Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

New computer is freezing and very slow

Started by shorthaul99 , Mar 28 2018 06:27 PM

  • Please log in to reply

#1
shorthaul99
Posted 28 March 2018 - 06:27 PM

shorthaul99

    Member

  • Member
  • PipPipPip
  • 133 posts

Hello,

 

I am working on my mom's computer because it has become very slow and freezes all the time. When I finally got it to open up, a window was open and it said:

 

 

taskhostw.exe - Fast Fail Exception

 

A fast fail exception has occurred. Exception handlers will not be invoked and the process will be terminated immediately.

 

 

After that, I ran a sfc/ scannow and to my surprise there were no files that were corrupted.

 

Thanks for your help!!

 

 

 

Here is a copy of the logs of FRST:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by swbut (administrator) on SUSAN-PC (28-03-2018 19:13:21)
Running from C:\Users\swbut\Desktop
Loaded Profiles: swbut (Available Profiles: swbut & Guest1)
Platform: Windows 10 Home Version 1709 16299.334 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Genie9) C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.0\kpm_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimeLineAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.0\kpm.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.MSPaint_4.1803.16027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleFirefoxHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2017-01-06] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-03-15] (Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-2607816954-1110565453-3478179683-1002\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2607816954-1110565453-3478179683-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-2607816954-1110565453-3478179683-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-2607816954-1110565453-3478179683-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-2607816954-1110565453-3478179683-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-2607816954-1110565453-3478179683-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-2607816954-1110565453-3478179683-1002\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.0\kpm.exe [540456 2018-02-22] (AO Kaspersky Lab)
HKU\S-1-5-21-2607816954-1110565453-3478179683-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2017-09-29] (Microsoft Corporation)
Startup: C:\Users\swbut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-04-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1029ebca-d3a5-4d07-aca6-a29c36e425c7}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e720eb37-ab53-4815-964c-3b7ca062b5be}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2607816954-1110565453-3478179683-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2607816954-1110565453-3478179683-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> {6ED609E5-EAF5-4C84-ADF0-892E1F08D4C4} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {6ED609E5-EAF5-4C84-ADF0-892E1F08D4C4} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2607816954-1110565453-3478179683-1002 -> {6ED609E5-EAF5-4C84-ADF0-892E1F08D4C4} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-04] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-04] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2607816954-1110565453-3478179683-1002 -> hxxp://www.google.com/
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.4.0.0_neutral__c1wakc4j0nefm [2018-01-11]

