAST Software)
Task: {46908D76-10EC-4A3D-882E-CAAF65F91B67} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-02-18] (Dropbox, Inc.)
Task: {5663D841-BA03-42D2-A401-E6F98B092878} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.14.0.54\SymErr.exe [2018-04-03] (Symantec Corporation)
Task: {63A2E740-1579-4100-BF92-9A8C162AE1AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {67609131-2AE0-46A5-8E13-B2A1F22BC57A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-22] (Google Inc.)
Task: {6EE23344-9A9E-47A9-96D9-F9D21E69C849} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-26] (Microsoft Corporation)
Task: {7CF16262-AA66-4724-A737-71339AF2B9BA} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-04-03] (Symantec Corporation)
Task: {7F33054B-2FFB-42CC-AB61-4A154E75CDE8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-14] (NVIDIA Corporation)
Task: {86FC755C-397B-4CEE-A114-A08B226BAA3B} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.14.0.54\WSCStub.exe [2018-04-03] (Symantec Corporation)
Task: {8E68A682-DFEA-42BD-98EA-C5929AD71099} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-22] (Google Inc.)
Task: {9013C064-E3C2-4820-8B97-5C183F6482C5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-02-18] (Dropbox, Inc.)
Task: {91BE05A2-8E09-4D82-BFCA-373F15442FCE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-26] (Microsoft Corporation)
Task: {93B87784-D3C7-40DF-ADFD-81323897D282} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-04-25] (HP Inc.)
Task: {97DBD4FC-0CC8-4726-BFA1-B4B59CD2B978} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-28] (DropboxOEM)
Task: {A256A2D7-3969-4809-B710-4808E179A1F5} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {B0726954-9FEF-4BB0-9BB0-23068230CA5E} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.14.0.54\SymErr.exe [2018-04-03] (Symantec Corporation)
Task: {B74A2001-7BAB-4F1A-BC3E-E5681B22C45A} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [2017-07-28] ()
Task: {B76334BF-F9CB-4FD4-9DEB-C1B95D845302} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2017-02-02] (HP Inc.)
Task: {B84EDE39-29FC-49E7-9481-F531B98484C1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-14] (NVIDIA Corporation)
Task: {BB6EEACE-E471-4CF7-B21B-D881257141E7} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {C0817D75-7245-4F48-90E5-3A5011BDF748} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-13] (Microsoft Corporation)
Task: {D3BC2D77-EF91-4B1E-B474-DD348713C1CE} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-14] (NVIDIA Corporation)
Task: {D47028CB-263F-44CC-AE43-A15D8F5A7F7D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-05-13] (Microsoft Corporation)
Task: {D974D44E-3942-405A-9417-89B944A9C928} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {E4659883-911A-4D2A-9E01-0F54B387DDEC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-05-13] (Microsoft Corporation)
Task: {E5ED5C8D-37A2-4A1E-A169-E27D77678BE7} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-09-21] (Intel(R) Corporation)
Task: {E902F655-6312-4FD7-A505-D25D26CEF902} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {EC76B2A6-8FD0-4181-8A2C-532B14D3C54F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSaren.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-07-19 15:09 - 2017-07-19 15:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-11-17 12:26 - 2018-03-14 06:05 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-14 18:26 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-14 18:26 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-07-28 11:52 - 2017-07-28 11:52 - 000459680 _____ () C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
2017-11-17 11:12 - 2018-04-29 14:26 - 008939696 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-03-24 14:11 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-24 14:11 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-06 19:17 - 2018-04-06 19:17 - 002141184 _____ () C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\ffmpeg.dll
2018-05-14 18:24 - 2018-05-14 18:24 - 000280576 _____ () \\?\C:\Users\Saren\AppData\Local\Temp\86DE.tmp.node
2018-05-14 18:24 - 2018-05-14 18:24 - 000132608 _____ () \\?\C:\Users\Saren\AppData\Local\Temp\88D3.tmp.node
2018-05-14 18:24 - 2018-05-14 18:24 - 000132096 _____ () \\?\C:\Users\Saren\AppData\Local\Temp\88E4.tmp.node
2018-04-06 19:17 - 2018-04-06 19:17 - 002551808 _____ () C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\libglesv2.dll
2018-04-06 19:17 - 2018-04-06 19:17 - 000093184 _____ () C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\libegl.dll
2018-05-14 18:24 - 2018-05-14 18:24 - 000280576 _____ () \\?\C:\Users\Saren\AppData\Local\Temp\9546.tmp.node
2017-07-28 19:45 - 2017-07-28 19:45 - 000298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2018-05-11 16:09 - 2018-05-09 15:05 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.170\libglesv2.dll
2018-05-11 16:09 - 2018-05-09 15:05 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.170\libegl.dll
2017-11-17 12:26 - 2018-03-14 06:05 - 001041344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-16 04:40 - 2017-01-16 04:40 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2018-04-07 13:03 - 2017-04-13 10:58 - 050656768 _____ () C:\Users\Saren\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2018-04-07 13:03 - 2017-04-13 10:58 - 001874944 _____ () C:\Users\Saren\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2018-04-07 13:03 - 2017-04-13 10:58 - 000075264 _____ () C:\Users\Saren\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2017-11-17 12:26 - 2018-03-14 06:04 - 081563584 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-05-05 21:53 - 2018-03-14 06:04 - 002478016 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-05-05 21:53 - 2018-03-14 06:04 - 000125376 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-05-12 11:49 - 2018-05-12 11:49 - 000156672 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\3f76bdc1df348a9c10911be3f1d56f81\BRIDGECommon.ni.dll
2018-05-12 11:52 - 2018-05-12 11:52 - 000329728 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\3af044d0098c9a679fbc2b9dc9bf91b5\CleanStartController.ni.dll
2018-05-12 11:51 - 2018-05-12 11:51 - 000116736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\9bcca6bdb1d6eb5ddadc4b82634141a7\BridgeExtension.ni.dll
2017-09-25 14:28 - 2017-09-25 14:28 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2018-05-01 20:19 - 2018-04-30 23:01 - 001891672 _____ () C:\Users\Saren\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
2018-05-01 20:19 - 2018-04-30 23:01 - 001937752 _____ () C:\Users\Saren\AppData\Local\Discord\app-0.0.301\libglesv2.dll
2018-05-01 20:19 - 2018-04-30 23:01 - 000095576 _____ () C:\Users\Saren\AppData\Local\Discord\app-0.0.301\libegl.dll
2018-05-04 23:52 - 2018-05-04 23:52 - 001910104 _____ () \\?\C:\Users\Saren\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
2018-05-04 23:52 - 2018-05-04 23:52 - 000422744 _____ () \\?\C:\Users\Saren\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
2018-05-04 23:52 - 2018-05-04 23:52 - 000145240 _____ () \\?\C:\Users\Saren\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-05-04 23:52 - 2018-05-10 20:27 - 009659736 _____ () \\?\C:\Users\Saren\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