FireFox:
========
FF ProfilePath: C:\Users\swbut\AppData\Roaming\Mozilla\Firefox\Profiles\c12vo275.default-1488583721110 [2018-03-28]
FF Homepage: Mozilla\Firefox\Profiles\c12vo275.default-1488583721110 -> hxxps://www.google.com/
FF Extension: (__MSG_extName__) - C:\Users\swbut\AppData\Roaming\Mozilla\Firefox\Profiles\c12vo275.default-1488583721110\Extensions\[email protected] [2017-12-15]
FF Extension: (Webmail Ad Blocker) - C:\Users\swbut\AppData\Roaming\Mozilla\Firefox\Profiles\c12vo275.default-1488583721110\Extensions\[email protected] [2018-03-08]
FF Extension: (AdBlocker for YouTube™) - C:\Users\swbut\AppData\Roaming\Mozilla\Firefox\Profiles\c12vo275.default-1488583721110\Extensions\[email protected] [2017-03-03]
FF Extension: (Kaspersky Password Manager) - C:\Users\swbut\AppData\Roaming\Mozilla\Firefox\Profiles\c12vo275.default-1488583721110\Extensions\[email protected] [2018-02-22]
FF Extension: (Adblock Plus) - C:\Users\swbut\AppData\Roaming\Mozilla\Firefox\Profiles\c12vo275.default-1488583721110\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-13]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\swbut\AppData\Roaming\Mozilla\Firefox\Profiles\c12vo275.default-1488583721110\features\{6c12733a-700d-4094-bb3e-1fe79c45cd39}\[email protected] [2018-03-23] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-02-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-14] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-03] (Advanced Micro Devices, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-13] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc.)
R2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [673856 2014-06-18] (Genie9)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-26] (HP Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2017-03-09] (Intel Corporation)
R2 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.0\kpm_service.exe [215840 2018-02-22] (AO Kaspersky Lab)
R2 LPDSVC; C:\WINDOWS\system32\lpdsvc.dll [47104 2017-09-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-08-07] ()
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2017-01-06] (Realtek Semiconductor)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-03] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3756200 2017-08-07] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-29] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0307778.inf_amd64_c23825c387b5872c\atikmdag.sys [26570784 2017-01-10] (Advanced Micro Devices, Inc.)
S3 amdkmdan; C:\WINDOWS\system32\DRIVERS\atikmnag.sys [20255232 2015-11-03] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0307778.inf_amd64_c23825c387b5872c\atikmpag.sys [535960 2017-01-10] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-09] (Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197344 2017-10-14] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [592088 2017-10-14] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [180984 2018-03-28] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1022656 2018-02-20] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-20] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [231312 2018-03-02] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-03-14] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [252600 2018-03-02] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [107656 2018-03-02] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [174664 2018-03-14] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-03-13] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199640 2017-07-19] (AO Kaspersky Lab)
S3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3529728 2017-10-17] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2017-03-23] (CACE Technologies, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-02-19] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-03] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-03] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-28 19:13 - 2018-03-28 19:13 - 000021880 _____ C:\Users\swbut\Desktop\FRST.txt
2018-03-28 19:12 - 2018-03-28 19:13 - 000000000 ____D C:\FRST
2018-03-28 19:11 - 2018-03-28 19:11 - 002403328 _____ (Farbar) C:\Users\swbut\Desktop\FRST64.exe
2018-03-28 18:29 - 2018-03-13 02:09 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-28 18:29 - 2018-03-13 02:08 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-28 18:29 - 2018-03-13 02:06 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-28 18:29 - 2018-03-13 02:06 - 000270752 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-28 18:29 - 2018-03-13 02:06 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-28 18:29 - 2018-03-13 02:05 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-28 18:29 - 2018-03-13 02:05 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-28 18:29 - 2018-03-13 02:04 - 000749472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-28 18:29 - 2018-03-13 02:04 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-28 18:29 - 2018-03-13 02:04 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-28 18:29 - 2018-03-13 02:03 - 005907288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-03-28 18:29 - 2018-03-13 02:03 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-28 18:29 - 2018-03-13 02:03 - 000779960 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-03-28 18:29 - 2018-03-13 02:03 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-03-28 18:29 - 2018-03-13 02:03 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-28 18:29 - 2018-03-13 02:03 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-28 18:29 - 2018-03-13 02:03 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-03-28 18:29 - 2018-03-13 02:03 - 000279960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-28 18:29 - 2018-03-13 02:03 - 000273312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-28 18:29 - 2018-03-13 02:02 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-28 18:29 - 2018-03-13 02:02 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-28 18:29 - 2018-03-13 02:02 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-03-28 18:29 - 2018-03-13 02:02 - 001415288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-28 18:29 - 2018-03-13 02:02 - 001209752 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-28 18:29 - 2018-03-13 02:01 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-03-28 18:29 - 2018-03-13 01:59 - 000535968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-03-28 18:29 - 2018-03-13 01:58 - 000441248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-03-28 18:29 - 2018-03-13 01:58 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-28 18:29 - 2018-03-13 01:58 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-28 18:29 - 2018-03-13 01:57 - 000711432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-03-28 18:29 - 2018-03-13 01:57 - 000540056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-28 18:29 - 2018-03-13 01:55 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-28 18:29 - 2018-03-13 01:55 - 001778360 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-03-28 18:29 - 2018-03-13 01:55 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-03-28 18:29 - 2018-03-13 01:55 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-28 18:29 - 2018-03-13 01:55 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2018-03-28 18:29 - 2018-03-13 01:55 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-28 18:29 - 2018-03-13 01:55 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-03-28 18:29 - 2018-03-13 01:55 - 000246176 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-03-28 18:29 - 2018-03-13 01:54 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-03-28 18:29 - 2018-03-13 01:54 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-28 18:29 - 2018-03-13 01:54 - 000555936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-28 18:29 - 2018-03-13 01:54 - 000163744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-03-28 18:29 - 2018-03-13 01:54 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-28 18:29 - 2018-03-13 01:53 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-28 18:29 - 2018-03-13 01:53 - 000902928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-03-28 18:29 - 2018-03-13 01:53 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2018-03-28 18:29 - 2018-03-13 01:53 - 000143264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2018-03-28 18:29 - 2018-03-13 01:53 - 000113568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-03-28 18:29 - 2018-03-13 01:53 - 000091152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2018-03-28 18:29 - 2018-03-13 01:52 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-28 18:29 - 2018-03-13 01:52 - 000172112 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2018-03-28 18:29 - 2018-03-13 01:52 - 000127136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2018-03-28 18:29 - 2018-03-13 01:51 - 002773408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-03-28 18:29 - 2018-03-13 01:51 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-03-28 18:29 - 2018-03-13 01:50 - 000617312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-03-28 18:29 - 2018-03-13 00:56 - 025253376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-28 18:29 - 2018-03-13 00:41 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-03-28 18:29 - 2018-03-13 00:40 - 003663872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-28 18:29 - 2018-03-13 00:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-03-28 18:29 - 2018-03-13 00:40 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-28 18:29 - 2018-03-13 00:40 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-03-28 18:29 - 2018-03-13 00:38 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2018-03-28 18:29 - 2018-03-13 00:38 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-03-28 18:29 - 2018-03-13 00:38 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2018-03-28 18:29 - 2018-03-13 00:37 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-03-28 18:29 - 2018-03-13 00:37 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-28 18:29 - 2018-03-13 00:37 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-28 18:29 - 2018-03-13 00:37 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2018-03-28 18:29 - 2018-03-13 00:37 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2018-03-28 18:29 - 2018-03-13 00:37 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2018-03-28 18:29 - 2018-03-13 00:36 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2018-03-28 18:29 - 2018-03-13 00:36 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-03-28 18:29 - 2018-03-13 00:35 - 008031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-28 18:29 - 2018-03-13 00:35 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-03-28 18:29 - 2018-03-13 00:35 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-28 18:29 - 2018-03-13 00:35 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-03-28 18:29 - 2018-03-13 00:35 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-03-28 18:29 - 2018-03-13 00:35 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2018-03-28 18:29 - 2018-03-13 00:35 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-03-28 18:29 - 2018-03-13 00:35 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2018-03-28 18:29 - 2018-03-13 00:35 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-03-28 18:29 - 2018-03-13 00:35 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlgpclnt.dll
2018-03-28 18:29 - 2018-03-13 00:34 - 008727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-03-28 18:29 - 2018-03-13 00:34 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-03-28 18:29 - 2018-03-13 00:34 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-03-28 18:29 - 2018-03-13 00:34 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-03-28 18:29 - 2018-03-13 00:34 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2018-03-28 18:29 - 2018-03-13 00:33 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-28 18:29 - 2018-03-13 00:33 - 007544832 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-03-28 18:29 - 2018-03-13 00:33 - 001574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-03-28 18:29 - 2018-03-13 00:33 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-28 18:29 - 2018-03-13 00:33 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-28 18:29 - 2018-03-13 00:33 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-03-28 18:29 - 2018-03-13 00:33 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-03-28 18:29 - 2018-03-13 00:33 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-03-28 18:29 - 2018-03-13 00:33 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2018-03-28 18:29 - 2018-03-13 00:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-03-28 18:29 - 2018-03-13 00:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2018-03-28 18:29 - 2018-03-13 00:32 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-28 18:29 - 2018-03-13 00:32 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2018-03-28 18:29 - 2018-03-13 00:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2018-03-28 18:29 - 2018-03-13 00:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-03-28 18:29 - 2018-03-13 00:32 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-03-28 18:29 - 2018-03-13 00:32 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-03-28 18:29 - 2018-03-13 00:31 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-28 18:29 - 2018-03-13 00:31 - 004746240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-28 18:29 - 2018-03-13 00:31 - 002849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-03-28 18:29 - 2018-03-13 00:31 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-03-28 18:29 - 2018-03-13 00:31 - 001263104 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-03-28 18:29 - 2018-03-13 00:31 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-03-28 18:29 - 2018-03-13 00:31 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2018-03-28 18:29 - 2018-03-13 00:31 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2018-03-28 18:29 - 2018-03-13 00:30 - 007145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-03-28 18:29 - 2018-03-13 00:30 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-03-28 18:29 - 2018-03-13 00:30 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-03-28 18:29 - 2018-03-13 00:30 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-03-28 18:29 - 2018-03-13 00:30 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2018-03-28 18:29 - 2018-03-13 00:30 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-03-28 18:29 - 2018-03-13 00:29 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-03-28 18:29 - 2018-03-13 00:29 - 003170816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-03-28 18:29 - 2018-03-13 00:29 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-03-28 18:29 - 2018-03-13 00:29 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-03-28 18:29 - 2018-03-13 00:29 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-28 18:29 - 2018-03-13 00:29 - 000984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-03-28 18:29 - 2018-03-13 00:28 - 003160576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-03-28 18:29 - 2018-03-13 00:28 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-03-28 18:29 - 2018-03-13 00:28 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-28 18:29 - 2018-03-13 00:28 - 001967104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-03-28 18:29 - 2018-03-13 00:28 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-03-28 18:29 - 2018-03-13 00:28 - 001157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-03-28 18:29 - 2018-03-13 00:28 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-03-28 18:29 - 2018-03-13 00:28 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-03-28 18:29 - 2018-03-13 00:28 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-03-28 18:29 - 2018-03-13 00:28 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-03-28 18:29 - 2018-03-13 00:28 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-03-28 18:29 - 2018-03-13 00:28 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-03-28 18:29 - 2018-03-13 00:27 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-03-28 18:29 - 2018-03-13 00:27 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-03-28 18:29 - 2018-03-13 00:27 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-03-28 18:29 - 2018-03-13 00:27 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-03-28 18:29 - 2018-03-13 00:27 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-03-28 18:29 - 2018-03-13 00:26 - 001737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-03-28 18:29 - 2018-03-13 00:26 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-03-28 18:29 - 2018-03-13 00:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-03-28 18:29 - 2018-03-13 00:25 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-28 18:29 - 2018-03-13 00:25 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-28 18:29 - 2018-03-13 00:25 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2018-03-28 18:29 - 2018-03-13 00:24 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2018-03-28 18:29 - 2018-03-13 00:24 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-03-28 18:29 - 2018-03-13 00:24 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-03-28 18:29 - 2018-03-13 00:23 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-03-28 18:29 - 2018-03-13 00:23 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-03-28 18:29 - 2018-03-13 00:23 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-03-28 18:29 - 2018-03-13 00:22 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-28 18:29 - 2018-03-13 00:22 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2018-03-28 18:29 - 2018-03-13 00:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-28 18:29 - 2018-03-13 00:22 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-28 18:29 - 2018-03-13 00:19 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-28 18:29 - 2018-03-13 00:19 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-03-28 18:29 - 2018-03-13 00:19 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-03-28 18:29 - 2018-03-13 00:19 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-03-28 18:29 - 2018-03-13 00:18 - 000213408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-28 18:29 - 2018-03-13 00:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-03-28 18:29 - 2018-03-13 00:08 - 001555784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-03-28 18:29 - 2018-03-13 00:08 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-03-28 18:29 - 2018-03-13 00:07 - 000115104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-28 18:29 - 2018-03-13 00:06 - 000704080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-03-28 18:29 - 2018-03-13 00:06 - 000564640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2018-03-28 18:29 - 2018-03-13 00:04 - 006481096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-28 18:29 - 2018-03-13 00:04 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-28 18:29 - 2018-03-13 00:04 - 000140592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2018-03-28 18:29 - 2018-03-12 23:44 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-03-28 18:29 - 2018-03-12 23:44 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-28 18:29 - 2018-03-12 23:44 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-03-28 18:29 - 2018-03-12 23:43 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-28 18:29 - 2018-03-12 23:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-03-28 18:29 - 2018-03-12 23:41 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-28 18:29 - 2018-03-12 23:41 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-28 18:29 - 2018-03-12 23:40 - 006118400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-03-28 18:29 - 2018-03-12 23:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-03-28 18:29 - 2018-03-12 23:40 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2018-03-28 18:29 - 2018-03-12 23:39 - 019355136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-28 18:29 - 2018-03-12 23:39 - 018923520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-28 18:29 - 2018-03-12 23:39 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-28 18:29 - 2018-03-12 23:39 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2018-03-28 18:29 - 2018-03-12 23:39 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-03-28 18:29 - 2018-03-12 23:39 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-03-28 18:29 - 2018-03-12 23:39 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-03-28 18:29 - 2018-03-12 23:38 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-03-28 18:29 - 2018-03-12 23:38 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlgpclnt.dll