2018-05-04 23:52 - 2018-05-04 23:52 - 001530712 _____ () \\?\C:\Users\Saren\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
2018-05-04 23:52 - 2018-05-04 23:52 - 000512856 _____ () \\?\C:\Users\Saren\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
2018-05-04 23:52 - 2018-05-05 11:51 - 001578840 _____ () \\?\C:\Users\Saren\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
2018-05-04 23:52 - 2018-05-04 23:52 - 002722648 _____ () \\?\C:\Users\Saren\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
2018-05-05 11:51 - 2018-05-05 11:51 - 002760536 _____ () \\?\C:\Users\Saren\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
2018-05-05 11:51 - 2018-05-05 11:51 - 001249112 _____ () \\?\C:\Users\Saren\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [476]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\sharepoint.com -> hxxps://piercestudent-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 14:03 - 2017-03-18 14:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Saren\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\albert_bierstadt_-_among_the_sierra_nevada,_california_-_google_art_project.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8BB847DF-239D-4129-BD85-D58F41F98A6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{3DC077A8-BC5A-467F-AD29-C3F2D4F5D3E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{4305F3FD-F2D2-4F5A-8C10-6A11CB77F90B}] => (Allow) LPort=13148
FirewallRules: [{6F156745-EDC2-45CE-A3CE-34CE78C49CD4}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
FirewallRules: [{9212F708-055D-4B38-BA6F-097DE77F1C0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{53CDAB0D-B591-4D95-819B-758FA6F9343F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{44413AF0-608B-46E5-B4C4-837A1FE40169}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{401D3A9F-1A95-46AF-8D16-CF52EB44EF86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{87D89B26-5EBA-4BCD-845D-2529A8382C00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{5793DF2B-B624-4986-A7DC-E66A20721A42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{16D14051-BF39-4C1B-8488-10288F6FC737}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{78B4D071-DA46-4EF9-A414-9894BB6A9A6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed Origins\ACOrigins.exe
FirewallRules: [{DB4D80D1-8008-4F18-8DB2-CC1669DD568D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed Origins\ACOrigins.exe
FirewallRules: [{5D220EA4-EE70-410F-94C8-45050B5210C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{3DAEAA6E-1A00-49AA-BD6C-1C31C6C269F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{FCC402C8-4C23-4E99-A8F8-DF58DA9BF4C1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1EF5C606-7BA4-4B3D-907D-7732AD034E0D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{951670A4-A3F9-408F-ADA4-6B487781158F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{28BBC99B-AB89-4631-B504-847622A4D067}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D36BD423-DA3E-460E-9C89-3AEF74698DD6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A355F7FC-F1F4-428F-8919-7B5733DB5448}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{FCAF5EB8-1A53-4C61-8589-BBF6FA736C1F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{C3D97399-AB6F-4473-9244-546B09370361}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{25938611-BDAE-47C7-8A6E-676BABE52E44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3171666E-DE3B-4680-B7E2-E549064EC937}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{394EDA33-854B-4105-B51F-597921D6CBF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2EAFF2C8-8EB8-4657-95CF-F5FFC7500C95}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{16CFD3EB-9166-4794-862A-DB86E7F68DFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{33F29E0E-1A04-4772-9B7A-E97264AB4025}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{AD24D556-5737-4B27-A82A-65C092DA2EF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B922C2C9-C908-4090-8748-22BA6782D359}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F5396045-0A99-4020-84DD-0E0825AC2BA4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1F8F1D5E-0E7C-49B5-874C-2B0D8F1E5CC9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F19B7E12-8214-400A-A29E-C3FB7101EDC3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{633AA000-1E15-4767-9308-5774522AB479}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B56990B2-E115-4C40-A503-B777FE09D463}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{65839A2B-4CB9-4EA0-8231-EBA07588741E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E41D210D-3B17-4B3A-B687-9E0A36B37B4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB4F0FA2-9F85-427D-BB85-E2FCA6208824}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FB752695-3B8B-4C2A-ABD8-2B3355DB3CFA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{05113ADF-2E29-479B-A000-A9C4D849AD05}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{08473105-CC88-4652-84F0-984EC6B4F077}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{4E8C1934-CB32-4ECC-9470-03CB5936B0B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{EAED5BF9-4D02-4B91-A4FB-B73A77CF71BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{44FD8D8E-86B2-4080-B12A-7F94F19C3384}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{691AFF3A-6617-464D-96A1-296D8329C02D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{212DD625-B5AF-45A9-B0E4-7D88AB089C17}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1F90E10C-6B2E-4423-A708-07B642106F84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{F3886FEF-F5F1-47A2-9E4A-C561A4D5527D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{53847776-44E6-4FC4-9D27-FD86630AFBA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{14A2E7DB-5910-4265-B94D-B98E8F475E69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{B1A59426-5F8C-4C49-9AD3-E6568102F02B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{152AE5DC-2D66-4D93-826B-44A8FC1B8354}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8DA06CDA-7270-46B8-B426-78362FE6971A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{071C44DF-D08B-43DD-A613-77992805F5E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{9011CA8B-1A84-42A8-8B1E-A45449F4F2F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5AE39268-1B2F-4C89-BF91-5AB452E86266}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{16DF2570-DD9F-44EE-8645-D890D4106F78}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{14ACFDDA-44EB-41D5-AF8E-D29BBF720D02}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{9ABEF03E-0DD3-45FF-8E27-D758B92C9E59}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{224312A1-DD74-4AD3-9CAE-503BCCCC6C31}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{2FFB633D-96D9-46B9-8C59-2F5FFB2BEFEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{D340F992-DAFC-4606-9C9D-EAD58C5C96E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{AFC87641-7C09-4BEC-80F8-A35A9AAE8AAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{0901673A-7F77-4AD6-B6D9-8A9DD610774F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{270DC80F-4AF8-44A2-BD02-AFEAEC95074C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