2018-03-28 18:29 - 2018-03-12 23:37 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-28 18:29 - 2018-03-12 23:37 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2018-03-28 18:29 - 2018-03-12 23:37 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2018-03-28 18:29 - 2018-03-12 23:37 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-03-28 18:29 - 2018-03-12 23:37 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-03-28 18:29 - 2018-03-12 23:37 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2018-03-28 18:29 - 2018-03-12 23:37 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-03-28 18:29 - 2018-03-12 23:37 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2018-03-28 18:29 - 2018-03-12 23:36 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-28 18:29 - 2018-03-12 23:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-03-28 18:29 - 2018-03-12 23:36 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-03-28 18:29 - 2018-03-12 23:36 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-03-28 18:29 - 2018-03-12 23:35 - 006204416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-03-28 18:29 - 2018-03-12 23:34 - 002409984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-03-28 18:29 - 2018-03-12 23:34 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-03-28 18:29 - 2018-03-12 23:33 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-03-28 18:29 - 2018-03-12 23:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-03-28 18:29 - 2018-03-12 23:32 - 006030848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-28 18:29 - 2018-03-12 23:32 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-28 18:29 - 2018-03-12 23:32 - 002577408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-03-28 18:29 - 2018-03-12 23:32 - 001948672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-03-28 18:29 - 2018-03-12 23:31 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-03-28 18:29 - 2018-03-12 23:31 - 001348608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-03-28 18:29 - 2018-03-12 23:31 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-03-28 18:29 - 2018-03-12 23:31 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-03-28 18:29 - 2018-03-12 23:31 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-03-28 18:29 - 2018-03-12 23:30 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-03-28 18:29 - 2018-03-12 23:30 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-03-28 18:29 - 2018-03-12 23:28 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-03-28 18:29 - 2018-03-12 23:27 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2018-03-28 18:29 - 2018-03-12 23:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2018-03-28 18:29 - 2018-03-12 23:26 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2018-03-28 17:53 - 2018-03-28 17:53 - 000000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿerStore
2018-03-28 17:53 - 2018-03-28 17:53 - 000000000 ____D C:\WINDOWS\system32\4_c23825c387b5872c
2018-03-21 10:17 - 2018-03-21 10:17 - 000010201 _____ C:\Users\swbut\Documents\2017 Tax deductions.xlsx
2018-03-18 11:26 - 2018-03-18 11:26 - 000008606 _____ C:\Users\swbut\Documents\Book1.xlsx
2018-03-16 20:55 - 2018-03-16 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-16 14:54 - 2018-03-16 14:54 - 000000238 _____ C:\Users\swbut\Desktop\Gmail.URL
2018-03-16 14:46 - 2018-03-16 14:46 - 000192510 _____ C:\Users\swbut\Downloads\TicketFast.pdf
2018-03-15 06:50 - 2018-03-15 06:50 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-03-15 06:50 - 2018-03-15 06:50 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-03-15 06:50 - 2018-03-15 06:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-03-15 06:50 - 2018-03-15 06:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-03-14 20:05 - 2018-03-14 20:05 - 000000000 ___HD C:\OneDriveTemp
2018-03-14 16:58 - 2018-03-14 16:58 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-03-14 16:57 - 2018-03-14 17:54 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-14 16:43 - 2018-03-14 16:57 - 026972232 _____ (Adlice Software) C:\Users\swbut\Desktop\RogueKiller_portable64.exe
2018-03-14 16:41 - 2018-03-14 16:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-2607816954-1110565453-3478179683-1002
2018-03-14 15:58 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 15:58 - 2018-03-01 22:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 15:58 - 2018-03-01 22:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 15:58 - 2018-03-01 22:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 15:58 - 2018-03-01 22:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 15:58 - 2018-03-01 22:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 15:58 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 15:58 - 2018-03-01 15:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 15:58 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 15:58 - 2018-03-01 02:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 15:58 - 2018-03-01 02:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 15:58 - 2018-03-01 02:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 15:58 - 2018-03-01 02:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 15:58 - 2018-03-01 02:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 15:58 - 2018-03-01 02:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 15:58 - 2018-03-01 02:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 15:58 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 15:58 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 15:58 - 2018-03-01 02:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 15:58 - 2018-03-01 02:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 15:58 - 2018-03-01 02:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 15:58 - 2018-03-01 02:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 15:58 - 2018-03-01 02:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 15:58 - 2018-03-01 02:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 15:58 - 2018-03-01 02:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 15:58 - 2018-03-01 02:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 15:58 - 2018-03-01 01:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 15:58 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 15:58 - 2018-03-01 01:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 15:58 - 2018-03-01 01:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 15:58 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 15:58 - 2018-03-01 01:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 15:58 - 2018-03-01 01:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 15:58 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 15:58 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 15:58 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 15:58 - 2018-03-01 01:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 15:58 - 2018-03-01 01:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 15:58 - 2018-03-01 01:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 15:58 - 2018-03-01 01:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 15:58 - 2018-03-01 01:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 15:58 - 2018-03-01 00:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 15:58 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 15:58 - 2018-03-01 00:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 15:58 - 2018-03-01 00:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 15:58 - 2018-03-01 00:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 15:58 - 2018-03-01 00:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 15:58 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 15:58 - 2018-03-01 00:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 15:58 - 2018-03-01 00:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 15:58 - 2018-03-01 00:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 15:58 - 2018-03-01 00:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 15:58 - 2018-03-01 00:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 15:58 - 2018-03-01 00:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 15:58 - 2018-03-01 00:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 15:58 - 2018-03-01 00:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 15:58 - 2018-03-01 00:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 15:58 - 2018-03-01 00:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 15:58 - 2018-03-01 00:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 15:58 - 2018-03-01 00:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 15:58 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 15:58 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 15:58 - 2018-03-01 00:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 15:58 - 2018-03-01 00:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 15:58 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 15:58 - 2018-03-01 00:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 15:58 - 2018-03-01 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 15:58 - 2018-03-01 00:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 15:58 - 2018-03-01 00:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 15:58 - 2018-03-01 00:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 15:58 - 2018-03-01 00:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 15:58 - 2018-03-01 00:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 15:58 - 2018-03-01 00:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 15:58 - 2018-03-01 00:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 15:58 - 2018-03-01 00:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 15:58 - 2018-03-01 00:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 15:58 - 2018-03-01 00:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 15:58 - 2018-03-01 00:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 15:58 - 2018-03-01 00:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 15:58 - 2018-03-01 00:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 15:58 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 15:58 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 15:58 - 2018-03-01 00:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 15:58 - 2018-03-01 00:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 15:58 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 15:58 - 2018-03-01 00:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 15:58 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 15:58 - 2018-03-01 00:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 15:58 - 2018-03-01 00:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 15:58 - 2018-03-01 00:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 15:58 - 2018-03-01 00:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 15:58 - 2018-02-21 21:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 15:58 - 2018-02-21 21:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 15:58 - 2018-02-21 21:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 15:58 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 15:58 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 15:58 - 2018-02-21 21:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 15:58 - 2018-02-21 21:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 15:58 - 2018-02-21 21:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 15:58 - 2018-02-21 21:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 15:58 - 2018-02-21 21:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 15:58 - 2018-02-21 21:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 15:58 - 2018-02-21 20:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 15:58 - 2018-02-21 20:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 15:58 - 2018-02-21 20:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 15:58 - 2018-02-21 20:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 15:58 - 2018-02-21 20:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 15:58 - 2018-02-21 20:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 15:58 - 2018-02-21 20:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 15:58 - 2018-02-21 19:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 15:58 - 2018-02-21 19:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 15:58 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 15:58 - 2018-02-21 19:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 15:58 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 15:58 - 2018-02-21 19:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 15:58 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 15:58 - 2018-02-21 19:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-14 15:51 - 2018-03-14 15:51 - 000001086 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-03-14 15:51 - 2018-03-14 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-03-14 15:51 - 2018-03-14 15:51 - 000000000 ____D C:\Program Files\VS Revo Group
2018-03-14 15:45 - 2018-03-14 15:45 - 000001376 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2018-03-14 15:45 - 2018-03-14 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2018-03-14 14:52 - 2018-03-14 14:52 - 000004564 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-02 11:32 - 2018-03-02 11:32 - 000252600 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2018-03-02 11:31 - 2018-03-14 15:13 - 000174664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-03-02 11:31 - 2018-03-02 11:31 - 000231312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2018-03-02 11:31 - 2018-03-02 11:31 - 000107656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-28 19:05 - 2017-11-16 11:52 - 000003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-03-28 18:59 - 2016-11-18 16:56 - 000000000 ____D C:\Users\swbut\AppData\LocalLow\Mozilla
2018-03-28 18:55 - 2017-11-02 20:33 - 001375926 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-28 18:54 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-28 18:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-28 18:51 - 2017-06-17 18:33 - 000000000 ___RD C:\Users\swbut\iCloudDrive
2018-03-28 18:51 - 2016-09-07 17:12 - 000000000 ___RD C:\Users\swbut\OneDrive
2018-03-28 18:50 - 2016-09-07 20:17 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-03-28 18:49 - 2017-11-02 20:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-28 18:49 - 2017-11-02 20:30 - 000415048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-28 18:48 - 2017-09-29 03:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-03-28 18:48 - 2016-09-10 11:57 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-03-28 18:47 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-28 18:33 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-28 18:24 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-28 18:21 - 2017-11-02 20:50 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AE34FF77-9FFB-4AF9-82FA-1CBE28B1E64E}
2018-03-28 17:49 - 2017-03-03 18:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-28 17:49 - 2017-03-03 18:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-28 17:38 - 2017-11-02 20:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-27 19:51 - 2017-03-03 18:28 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-27 19:16 - 2017-11-02 20:50 - 000003490 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2018-03-26 15:17 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-25 18:30 - 2017-11-02 20:34 - 000000000 ____D C:\Users\swbut
2018-03-25 18:27 - 2016-09-07 17:19 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForswbut.job
2018-03-23 10:24 - 2017-11-02 20:50 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForswbut
2018-03-19 20:20 - 2017-11-02 20:35 - 000000000 ____D C:\Users\swbut\AppData\Local\Packages
2018-03-16 21:12 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-16 21:11 - 2016-06-04 03:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-16 20:56 - 2016-06-04 03:09 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-03-16 15:10 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-15 16:40 - 2016-10-14 19:37 - 000000000 ____D C:\Users\swbut\Documents\Outlook Files
2018-03-14 19:16 - 2017-11-03 10:40 - 000000000 ___RD C:\Users\swbut\3D Objects
2018-03-14 19:16 - 2015-11-03 21:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 19:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-14 19:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 17:30 - 2015-10-30 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-03-14 16:38 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-14 16:00 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 16:00 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-14 15:56 - 2016-09-07 20:18 - 000000000 ____D C:\Program Files\Common Files\AV
2018-03-14 15:45 - 2016-09-07 20:17 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-03-14 15:43 - 2017-11-02 20:50 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2607816954-1110565453-3478179683-1002
2018-03-14 15:43 - 2016-09-07 17:12 - 000002374 _____ C:\Users\swbut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-14 14:58 - 2016-09-07 18:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 14:56 - 2017-10-11 10:09 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 14:56 - 2016-09-07 18:43 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-14 14:52 - 2017-12-27 16:35 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-03-14 14:52 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-14 14:52 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-13 00:02 - 2017-11-02 20:31 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-03-03 12:32 - 2018-02-14 15:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-03 11:26 - 2017-09-29 08:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-03-02 16:09 - 2017-12-13 18:47 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 16:09 - 2017-12-13 18:47 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-02 11:14 - 2017-11-02 20:50 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-22 12:55

==================== End of FRST.txt ============================

 

 

 

 

And the addition log:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by swbut (28-03-2018 19:14:26)
Running from C:\Users\swbut\Desktop
Windows 10 Home Version 1709 16299.334 (X64) (2017-11-03 01:53:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2607816954-1110565453-3478179683-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2607816954-1110565453-3478179683-503 - Limited - Disabled)
Guest (S-1-5-21-2607816954-1110565453-3478179683-501 - Limited - Disabled)
Guest1 (S-1-5-21-2607816954-1110565453-3478179683-1003 - Limited - Enabled) => C:\Users\Guest1
swbut (S-1-5-21-2607816954-1110565453-3478179683-1002 - Administrator - Enabled) => C:\Users\swbut
WDAGUtilityAccount (S-1-5-21-2607816954-1110565453-3478179683-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Small Office Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Small Office Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Small Office Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B2179A5A-A467-55D7-1EB7-BE1AE40757FA}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{76272057-98E0-4DC4-AAC3-10C546C47195}) (Version: 14.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
Intel® Wireless Bluetooth® (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8060a69f-ee27-444b-b126-775f861232ea}) (Version: 20.0.2 - Intel Corporation)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Kaspersky Password Manager (HKLM-x32\...\{8278AAAF-B5AA-4FF8-88FE-357269C35324}) (Version: 9.0.0.944 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{8278AAAF-B5AA-4FF8-88FE-357269C35324}) (Version: 9.0.0.944 - Kaspersky Lab)
Kaspersky Small Office Security (HKLM-x32\...\{51AE1D4F-1352-40FE-A0BE-DAA166663609}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Small Office Security (HKLM-x32\...\InstallWIX_{51AE1D4F-1352-40FE-A0BE-DAA166663609}) (Version: 17.0.0.611 - Kaspersky Lab)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2607816954-1110565453-3478179683-1002\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.28.00 - NETGEAR Inc.)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
ReadySHARE Vault (HKLM-x32\...\ReadySHARE Vault) (Version: 3.0 - Genie9)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7743 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers1: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2013-08-29] (Genie9)
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\x64\shellex.dll [2017-03-13] (AO Kaspersky Lab)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers2: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2013-08-29] (Genie9)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\x64\shellex.dll [2017-03-13] (AO Kaspersky Lab)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers4: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2013-08-29] (Genie9)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\x64\shellex.dll [2017-03-13] (AO Kaspersky Lab)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-03] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers5: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2013-08-29] (Genie9)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\x64\shellex.dll [2017-03-13] (AO Kaspersky Lab)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {247F0A23-7DB0-4485-889E-533B3321A454} - System32\Tasks\HP AR Program Upload - 426528ea8bf94a0c92bbc10699e7e2c6503acbe35b7a4e10b01d66bf52a0bcef => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {24E0F909-4BE4-42BA-9A82-0C7D90AD86F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {47585DB4-231B-4545-9BA9-2B1F343AF979} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {5BBC07E0-012C-4953-BA96-DD2EDF17C4A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {5D1C91C6-E3AB-412C-B8BF-8A5DFC2CDAB3} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-05-06] (AO Kaspersky Lab)
Task: {64D464AC-29AE-4FAE-BDBC-DE0D0B931F4D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {660DBABE-0A97-4CD4-BA41-ED81E25E0CBE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-14] (Adobe Systems Incorporated)
Task: {69A3FCCE-984C-413B-B613-A06FCA6588A8} - System32\Tasks\HPCeeScheduleForswbut => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {6D3B97BA-27BC-4AF6-9499-F5C34A3F945D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-16] (Microsoft Corporation)
Task: {7787D996-780B-4CAC-80AA-ADC7A62B6402} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {79CACB7D-55B7-4EA7-A8E3-AC6930874975} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN44NBK157 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {9146A7E9-6DA4-4C38-BABD-85408E55388F} - System32\Tasks\HP AR Program Upload - 85969a51b94c4603959cc44391167059eaf16e8c43e9474481d5798588321c82 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {9230959F-CE74-4E93-B262-9CFCD53D94BE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-26] ()
Task: {9319D120-AFF3-4843-9E44-85F907713CC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {9D37650C-DDBB-4658-A02C-0575DC48641B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-16] (Microsoft Corporation)
Task: {A3E28A03-2B65-48F9-85FE-6394E38F68B0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-13] (Dropbox, Inc.)
Task: {ADF2B2B6-2A82-44E4-BD99-072878301E52} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {AF611CA0-3233-44B9-AE6D-78DF1F46FCBF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {B6B61869-F130-4046-8FD5-FBEC330501A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {BFF4E5B4-0DC0-4A02-8A67-A023C29E32F4} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2018-01-10] (Apple Inc.)
Task: {C64272F0-80D9-4A30-9D20-EDBB471D0DA5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {CA1E0318-0AD7-46B8-BB24-595C5C4E62E0} - System32\Tasks\S-1-5-21-2607816954-1110565453-3478179683-1002\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {DCB9969B-8617-4605-B3AD-66363E1D85ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {E11E5550-48EE-455D-A931-1D469D58D71A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-16] (Microsoft Corporation)
Task: {E7D6C078-A862-4E6B-96A2-1719607C78C3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-14] (Adobe Systems Incorporated)
Task: {EDDCB08F-C944-496B-8885-003C280B7466} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {F79AC6BB-D56C-48AB-A56C-B3E47EB9C5ED} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FC5DC62D-C5A0-4EE6-9067-B71BD3AB5F2A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {FCBD2679-C478-4B5F-9BDC-EA958DC1B4FA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-13] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForswbut.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-29 02:08 - 2013-08-29 02:08 - 000332800 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.dll
2013-08-01 04:36 - 2013-08-01 04:36 - 000045568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.dll
2013-08-29 02:08 - 2013-08-29 02:08 - 000490496 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.dll
2013-08-29 02:08 - 2013-08-29 02:08 - 000087040 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.dll
2013-08-29 02:08 - 2013-08-29 02:08 - 000209920 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.dll
2013-08-29 02:08 - 2013-08-29 02:08 - 000370688 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.dll
2013-08-29 02:08 - 2013-08-29 02:08 - 000710144 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.dll
2013-08-01 04:36 - 2013-08-01 04:36 - 000058368 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.dll
2012-02-02 04:16 - 2012-02-02 04:16 - 000740864 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.dll
2013-02-03 06:40 - 2013-02-03 06:40 - 000011264 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.dll
2013-08-01 04:36 - 2013-08-01 04:36 - 000089600 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.dll
2013-08-29 02:08 - 2013-08-29 02:08 - 000054784 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.dll
2013-02-03 04:21 - 2013-02-03 04:21 - 000045056 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcre.dll
2013-02-03 06:40 - 2013-02-03 06:40 - 000010752 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.dll
2013-02-03 04:21 - 2013-02-03 04:21 - 000097792 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcrebase.dll
2017-03-23 18:24 - 2013-08-29 02:08 - 000209920 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl
2017-03-23 18:24 - 2013-08-01 04:36 - 000089600 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl
2017-03-23 18:24 - 2013-08-29 02:08 - 000490496 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.gtl
2017-03-23 18:24 - 2013-02-03 06:40 - 000011264 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.gtl
2017-03-23 18:24 - 2012-02-02 04:16 - 000740864 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.gtl
2017-03-23 18:24 - 2013-08-01 04:36 - 000045568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl
2014-06-18 03:46 - 2014-06-18 03:46 - 001358912 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineAgent.exe
2013-08-29 02:08 - 2013-08-29 02:08 - 000063488 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\XBalloonMsgDll.dll
2013-08-01 04:36 - 2013-08-01 04:36 - 000093696 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSCurl.dll
2018-03-14 15:58 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 15:58 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-23 10:23 - 2018-03-23 10:24 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-23 10:23 - 2018-03-23 10:24 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-23 10:23 - 2018-03-23 10:24 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-23 10:23 - 2018-03-23 10:24 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-23 10:23 - 2018-03-23 10:23 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-03-09 18:15 - 2018-03-09 18:17 - 001227440 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2018-02-02 11:03 - 2018-02-02 11:04 - 004601048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-20 17:01 - 2018-03-20 17:02 - 004019200 _____ () C:\Program Files\WindowsApps\Microsoft.MSPaint_4.1803.16027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
2018-03-02 11:13 - 2018-03-02 11:13 - 000016384 _____ () C:\Program Files\WindowsApps\Microsoft.MSPaint_4.1803.16027.0_x64__8wekyb3d8bbwe\SharedMemory.dll
2018-03-20 17:01 - 2018-03-20 17:02 - 000905216 _____ () C:\Program Files\WindowsApps\Microsoft.MSPaint_4.1803.16027.0_x64__8wekyb3d8bbwe\Telemetry.dll
2018-03-20 17:01 - 2018-03-20 17:02 - 000808448 _____ () C:\Program Files\WindowsApps\Microsoft.MSPaint_4.1803.16027.0_x64__8wekyb3d8bbwe\Utils.CX.dll
2018-03-20 17:01 - 2018-03-20 17:02 - 009220608 _____ () C:\Program Files\WindowsApps\Microsoft.MSPaint_4.1803.16027.0_x64__8wekyb3d8bbwe\PaintStudio.ViewModel.dll
2017-08-28 16:40 - 2017-08-28 16:40 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.MSPaint_4.1803.16027.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-20 17:01 - 2018-03-20 17:02 - 007225344 _____ () C:\Program Files\WindowsApps\Microsoft.MSPaint_4.1803.16027.0_x64__8wekyb3d8bbwe\PaintStudio.ViewElements.dll
2018-03-20 17:01 - 2018-03-20 17:01 - 000515072 _____ () C:\Program Files\WindowsApps\Microsoft.MSPaint_4.1803.16027.0_x64__8wekyb3d8bbwe\ConfigurationManager.dll
2018-03-20 17:01 - 2018-03-20 17:02 - 000628736 _____ () C:\Program Files\WindowsApps\Microsoft.MSPaint_4.1803.16027.0_x64__8wekyb3d8bbwe\MSASignIn.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\kpcengine.2.3.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2018-02-22 18:26 - 2018-02-22 18:26 - 000648456 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.0\crypto_sqlite3.dll
2018-02-22 18:26 - 2018-02-22 18:26 - 000380480 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.0\infra.dll
2018-03-16 20:55 - 2018-03-15 06:50 - 000746312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-03-16 20:55 - 2018-03-15 06:50 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-03-14 15:44 - 2018-03-15 06:50 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-03-14 15:44 - 2018-03-15 06:53 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-03-16 20:55 - 2018-03-15 06:50 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-03-16 20:55 - 2018-03-15 06:50 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-03-14 15:44 - 2018-03-15 06:50 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2018-03-14 15:44 - 2018-03-15 06:53 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-03-16 20:55 - 2018-03-15 06:50 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-03-16 20:55 - 2018-03-15 06:50 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-03-14 15:44 - 2018-03-15 06:53 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2018-03-14 15:44 - 2018-03-15 06:53 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-03-14 15:44 - 2018-03-15 06:53 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-03-14 15:44 - 2018-03-15 06:53 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-03-14 15:44 - 2018-03-15 06:53 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2018-03-14 15:44 - 2018-03-15 06:53 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2018-03-14 15:44 - 2018-03-15 06:53 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-03-14 15:44 - 2018-03-15 06:53 - 000087904 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-03-14 15:44 - 2018-03-15 06:53 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-03-14 15:44 - 2018-03-15 06:53 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-03-14 15:44 - 2018-03-15 06:53 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-03-14 15:44 - 2018-03-15 06:50 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2018-03-14 15:44 - 2018-03-15 06:53 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-03-16 20:55 - 2018-03-15 06:50 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-03-16 20:55 - 2018-03-15 06:52 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-03-16 20:55 - 2018-03-15 06:50 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-03-14 15:44 - 2018-03-15 06:53 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-03-14 15:44 - 2018-03-15 06:53 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-03-16 20:55 - 2018-03-15 06:52 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-03-16 20:55 - 2018-03-15 06:52 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-03-14 15:44 - 2018-03-15 06:53 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2018-03-14 15:53 - 000000830 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2607816954-1110565453-3478179683-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\swbut\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{072ACE3F-BEDD-4B58-AD36-E0F0D84B8815}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{54DE8176-D9BA-402F-8079-A7D953392C94}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95CFC3B7-BA83-4048-BE60-0807AE14FB2B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1A41ED5B-CD9C-40FC-BECC-FDAFA4027663}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{05550B68-E6D7-4442-BBBB-940EFED3CF91}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9F1E6434-3FC3-4530-B633-179E3EB85533}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{1307CF24-93D2-4D30-A461-4DD869C1F71A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{B5C44A2C-5098-4266-88CC-02410F355B4E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{C81D9EC7-8AAC-4962-B910-93D10502D556}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{0C83A436-66F8-4A9E-8C34-98713C9D7A31}] => (Allow) LPort=5357
FirewallRules: [{05CEC05C-CF07-45FC-A110-0A59C27CF86C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F1F02245-29C2-480B-945C-F988C69467BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F853D51-ECDF-4F06-A9C5-4FA1C6C26F80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9E76094E-AA14-4DDC-AE0C-6B987A4F62E6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{86649AEB-A217-466E-BE71-17DD8E8C82E9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D701155A-6A66-4852-AD6E-C66DEDC4F3C9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{EF2C6F05-4CE4-46CF-9542-7E494D4DD912}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AC034FD8-00D8-44D5-98CE-0DBEB4DFC77C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