04-05-2018 20:55:46 Windows Modules Installer
08-05-2018 20:48:56 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

Broni · May 14, 2018

Last part of second log is missing.

Joe Jimm · May 14, 2018

My bad. Swear this wasn't here before lol:

==================
Error: (05/14/2018 06:01:46 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (05/14/2018 06:01:46 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (05/14/2018 06:01:35 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (05/14/2018 06:01:35 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (05/14/2018 04:48:42 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/14/2018 11:24:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (05/14/2018 01:21:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5562

Error: (05/14/2018 01:21:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5562

System errors:
=============
Error: (05/14/2018 06:25:34 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0AP91FB)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-0AP91FB\Saren SID (S-1-5-21-2557116828-1867652725-2878004429-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/14/2018 06:25:34 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0AP91FB)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-0AP91FB\Saren SID (S-1-5-21-2557116828-1867652725-2878004429-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/14/2018 06:24:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/14/2018 06:24:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/14/2018 06:23:36 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: Event-ID 14

Error: (05/14/2018 06:22:36 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0AP91FB)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.

Error: (05/14/2018 06:22:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (05/14/2018 06:22:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

CodeIntegrity:
===================================

Date: 2018-05-14 18:29:22.622
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-14 18:29:22.620
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-14 18:29:11.540
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-14 18:29:11.539
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-14 18:28:54.841
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-14 18:28:54.840
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-14 18:28:46.097
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-14 18:28:46.096
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 24%
Total physical RAM: 16319.62 MB
Available physical RAM: 12389.34 MB
Total Virtual: 40895.62 MB
Available Virtual: 35941.66 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:919.04 GB) (Free:444.36 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:11.24 GB) (Free:1.38 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{2e212fc6-d37e-4851-b52d-627b73993935}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
\\?\Volume{8692fd08-285c-4d24-9f31-ecd0bf3c2217}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E198DDBE)

Partition: GPT.

==================== End of Addition.txt ============================

Solved Over 60 svchost.exe's, Chrome being very slow, and other oddities

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Similar threads