07-03-2018 20:29:11 Scheduled Checkpoint
14-03-2018 14:55:51 Windows Update
14-03-2018 15:54:55 Removed McAfee Safe Connect
23-03-2018 14:05:22 Scheduled Checkpoint
28-03-2018 18:28:42 Windows Update

==================== Faulty Device Manager Devices =============

Name: Intel® Dual Band Wireless-AC 7260
Description: Intel® Dual Band Wireless-AC 7260
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNb64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2018 06:56:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/28/2018 06:56:52 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/28/2018 06:56:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/28/2018 06:56:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/28/2018 06:56:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/28/2018 05:54:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/28/2018 05:50:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1ae8

Start Time: 01d3c6e716e63ea4

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Report Id: c1a356d9-6b1c-4ad9-a88f-a87dc1f5d2cf

Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Error: (03/28/2018 05:50:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: SUSAN-PC)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.


System errors:
=============
Error: (03/28/2018 06:50:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/28/2018 06:50:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/28/2018 06:50:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/28/2018 06:50:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/28/2018 06:50:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/28/2018 06:50:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/28/2018 06:46:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Update Orchestrator Service service terminated with the following error:
This operation returned because the timeout period expired.

Error: (03/28/2018 06:46:00 PM) (Source: DCOM) (EventID: 10010) (User: SUSAN-PC)
Description: The server Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppX8z5q44mt1b9k6x2nkjj0bkr2e1ac0dxy.mca did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2018-02-24 14:16:08.549
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8058430C-D5F3-40F4-AB04-F2928E414C8F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-01-09 12:10:04.098
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {31A02A0F-584B-4E8F-BF70-60C0B1D571A1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-14 14:04:55.770
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

CodeIntegrity:
===================================

Date: 2018-03-28 19:07:18.913
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-28 19:07:18.911
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-28 19:04:59.322
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-28 19:04:59.320
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-28 19:04:58.301
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-28 19:04:58.300
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-28 18:56:07.252
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-28 18:56:07.249
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD A10-8850 Radeon R7, 12 Compute Cores 4C+8G
Percentage of memory in use: 23%
Total physical RAM: 15305.13 MB
Available physical RAM: 11655.63 MB
Total Virtual: 17609.13 MB
Available Virtual: 13855.54 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:917.89 GB) (Free:805.58 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:12.19 GB) (Free:1.58 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{1accbf2a-0699-427b-96e1-727a7559ffe8}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.27 GB) FAT32
\\?\Volume{4d8c8e06-f68d-48a1-b3bc-377de19d4912}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F80E3382)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

Advertisements

#2
Bruce1270
Posted 02 April 2018 - 04:27 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hello Shorthaul99 and :welcome:

Sorry for the delay. :)

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I'll review your logs and post some further instructions. :)

  • 0

#3
Bruce1270
Posted 03 April 2018 - 10:23 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi shorthaul99

Turn off your anti virus for the duration of the fixes.

1. FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.jpg
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    2. AdwCleaner



    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner1.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on Tools then options
    adwcleaner2.jpg
    tick to reset -
    IPSec
    IE policies
    Chrome policies
    Chrome preferences
  • Click OK.
  • Please click Clean button.
  • when cleaning is finished, you may be prompted to restart your computer. Do so.
  • Upon completion, a log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    3. Malwarebytes
  • Please download Malwarebytes to your desktop.
  • Double-click mb3-consumer-{version number}.exe and follow the prompts to install the program. Note: This will be the trial version for 14 days and then reverts to the free version.
  • Click on Scan Now

    MBAM1_Scan.jpg
  • The scan will automatically commence.

    MBAMscan2.jpg
  • If any threats are detected, Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

    MBAMScanfinished.jpg

    Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

    Please renable your anti virus!

    Things for your next post:
  • fixlog.txt
  • AdwCleaner[C*].txt
  • MBAM log

  • 0

#4
shorthaul99
Posted 04 April 2018 - 06:48 PM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts

 

Turn off your anti virus for the duration of the fixes.

1. FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.

  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.jpg
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.
     

 

Hello Bruce,

 

Thanks for your help!

 

I can't seem to find any files that are downloadable for the fixlist?

 

 

 


  • 0

#5
shorthaul99
Posted 04 April 2018 - 07:01 PM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts

Here is the ADW Log:

 

 

# AdwCleaner 7.0.8.0 - Logfile created on Thu Apr 05 00:53:08 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::IPSec settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [945 B] - [2018/4/5 0:51:24]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


  • 0

#6
shorthaul99
Posted 04 April 2018 - 07:10 PM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/4/18
Scan Time: 8:04 PM
Log File: 54ec6222-386d-11e8-b309-dc4a3e464c7a.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4622
License: Trial

-System Information-
OS: Windows 10 (Build 16299.334)
CPU: x64
File System: NTFS
User: SUSAN-PC\swbut

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 326765
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 min, 31 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)


  • 0

#7
Bruce1270
Posted 05 April 2018 - 02:11 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
My Apologies! I did not attach the file.

Attached File  fixlist.txt   229bytes   154 downloads

Is now attached and follow instructions from post #3. :)
  • 0

#8
shorthaul99
Posted 05 April 2018 - 03:34 PM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts

Here is the log that it produced but it came up very quickly and then crashed. I'm going to reboot and try again but I wanted you to see what happened:

 

 

 

 

FRST.jpg

 

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by swbut (05-04-2018 16:27:43) Run:1
Running from C:\Users\swbut\Desktop
Loaded Profiles: swbut & Guest1 (Available Profiles: swbut & Guest1)
Boot Mode: Normal
==============================================

fixlist content:
*****************
RestorePoint:
Task: {F79AC6BB-D56C-48AB-A56C-B3E47EB9C5ED} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
*****************

RestorePoint: => Error: No automatic fix found for this entry.
 

 

 

 


  • 0

#9
shorthaul99
Posted 05 April 2018 - 03:51 PM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts

I rebooted and tried again and this time it was a success:

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by swbut (05-04-2018 16:41:25) Run:2
Running from C:\Users\swbut\Desktop
Loaded Profiles: swbut (Available Profiles: swbut & Guest1)
Boot Mode: Normal
==============================================

fixlist content:
*****************
RestorePoint:
Task: {F79AC6BB-D56C-48AB-A56C-B3E47EB9C5ED} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
*****************

RestorePoint: => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F79AC6BB-D56C-48AB-A56C-B3E47EB9C5ED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F79AC6BB-D56C-48AB-A56C-B3E47EB9C5ED}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8675328 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 81745489 B
Java, Flash, Steam htmlcache => 59403 B
Windows/system/drivers => 2883014 B
Edge => 17100590 B
Chrome => 0 B
Firefox => 422602564 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 38732 B
NetworkService => 126020 B
swbut => 28171951 B
Guest1 => 0 B

RecycleBin => 67988382 B
EmptyTemp: => 600.2 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-04-2018 16:47:59)


Result of scheduled keys to remove after reboot:


  • 0

#10
Bruce1270
Posted 06 April 2018 - 03:19 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Shorthaul99
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, if items are detected make sure that every item in the list is checked, and click on Quarantine selected;
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

  • 0

#11
shorthaul99
Posted 06 April 2018 - 09:49 AM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts

It didn't find anything on the quick scan as well as the malware scan.

 

 

 

Emsisoft Emergency Kit - Version 2018.3
Last update: 4/6/2018 10:38:31 AM
User account: SUSAN-PC\swbut
Computer name: SUSAN-PC
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:    4/6/2018 10:46:19 AM

Scanned    76063
Found    0

Scan end:    4/6/2018 10:47:27 AM
Scan time:    0:01:08
 


  • 0

#12
Bruce1270
Posted 09 April 2018 - 02:33 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Shorthaul99

All the scans are coming up clean so your issue would appear to be software or hardware related.

Noticed in the logs this
 

==================== Faulty Device Manager Devices =============

Name: Intel® Dual Band Wireless-AC 7260
Description: Intel® Dual Band Wireless-AC 7260
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNb64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


Are you aware that this is disabled? Was this something you did yourself?

Try enabling it again to see if it makes any difference.
  • 0

#13
shorthaul99
Posted 11 April 2018 - 10:36 PM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts

Yes I am aware of this because at one point we needed this as a wireless access

 

but now we have cat 5 wire straight to the modem.


  • 0

#14
Bruce1270
Posted 12 April 2018 - 04:20 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Shorthaul99

Thanks for the info.

Ok. Lets try a clean boot.

Please put your operating system into a clean boot state

To do this follow the steps in this guide.

Is the system still unresponsive or freeze?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP