Lately, maybe the last couple weeks, I've had facebook giving me a fake 'please log in to continue' message on both firefox and chrome. I never clicked it, I just closed the tab and opened another one. (lol..)
Another thing, yesterday I was completing a purchase with paypal. The little paypal popup window loaded, then Avast said it blocked a threat "HTML:Paypal-B [Phish.]"
The paypal window loaded normally, and I wondered if since Avast secured the threat that it was safe to continue, but I thought I'd better not.
I ran scans with Avast and Malwarebytes which both detected nothing.
Here are my FRST logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Ronni (administrator) on KZO (20-10-2018 16:59:04)Running from C:\Users\Ronni\DesktopLoaded Profiles: Ronni (Available Profiles: Ronni & DefaultAppPool)Platform: Windows 10 Home Version 1803 17134.345 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe(Microsoft Corporation) C:\Windows\System32\mqsvc.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Pen_TabletUser.exe(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.32.55.0_x64__kzf8qxf38zg5c\SkypeApp.exe() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.32.55.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\SndVol.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\smartscreen.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-08-27] (AVAST Software)HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3784512 2018-10-09] (Dropbox, Inc.)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2018-05-30] (LogMeIn Inc.)HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)HKU\S-1-5-21-1741139138-458572066-732062563-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3206432 2018-08-08] (Valve Corporation)HKU\S-1-5-21-1741139138-458572066-732062563-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)HKU\S-1-5-21-1741139138-458572066-732062563-1000\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe [369152 2018-04-12] (Microsoft Corporation)HKU\S-1-5-21-1741139138-458572066-732062563-1000\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe [1449472 2018-09-10] (Adobe Systems Incorporated)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2015-03-31]ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)Startup: C:\Users\Ronni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Daily Routine.odt [2018-09-07] ()==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{88487950-8a08-44c9-9fb4-6cedbfea0fcf}: [DhcpNameServer] 192.168.1.1Internet Explorer:==================HKU\S-1-5-21-1741139138-458572066-732062563-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://tumblr.com/BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-07] (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-07] (Oracle Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-07] (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-07] (Oracle Corporation)FireFox:========FF DefaultProfile: tyoycqmo.defaultFF ProfilePath: C:\Users\Ronni\AppData\Roaming\Mozilla\Firefox\Profiles\tyoycqmo.default [2018-10-19]FF Extension: (Avast Online Security) - C:\Users\Ronni\AppData\Roaming\Mozilla\Firefox\Profiles\tyoycqmo.default\Extensions\[email protected] [2018-10-10]FF Extension: (Telemetry coverage) - C:\Users\Ronni\AppData\Roaming\Mozilla\Firefox\Profiles\tyoycqmo.default\features\{156c5d34-b285-44e5-b89a-451cff46bc99}\[email protected] [2018-10-10] [Legacy]FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-12-07] ()FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-07] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-07] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-12-07] ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-07] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-07] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-04] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-04] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1741139138-458572066-732062563-1000: SkypePlugin -> C:\Users\Ronni\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi.dll [2015-08-02] (Skype Technologies S.A.)FF Plugin HKU\S-1-5-21-1741139138-458572066-732062563-1000: SkypePlugin64 -> C:\Users\Ronni\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi-x64.dll [2015-08-02] (Skype Technologies S.A.)Chrome:=======CHR DefaultProfile: DefaultCHR StartupUrls: Default -> "hxxp://google.com/"CHR NewTab: Default -> Active:"chrome-extension://jonikckfpolfcdcgdficelkfffkloemh/n.html"CHR Profile: C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default [2018-10-20]CHR Extension: (Slides) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-17]CHR Extension: (Docs) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-17]CHR Extension: (Google Drive) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]CHR Extension: (Skype Calling) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-03]CHR Extension: (YouTube) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]CHR Extension: (Honey) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-08-25]CHR Extension: (Adblock Plus) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-10]CHR Extension: (Google Search) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]CHR Extension: (Adobe Acrobat) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-10-08]CHR Extension: (Sheets) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-17]CHR Extension: (Google Docs Offline) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]CHR Extension: (Avast Online Security) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-03]CHR Extension: (New XKit) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2018-06-17] [UpdateUrl: hxxps://new-xkit.github.io/XKit/Extensions/dist/page/FirefoxUpdate.json] <==== ATTENTIONCHR Extension: (Blank New Tab Page) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonikckfpolfcdcgdficelkfffkloemh [2018-07-30]CHR Extension: (TTSReader - Unlimited Text-To-Speech) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\melfcogdhodeocnkdiplgdpkllopbhan [2016-02-08]CHR Extension: (Video Speed Controller) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-07-06]CHR Extension: (Chrome Web Store Payments) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-17]CHR Extension: (Showgoers for Netflix) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcmaninppdeakmhaonacejmfcgeempfo [2017-03-04]CHR Extension: (SpeakIt!) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2016-12-20]CHR Extension: (Gmail) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]CHR Extension: (Chrome Media Router) - C:\Users\Ronni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-03]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>==================== Services (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7994520 2018-08-27] (AVAST Software)S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-28] (AVAST Software)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-27] (AVAST Software)S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-28] (AVAST Software)S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-08-27] (AVAST Software)S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2015-10-19] (BioWare)S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-14] (Dropbox, Inc.)S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-14] (Dropbox, Inc.)R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-10-09] (Dropbox, Inc.)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3346856 2018-05-30] (LogMeIn Inc.)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353768 2018-06-18] (Intel Corporation)R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127272 2009-07-15] (Wacom Technology, Corp.)S2 wust; C:\OSRSS\wust.exe [0 ] () <==== ATTENTION (zero byte File/Folder)R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000===================== Drivers (Whitelisted) ======================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [199712 2018-08-27] (AVAST Software)R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229384 2018-08-27] (AVAST Software)R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201320 2018-08-27] (AVAST Software)R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-08-27] (AVAST Software)R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59568 2018-08-27] (AVAST Software)R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-28] (AVAST Software)R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [249016 2018-08-27] (AVAST Software)S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-08-27] (AVAST Software)R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163392 2018-09-11] (AVAST Software)R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111864 2018-08-27] (AVAST Software)R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87904 2018-08-28] (AVAST Software)R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-08-27] (AVAST Software)R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467320 2018-09-04] (AVAST Software)R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215920 2018-09-12] (AVAST Software)R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381560 2018-08-27] (AVAST Software)R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260384 2018-10-10] (Malwarebytes)R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2018-04-11] (MediaTek Inc.)R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_adc520364db29861\nvlddmkm.sys [17213832 2018-09-17] (NVIDIA Corporation)S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-09-17] (NVIDIA Corporation)R3 tpfilter; C:\WINDOWS\System32\drivers\tpfilter.sys [25928 2015-10-30] (TP Microelectronic)S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)S3 XSplit_Dummy; C:\WINDOWS\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)U3 idsvc; no ImagePath==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2018-10-20 16:59 - 2018-10-20 16:59 - 000022931 _____ C:\Users\Ronni\Desktop\FRST.txt2018-10-20 16:58 - 2018-10-20 16:59 - 000000000 ____D C:\FRST2018-10-20 16:47 - 2018-10-20 16:47 - 002414592 _____ (Farbar) C:\Users\Ronni\Desktop\FRST64.exe2018-10-19 22:31 - 2018-10-19 22:31 - 000000000 ____D C:\Users\Ronni\AppData\Roaming\Google2018-10-19 01:46 - 2018-10-19 01:46 - 000001961 _____ C:\Users\Ronni\Desktop\TS Femininity.txt2018-10-19 01:46 - 2018-10-19 01:46 - 000000216 _____ C:\Users\Ronni\Desktop\beyond the veil 5d.txt2018-10-19 01:45 - 2018-10-19 01:45 - 000003750 _____ C:\Users\Ronni\Desktop\BPD trauma.txt2018-10-16 22:18 - 2018-10-19 01:23 - 000058581 _____ C:\Users\Ronni\Desktop\delusion zoNe hxc god mode.aup2018-10-16 22:18 - 2018-10-16 22:18 - 000000000 ____D C:\Users\Ronni\Desktop\delusion zoNe hxc god mode_data2018-10-12 15:36 - 2018-10-12 15:36 - 000002021 _____ C:\Users\Ronni\Desktop\crown1.aup2018-10-12 15:36 - 2018-10-12 15:36 - 000000000 ____D C:\Users\Ronni\Desktop\crown1_data2018-10-11 14:14 - 2018-10-12 11:04 - 000007139 _____ C:\Users\Ronni\Desktop\crown.aup2018-10-11 14:14 - 2018-10-11 14:14 - 000000000 ____D C:\Users\Ronni\Desktop\crown_data2018-10-11 13:53 - 2018-10-11 13:53 - 000005421 _____ C:\Users\Ronni\Desktop\missing.aup2018-10-11 13:53 - 2018-10-11 13:53 - 000000000 ____D C:\Users\Ronni\Desktop\missing_data2018-10-10 17:42 - 2018-10-10 17:42 - 000260384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys2018-10-10 13:39 - 2018-10-10 13:39 - 000000163 _____ C:\Users\Ronni\Desktop\2playOnGuitar.txt2018-10-10 04:54 - 2018-09-21 04:18 - 021386888 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2018-10-10 04:54 - 2018-09-20 22:41 - 003396096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll2018-10-10 04:54 - 2018-09-20 04:23 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2018-10-10 04:54 - 2018-09-20 03:34 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll2018-10-10 04:54 - 2018-09-19 23:29 - 006569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll2018-10-10 04:54 - 2018-09-19 23:29 - 006039368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll2018-10-10 04:54 - 2018-09-19 23:21 - 022013440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll2018-10-10 04:54 - 2018-09-19 23:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2018-10-10 04:54 - 2018-09-19 23:11 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll2018-10-10 04:54 - 2018-09-19 23:09 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2018-10-10 04:54 - 2018-09-19 23:09 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll2018-10-10 04:54 - 2018-09-19 23:09 - 007432136 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll2018-10-10 04:54 - 2018-09-19 23:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2018-10-10 04:54 - 2018-09-19 22:53 - 025851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll2018-10-10 04:54 - 2018-09-19 22:46 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2018-10-10 04:54 - 2018-09-19 22:44 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll2018-10-10 04:54 - 2018-09-19 22:44 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll2018-10-10 04:54 - 2018-09-19 22:42 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2018-10-10 04:54 - 2018-09-19 22:41 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll2018-10-10 04:54 - 2018-09-19 22:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2018-10-10 04:54 - 2018-09-08 03:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll2018-10-10 04:54 - 2018-09-08 02:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll2018-10-10 04:54 - 2018-09-07 22:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll2018-10-10 04:54 - 2018-09-07 22:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll2018-10-10 04:54 - 2018-09-07 22:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll2018-10-10 04:54 - 2018-09-07 22:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll2018-10-10 04:54 - 2018-09-07 22:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll2018-10-10 04:53 - 2018-09-21 04:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll2018-10-10 04:53 - 2018-09-21 03:22 - 020381784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2018-10-10 04:53 - 2018-09-21 03:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll2018-10-10 04:53 - 2018-09-20 23:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll2018-10-10 04:53 - 2018-09-20 23:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll2018-10-10 04:53 - 2018-09-20 23:12 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe2018-10-10 04:53 - 2018-09-20 23:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll2018-10-10 04:53 - 2018-09-20 23:09 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll2018-10-10 04:53 - 2018-09-20 23:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2018-10-10 04:53 - 2018-09-20 23:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll2018-10-10 04:53 - 2018-09-20 23:09 - 001062920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi2018-10-10 04:53 - 2018-09-20 23:09 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll2018-10-10 04:53 - 2018-09-20 23:08 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll2018-10-10 04:53 - 2018-09-20 23:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2018-10-10 04:53 - 2018-09-20 23:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll2018-10-10 04:53 - 2018-09-20 23:08 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2018-10-10 04:53 - 2018-09-20 23:08 - 001257864 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2018-10-10 04:53 - 2018-09-20 23:08 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2018-10-10 04:53 - 2018-09-20 23:08 - 000982600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2018-10-10 04:53 - 2018-09-20 23:08 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2018-10-10 04:53 - 2018-09-20 23:08 - 000261008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll2018-10-10 04:53 - 2018-09-20 23:08 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys2018-10-10 04:53 - 2018-09-20 23:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe2018-10-10 04:53 - 2018-09-20 22:58 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll2018-10-10 04:53 - 2018-09-20 22:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll2018-10-10 04:53 - 2018-09-20 22:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll2018-10-10 04:53 - 2018-09-20 22:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll2018-10-10 04:53 - 2018-09-20 22:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll2018-10-10 04:53 - 2018-09-20 22:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll2018-10-10 04:53 - 2018-09-20 22:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll2018-10-10 04:53 - 2018-09-20 22:42 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll2018-10-10 04:53 - 2018-09-20 22:40 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll2018-10-10 04:53 - 2018-09-20 22:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll2018-10-10 04:53 - 2018-09-20 22:39 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll2018-10-10 04:53 - 2018-09-20 22:39 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2018-10-10 04:53 - 2018-09-20 22:39 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll2018-10-10 04:53 - 2018-09-20 22:38 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll2018-10-10 04:53 - 2018-09-20 22:38 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll2018-10-10 04:53 - 2018-09-20 22:37 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2018-10-10 04:53 - 2018-09-20 22:37 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys2018-10-10 04:53 - 2018-09-20 22:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll2018-10-10 04:53 - 2018-09-20 22:37 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll2018-10-10 04:53 - 2018-09-20 22:36 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll2018-10-10 04:53 - 2018-09-20 22:36 - 001034240 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll2018-10-10 04:53 - 2018-09-20 22:36 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll2018-10-10 04:53 - 2018-09-20 22:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll2018-10-10 04:53 - 2018-09-20 22:36 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll2018-10-10 04:53 - 2018-09-20 04:40 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe2018-10-10 04:53 - 2018-09-20 04:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll2018-10-10 04:53 - 2018-09-20 04:22 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll2018-10-10 04:53 - 2018-09-20 04:19 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll2018-10-10 04:53 - 2018-09-20 04:18 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys2018-10-10 04:53 - 2018-09-20 04:18 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2018-10-10 04:53 - 2018-09-20 04:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll2018-10-10 04:53 - 2018-09-20 04:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll2018-10-10 04:53 - 2018-09-20 04:17 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll2018-10-10 04:53 - 2018-09-20 04:16 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll2018-10-10 04:53 - 2018-09-20 03:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll2018-10-10 04:53 - 2018-09-20 03:35 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2018-10-10 04:53 - 2018-09-20 03:30 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2018-10-10 04:53 - 2018-09-20 03:29 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys2018-10-10 04:53 - 2018-09-20 03:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll2018-10-10 04:53 - 2018-09-20 03:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll2018-10-10 04:53 - 2018-09-20 03:28 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll2018-10-10 04:53 - 2018-09-20 01:43 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll2018-10-10 04:53 - 2018-09-20 00:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll2018-10-10 04:53 - 2018-09-19 23:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll2018-10-10 04:53 - 2018-09-19 23:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll2018-10-10 04:53 - 2018-09-19 23:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll2018-10-10 04:53 - 2018-09-19 23:28 - 001129544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll2018-10-10 04:53 - 2018-09-19 23:28 - 000581792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll2018-10-10 04:53 - 2018-09-19 23:28 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll2018-10-10 04:53 - 2018-09-19 23:17 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll2018-10-10 04:53 - 2018-09-19 23:13 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2018-10-10 04:53 - 2018-09-19 23:12 - 000272200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll2018-10-10 04:53 - 2018-09-19 23:12 - 000269128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll2018-10-10 04:53 - 2018-09-19 23:11 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll2018-10-10 04:53 - 2018-09-19 23:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll2018-10-10 04:53 - 2018-09-19 23:11 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll2018-10-10 04:53 - 2018-09-19 23:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe2018-10-10 04:53 - 2018-09-19 23:10 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2018-10-10 04:53 - 2018-09-19 23:10 - 001221128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe2018-10-10 04:53 - 2018-09-19 23:10 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe2018-10-10 04:53 - 2018-09-19 23:10 - 000566800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe2018-10-10 04:53 - 2018-09-19 23:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys2018-10-10 04:53 - 2018-09-19 23:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll2018-10-10 04:53 - 2018-09-19 23:10 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll2018-10-10 04:53 - 2018-09-19 23:10 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys2018-10-10 04:53 - 2018-09-19 23:09 - 002825232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys2018-10-10 04:53 - 2018-09-19 23:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll2018-10-10 04:53 - 2018-09-19 23:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys2018-10-10 04:53 - 2018-09-19 23:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll2018-10-10 04:53 - 2018-09-19 23:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll2018-10-10 04:53 - 2018-09-19 23:09 - 001097744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll2018-10-10 04:53 - 2018-09-19 23:09 - 000885952 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll2018-10-10 04:53 - 2018-09-19 23:09 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys2018-10-10 04:53 - 2018-09-19 23:09 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll2018-10-10 04:53 - 2018-09-19 23:09 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys2018-10-10 04:53 - 2018-09-19 23:08 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2018-10-10 04:53 - 2018-09-19 22:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe2018-10-10 04:53 - 2018-09-19 22:42 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe2018-10-10 04:53 - 2018-09-19 22:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll2018-10-10 04:53 - 2018-09-19 22:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll2018-10-10 04:53 - 2018-09-19 22:41 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll2018-10-10 04:53 - 2018-09-19 22:41 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe2018-10-10 04:53 - 2018-09-19 22:41 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll2018-10-10 04:53 - 2018-09-19 22:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll2018-10-10 04:53 - 2018-09-19 22:40 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll2018-10-10 04:53 - 2018-09-19 22:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll2018-10-10 04:53 - 2018-09-19 22:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll2018-10-10 04:53 - 2018-09-19 22:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll2018-10-10 04:53 - 2018-09-19 22:37 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2018-10-10 04:53 - 2018-09-19 22:36 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll2018-10-10 04:53 - 2018-09-19 21:21 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim2018-10-10 04:53 - 2018-09-19 20:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll2018-10-10 04:53 - 2018-09-08 03:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll2018-10-10 04:53 - 2018-09-08 03:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe2018-10-10 04:53 - 2018-09-08 03:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll2018-10-10 04:53 - 2018-09-08 03:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2018-10-10 04:53 - 2018-09-08 03:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll2018-10-10 04:53 - 2018-09-08 03:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll2018-10-10 04:53 - 2018-09-08 03:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe2018-10-10 04:53 - 2018-09-08 03:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll2018-10-10 04:53 - 2018-09-08 03:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll2018-10-10 04:53 - 2018-09-08 03:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll2018-10-10 04:53 - 2018-09-08 02:58 - 001639352 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll2018-10-10 04:53 - 2018-09-08 02:58 - 001520744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2018-10-10 04:53 - 2018-09-08 02:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll2018-10-10 04:53 - 2018-09-08 02:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll2018-10-10 04:53 - 2018-09-08 02:43 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll2018-10-10 04:53 - 2018-09-08 02:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll2018-10-10 04:53 - 2018-09-08 02:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll2018-10-10 04:53 - 2018-09-08 02:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll2018-10-10 04:53 - 2018-09-08 02:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll2018-10-10 04:53 - 2018-09-08 02:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll2018-10-10 04:53 - 2018-09-08 02:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll2018-10-10 04:53 - 2018-09-08 02:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll2018-10-10 04:53 - 2018-09-08 02:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe2018-10-10 04:53 - 2018-09-08 02:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll2018-10-10 04:53 - 2018-09-08 02:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv2018-10-10 04:53 - 2018-09-08 02:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll2018-10-10 04:53 - 2018-09-08 02:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl2018-10-10 04:53 - 2018-09-08 02:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll2018-10-10 04:53 - 2018-09-08 02:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll2018-10-10 04:53 - 2018-09-08 02:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll2018-10-10 04:53 - 2018-09-08 02:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll2018-10-10 04:53 - 2018-09-08 02:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll2018-10-10 04:53 - 2018-09-08 02:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2018-10-10 04:53 - 2018-09-08 02:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll2018-10-10 04:53 - 2018-09-08 02:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll2018-10-10 04:53 - 2018-09-08 02:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe2018-10-10 04:53 - 2018-09-08 02:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll2018-10-10 04:53 - 2018-09-08 02:14 - 001328056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2018-10-10 04:53 - 2018-09-08 02:13 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll2018-10-10 04:53 - 2018-09-08 02:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll2018-10-10 04:53 - 2018-09-08 02:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll2018-10-10 04:53 - 2018-09-08 02:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll2018-10-10 04:53 - 2018-09-08 02:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll2018-10-10 04:53 - 2018-09-08 02:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll2018-10-10 04:53 - 2018-09-08 01:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll2018-10-10 04:53 - 2018-09-08 01:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll2018-10-10 04:53 - 2018-09-08 01:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll2018-10-10 04:53 - 2018-09-08 01:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll2018-10-10 04:53 - 2018-09-08 01:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll2018-10-10 04:53 - 2018-09-08 01:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2018-10-10 04:53 - 2018-09-08 01:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll2018-10-10 04:53 - 2018-09-08 01:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll2018-10-10 04:53 - 2018-09-08 01:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll2018-10-10 04:53 - 2018-09-08 01:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv2018-10-10 04:53 - 2018-09-08 01:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl2018-10-10 04:53 - 2018-09-08 01:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe2018-10-10 04:53 - 2018-09-07 23:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll2018-10-10 04:53 - 2018-09-07 22:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys2018-10-10 04:53 - 2018-09-07 22:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll2018-10-10 04:53 - 2018-09-07 22:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys2018-10-10 04:53 - 2018-09-07 22:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys2018-10-10 04:53 - 2018-09-07 22:58 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll2018-10-10 04:53 - 2018-09-07 22:57 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll2018-10-10 04:53 - 2018-09-07 22:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll2018-10-10 04:53 - 2018-09-07 22:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe2018-10-10 04:53 - 2018-09-07 22:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll2018-10-10 04:53 - 2018-09-07 22:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll2018-10-10 04:53 - 2018-09-07 22:57 - 000267576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll2018-10-10 04:53 - 2018-09-07 22:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll2018-10-10 04:53 - 2018-09-07 22:45 - 000295416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll2018-10-10 04:53 - 2018-09-07 22:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll2018-10-10 04:53 - 2018-09-07 22:44 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll2018-10-10 04:53 - 2018-09-07 22:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe2018-10-10 04:53 - 2018-09-07 22:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll2018-10-10 04:53 - 2018-09-07 22:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll2018-10-10 04:53 - 2018-09-07 22:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys2018-10-10 04:53 - 2018-09-07 22:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe2018-10-10 04:53 - 2018-09-07 22:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll2018-10-10 04:53 - 2018-09-07 22:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll2018-10-10 04:53 - 2018-09-07 22:30 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll2018-10-10 04:53 - 2018-09-07 22:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys2018-10-10 04:53 - 2018-09-07 22:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll2018-10-10 04:53 - 2018-09-07 22:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys2018-10-10 04:53 - 2018-09-07 22:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll2018-10-10 04:53 - 2018-09-07 22:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll2018-10-10 04:53 - 2018-09-07 22:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll2018-10-10 04:53 - 2018-09-07 22:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll2018-10-10 04:53 - 2018-09-07 22:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2018-10-10 04:53 - 2018-09-07 22:28 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll2018-10-10 04:53 - 2018-09-07 22:28 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll2018-10-10 04:53 - 2018-09-07 22:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll2018-10-10 04:53 - 2018-09-07 22:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll2018-10-10 04:53 - 2018-09-07 22:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll2018-10-10 04:53 - 2018-09-07 22:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll2018-10-10 04:53 - 2018-09-07 22:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll2018-10-10 04:53 - 2018-09-07 22:27 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll2018-10-10 04:53 - 2018-09-07 22:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll2018-10-10 04:53 - 2018-09-07 22:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll2018-10-10 04:53 - 2018-09-07 22:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll2018-10-10 04:53 - 2018-09-07 22:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll2018-10-10 04:53 - 2018-09-07 22:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll2018-10-10 04:53 - 2018-09-07 22:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll2018-10-10 04:53 - 2018-09-07 22:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll2018-10-10 04:53 - 2018-09-07 22:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll2018-10-10 04:53 - 2018-09-07 22:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll2018-10-10 04:53 - 2018-09-07 22:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll2018-10-10 04:53 - 2018-09-07 22:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll2018-10-10 04:53 - 2018-09-07 22:25 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2018-10-10 04:53 - 2018-09-07 22:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll2018-10-10 04:53 - 2018-09-07 22:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll2018-10-10 04:53 - 2018-09-07 22:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll2018-10-10 04:53 - 2018-09-07 22:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll2018-10-10 04:53 - 2018-09-07 22:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll2018-10-10 04:53 - 2018-09-07 22:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll2018-10-10 04:53 - 2018-09-07 22:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll2018-10-10 04:53 - 2018-09-07 22:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll2018-10-10 04:53 - 2018-09-07 22:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll2018-10-09 14:29 - 2018-10-09 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox2018-10-09 13:30 - 2018-10-09 13:30 - 000002243 _____ C:\Users\Ronni\Desktop\Unsupported.txt2018-10-09 06:53 - 2018-10-09 06:53 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe2018-10-09 06:53 - 2018-10-09 06:53 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys2018-10-09 06:53 - 2018-10-09 06:53 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys2018-10-09 06:53 - 2018-10-09 06:53 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys2018-10-08 01:25 - 2018-10-08 01:25 - 000044957 _____ C:\Users\Ronni\Desktop\restarting.aup2018-10-08 01:25 - 2018-10-08 01:25 - 000000000 ____D C:\Users\Ronni\Desktop\restarting_data2018-10-03 18:35 - 2018-10-03 18:35 - 000000000 ____D C:\Users\Ronni\AppData\Local\mbamtray2018-10-03 18:34 - 2018-10-03 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes2018-10-03 18:34 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys2018-10-03 18:32 - 2018-10-03 18:32 - 000000000 ____D C:\Users\Ronni\AppData\Local\mbam2018-10-02 22:44 - 2018-10-03 18:34 - 000002934 _____ C:\Users\Ronni\Desktop\IR.txt2018-10-01 17:22 - 2018-10-01 17:22 - 000047240 _____ C:\Users\Ronni\Desktop\lastwords pick n choose.aup2018-10-01 17:22 - 2018-10-01 17:22 - 000000000 ____D C:\Users\Ronni\Desktop\lastwords pick n choose_data2018-09-28 17:00 - 2018-09-28 17:00 - 000115050 _____ C:\Users\Ronni\Desktop\yes no yes no.aup2018-09-28 16:59 - 2018-09-28 16:59 - 000000000 ____D C:\Users\Ronni\Desktop\yes no yes no_data2018-09-26 18:26 - 2018-09-26 18:26 - 000138426 _____ C:\Users\Ronni\Downloads\Environment_Flow_Overview.pdf2018-09-25 22:06 - 2018-10-20 14:23 - 000001684 _____ C:\Users\Ronni\Desktop\QUESTLOG.txt2018-09-25 09:30 - 2018-09-25 09:30 - 000006678 _____ C:\Users\Ronni\Desktop\U DONTUNDERSTAND.aup2018-09-25 09:30 - 2018-09-25 09:30 - 000000000 ____D C:\Users\Ronni\Desktop\U DONTUNDERSTAND_data2018-09-25 09:23 - 2018-10-08 01:28 - 000000000 ____D C:\Program Files\Mozilla Firefox2018-09-25 09:23 - 2018-10-08 01:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2018-09-25 09:23 - 2018-09-25 09:23 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk2018-09-25 09:22 - 2018-09-25 09:22 - 000314376 _____ (Igor Pavlov) C:\Users\Ronni\Downloads\Firefox Installer.exe==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2018-10-20 16:59 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2018-10-20 15:59 - 2015-04-09 14:35 - 000000000 ____D C:\Users\Ronni\AppData\Roaming\Audacity2018-10-20 15:54 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp2018-10-20 14:27 - 2018-09-17 22:57 - 000001021 _____ C:\Users\Ronni\Desktop\Ronni's Room.txt2018-10-20 14:15 - 2018-07-21 14:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy2018-10-20 02:54 - 2018-04-16 22:26 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump2018-10-19 22:20 - 2017-01-20 19:48 - 000000000 ____D C:\Users\Ronni\AppData\LocalLow\Mozilla2018-10-19 20:57 - 2018-08-05 08:46 - 000003760 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier2018-10-19 20:57 - 2018-07-21 14:33 - 000003538 _____ C:\WINDOWS\System32\Tasks\Driver Easy Scheduled Scan2018-10-19 20:57 - 2018-07-21 14:33 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task2018-10-19 20:57 - 2018-07-21 14:33 - 000003428 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA2018-10-19 20:57 - 2018-07-21 14:33 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2018-10-19 20:57 - 2018-07-21 14:33 - 000003282 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{080E1527-D8D7-467E-ADB8-67322095A234}2018-10-19 20:57 - 2018-07-21 14:33 - 000003204 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore2018-10-19 20:57 - 2018-07-21 14:33 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2018-10-19 20:57 - 2018-07-21 14:33 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741139138-458572066-732062563-10002018-10-19 20:57 - 2018-07-21 14:33 - 000002402 _____ C:\WINDOWS\System32\Tasks\XboxStatTask2018-10-19 20:57 - 2018-07-21 14:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software2018-10-19 20:57 - 2018-06-18 00:01 - 000000414 _____ C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job2018-10-19 20:57 - 2017-02-14 03:05 - 000000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job2018-10-19 20:57 - 2017-02-14 03:05 - 000000910 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job2018-10-19 15:34 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness2018-10-19 10:12 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps2018-10-19 09:32 - 2018-06-28 22:42 - 000000000 ____D C:\Users\Ronni\AppData\Local\AVAST Software2018-10-19 09:29 - 2016-09-23 11:51 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat2018-10-19 09:29 - 2016-07-28 19:10 - 000000000 __SHD C:\Users\Ronni\IntelGraphicsProfiles2018-10-19 09:29 - 2015-04-09 07:40 - 000000000 ____D C:\Users\Ronni\AppData\Roaming\WTablet2018-10-19 01:46 - 2016-09-23 11:51 - 000000000 ____D C:\ProgramData\NVIDIA2018-10-18 23:24 - 2016-05-29 12:31 - 000000000 ____D C:\Users\Ronni\AppData\Local\CrashDumps2018-10-18 21:11 - 2018-06-28 22:46 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk2018-10-18 09:27 - 2018-07-21 14:33 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update2018-10-16 21:32 - 2015-08-26 14:40 - 000000000 ____D C:\Users\Ronni\AppData\LocalLow\Adobe2018-10-16 06:58 - 2018-06-18 13:08 - 000000000 ____D C:\ProgramData\Packages2018-10-16 05:40 - 2018-07-21 14:10 - 000002396 _____ C:\Users\Ronni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2018-10-16 05:40 - 2016-07-28 19:14 - 000000000 ___RD C:\Users\Ronni\OneDrive2018-10-12 12:33 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports2018-10-10 22:30 - 2018-07-27 22:23 - 000855976 _____ C:\WINDOWS\system32\perfh00C.dat2018-10-10 22:30 - 2018-07-27 22:23 - 000174470 _____ C:\WINDOWS\system32\perfc00C.dat2018-10-10 22:30 - 2018-07-21 14:23 - 001990986 _____ C:\WINDOWS\system32\PerfStringBackup.INI2018-10-10 22:30 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF2018-10-10 17:44 - 2018-06-18 11:46 - 000000000 ___RD C:\Users\Ronni\3D Objects2018-10-10 17:44 - 2016-04-27 01:39 - 000000000 __RHD C:\Users\Public\AccountPictures2018-10-10 17:43 - 2018-07-21 14:01 - 000321928 _____ C:\WINDOWS\system32\FNTCACHE.DAT2018-10-10 17:42 - 2018-07-21 14:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT2018-10-10 17:41 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI2018-10-10 17:40 - 2018-04-11 18:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel2018-10-10 17:40 - 2018-04-11 18:38 - 000000000 ___RD C:\Program Files\Windows Defender2018-10-10 17:40 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput2018-10-10 17:40 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences2018-10-10 17:40 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr2018-10-10 17:40 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender2018-10-10 05:06 - 2016-07-30 00:05 - 000000000 ____D C:\WINDOWS\system32\MRT2018-10-10 05:04 - 2016-07-30 00:05 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2018-10-09 14:30 - 2017-02-14 03:05 - 000000000 ____D C:\Program Files (x86)\Dropbox2018-10-08 22:32 - 2015-12-02 13:19 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2018-10-04 05:46 - 2018-07-21 14:10 - 000000000 ____D C:\Users\Ronni2018-10-02 15:13 - 2018-04-11 18:41 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2018-10-02 15:13 - 2018-04-11 18:41 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2018-09-25 09:24 - 2015-04-07 02:41 - 000000000 ____D C:\Users\Ronni\AppData\Roaming\Mozilla==================== Files in the root of some directories =======2015-09-09 23:35 - 2015-09-24 10:15 - 000000150 _____ () C:\Users\Ronni\AppData\Roaming\licecap.ini2016-06-20 06:11 - 2016-06-20 06:11 - 000002181 _____ () C:\Users\Ronni\AppData\Local\recently-used.xbel2018-07-02 00:17 - 2018-07-02 00:17 - 000007619 _____ () C:\Users\Ronni\AppData\Local\Resmon.ResmonCfg2015-05-06 06:41 - 2015-05-06 06:41 - 000000000 _____ () C:\Users\Ronni\AppData\Local\{9B55C868-A811-4259-B666-425A66D9BAD2}==================== Bamital & volsnap ======================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\wininit.exe => File is digitally signedC:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\SysWOW64\explorer.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\SysWOW64\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\SysWOW64\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\SysWOW64\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\dnsapi.dll => File is digitally signedC:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2018-07-21 14:01==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Ronni (20-10-2018 17:00:13)Running from C:\Users\Ronni\DesktopWindows 10 Home Version 1803 17134.345 (X64) (2018-07-21 19:33:47)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-1741139138-458572066-732062563-500 - Administrator - Disabled)DefaultAccount (S-1-5-21-1741139138-458572066-732062563-503 - Limited - Disabled)Guest (S-1-5-21-1741139138-458572066-732062563-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1741139138-458572066-732062563-1002 - Limited - Enabled)Ronni (S-1-5-21-1741139138-458572066-732062563-1000 - Administrator - Enabled) => C:\Users\RonniWDAGUtilityAccount (S-1-5-21-1741139138-458572066-732062563-504 - Limited - Disabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.6.2349 - AVAST Software)Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 69.1.852.100 - AVAST Software)Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.141.333 - AVAST Software) HiddenBamboo (HKLM-x32\...\Pen Tablet Driver) (Version: - Wacom Technology Corp.)Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) HiddenDiscord (HKU\S-1-5-21-1741139138-458572066-732062563-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)Driver Easy 5.6.5 (HKLM\...\DriverEasy_is1) (Version: 5.6.5 - Easeware)Dropbox (HKLM-x32\...\Dropbox) (Version: 59.4.93 - Dropbox, Inc.)Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) HiddenFast Food Tycoon 2 (HKLM-x32\...\Fast Food Tycoon 2) (Version: - )FireAlpaca 1.4.1 (HKLM-x32\...\FireAlpaca_is1) (Version: 1.4.1 - firealpaca.com)GIGABYTE OC_GURU II (HKLM-x32\...\{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.69.0000 - GIGABYTE Technology Co.,Ltd.) HiddenGIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.69.0000 - GIGABYTE Technology Co.,Ltd.)GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) HiddenIntel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )LogMeIn Hamachi (HKLM-x32\...\{892DB406-ADF8-4C30-9840-8438AF5B8763}) (Version: 2.2.0.607 - LogMeIn, Inc.) HiddenLogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.607 - LogMeIn, Inc.)Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-1741139138-458572066-732062563-1000\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMovie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMozilla Firefox 62.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x64 en-US)) (Version: 62.0.3 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.2 - Mozilla)Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.60.14 - Black Tree Gaming)Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)OpenIV (HKU\S-1-5-21-1741139138-458572066-732062563-1000\...\OpenIV) (Version: 3.0.1005 - .black/OpenIV Team)OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) HiddenPicasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.0 - Rockstar Games)RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) HiddenSHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.3.5 - NVIDIA Corporation) HiddenSketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)Skype Web Plugin (HKLM-x32\...\{F7C13D74-E0FD-4A76-896A-E8687769767D}) (Version: 7.5.0.127 - Skype Technologies S.A.)Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenUpdate for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{8CFAB044-7D2E-4655-B86D-99932E988980}) (Version: 2.45.0.0 - Microsoft Corporation)UpdateAssistant (HKLM\...\{57D07AAD-97E2-4E16-89C4-1A3C51BC9C98}) (Version: 1.16.0.0 - Microsoft Corporation) HiddenVegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) HiddenWindows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-1741139138-458572066-732062563-1000_Classes\CLSID\{0825CC0E-34BD-4FE4-B78D-EF6582A94B6A}\InprocServer32 -> C:\Users\Ronni\AppData\Local\SkypePlugin\7.5.0.127\GatewayActiveX-x64.dll (Skype Technologies S.A.)CustomCLSID: HKU\S-1-5-21-1741139138-458572066-732062563-1000_Classes\CLSID\{8E00BFA9-1C7B-4E45-BF2F-0FAEA236E1CC}\localserver32 -> C:\Users\Ronni\AppData\Local\SkypePlugin\7.5.0.127\GatewayVersion-x64.exe (Skype Technologies S.A.)CustomCLSID: HKU\S-1-5-21-1741139138-458572066-732062563-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Ronni\AppData\Local\SkypePlugin\7.5.0.127\EdgeCalling.exe (Skype Technologies S.A.)ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-27] (AVAST Software)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-27] (AVAST Software)ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-27] (AVAST Software)ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-27] (AVAST Software)ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No FileContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No FileContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No FileContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-06-18] (Intel Corporation)ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-09-05] (NVIDIA Corporation)ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-27] (AVAST Software)ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No FileContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {03C26E38-4DA5-40B7-9BE3-B9428D9C28FA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTIONTask: {0400FD59-B551-45E5-9D3A-AACF9725850B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTIONTask: {05D2E832-571B-4C78-84BA-8DAB4400C565} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTIONTask: {07904F81-3ECD-4549-A7A2-B1CBAC5CFACB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exeTask: {07E4E9D3-5FA9-47A7-BBB7-EFF7C5E09A89} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exeTask: {0E63F4E0-3E2B-4DC9-BC1C-9D987CACE6C4} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2018-09-03] (Easeware)Task: {210B5B84-2CE8-479D-9AC4-08B472DD1A78} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)Task: {21F15E8C-3E77-41A0-AD1E-E69FF8E79AC5} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exeTask: {26EEB5E1-9D8E-472C-9659-3FAD62AC08A0} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-28] (AVAST Software)Task: {36857B29-A57D-4394-AF24-E1D62B7E90D1} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exeTask: {383D469B-CD2B-4727-8A0B-4A84E84B4EFA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-09-17] (AVAST Software)Task: {3FF0661D-51B4-4397-9C82-1D82275C1C7B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTIONTask: {45CAA8B7-7CB3-42B4-B27C-4D69EFB48DDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-04] (Google Inc.)Task: {4826F2A2-A377-4BBD-AC4E-40C16C4D936E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-14] (Dropbox, Inc.)Task: {4980D52A-EBF5-49EB-8374-736392387031} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-04] (Google Inc.)Task: {4F508E27-6D80-4FAB-95F0-49562DA468BB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTIONTask: {5E514F19-CAC5-4245-8A6E-F102629A4039} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-27] (AVAST Software)Task: {5ED2D5AA-616D-47ED-B04B-175E89924617} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTIONTask: {60EE9522-F0AC-4DBD-BF69-82F1189DD5E7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exeTask: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()Task: {672E94AA-BEE4-43B0-8FF0-B0E0CCC87266} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exeTask: {6A5F364A-4CF0-4DF6-ABCE-EBE061D0BC31} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTIONTask: {6B601591-2BE2-41A0-ABB0-2D9C9AE92576} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-14] (Dropbox, Inc.)Task: {6E37FBBB-BAB1-4777-AF10-A1E283E02621} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe [2018-09-10] (Adobe Systems Incorporated)Task: {76DF76F7-F1E7-4089-BBCE-4C44B25BEC0D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTIONTask: {7841D080-5CB9-426B-9A40-98F44938393A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exeTask: {7848A121-49E8-414C-9647-679384AD8124} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exeTask: {7CD4C9EC-9075-4CEC-8094-0C0233FC1798} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTIONTask: {7EC3B3A2-5D86-4B86-95EB-D54DEB3F063F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exeTask: {804BB59C-AA40-4AC1-8BC0-9B562051C826} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTIONTask: {87464A16-91A7-431B-B954-508F9559568E} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTIONTask: {88D75001-CDB7-4764-B17E-104F3BCAC6E0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exeTask: {8AF4C0C9-99FA-4544-99C5-EC0BA1F7A357} - System32\Tasks\XboxStatTask => C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exeTask: {8B6E17F4-0907-4011-BCC4-84BC3727771B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTIONTask: {8BA3DD46-A6CB-47DD-8741-AB141D494812} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exeTask: {94F49082-3CAC-49B8-A504-DA6CDA199002} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTIONTask: {970721DC-45A9-4622-9B01-AEAACB61CD99} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exeTask: {9901F9B9-6260-47ED-92CF-C2B491D8352C} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTIONTask: {A3D10999-6105-4AF4-95A4-28B3E45ADC4C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTIONTask: {A67FBF35-8F5F-48FC-9459-9DAABF59E53F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exeTask: {A686681C-D962-4C59-9A3A-A8ACE9402C11} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exeTask: {AAB7E564-7FE9-407D-89E2-E64AE35B1C55} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exeTask: {AAEDA0B8-3C6E-4E74-B881-354EA74CFEB3} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-28] (AVAST Software)Task: {BC897ED4-FC38-4721-AA9E-C6D7C18A7C3C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exeTask: {BD565382-80C4-4362-ABC5-BFF9BAD468B6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exeTask: {BE3BF75B-6012-44F3-A157-47758737BB80} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exeTask: {BE626DD0-952E-4A76-A8EC-7EBCCEDF511D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exeTask: {BF39DD84-369D-44F1-9A2B-CADEF2301089} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exeTask: {D134A80B-257A-491A-B507-6B4E24F904FA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exeTask: {D341ACA5-A343-4672-882C-4D2617333B33} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)Task: {DE0EC2FF-4F76-4AEE-A6D4-5F93BFC0E5B1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTIONTask: {E0F6BF95-BA73-47ED-AD5C-8CD310B0E5F7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exeTask: {E81ECAD7-B203-4636-A010-589F1CE61333} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exeTask: {F03BF10C-896C-401E-9085-37935B09501B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exeTask: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exeTask: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe==================== Shortcuts & WMI ========================(The entries could be listed to be restored or removed.)==================== Loaded Modules (Whitelisted) ==============2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll2016-10-05 19:17 - 2016-10-05 19:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2016-11-17 02:28 - 2016-11-17 02:28 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2018-10-03 18:34 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll2014-05-12 04:49 - 2014-05-12 04:49 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll2018-10-10 04:53 - 2018-09-19 22:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll2018-10-16 06:57 - 2018-10-16 06:57 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.32.55.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll2018-10-16 06:57 - 2018-10-16 06:57 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.32.55.0_x64__kzf8qxf38zg5c\ChakraBridge.dll2018-10-16 06:57 - 2018-10-16 06:57 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.32.55.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe2018-10-16 06:57 - 2018-10-16 06:58 - 004183040 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe2018-09-25 19:14 - 2018-09-25 19:14 - 004472952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll2018-09-12 18:50 - 2018-09-12 18:50 - 035124736 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe2018-09-12 18:50 - 2018-09-12 18:50 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\SharedUI.dll2018-09-12 18:50 - 2018-09-12 18:50 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntCommon.dll2018-06-18 00:02 - 2018-06-18 00:03 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll2018-09-12 18:50 - 2018-09-12 18:50 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntPlat.dll2018-09-18 20:06 - 2018-09-15 03:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll2018-09-18 20:06 - 2018-09-15 03:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll2015-04-13 18:19 - 2016-05-02 01:02 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll2018-06-18 08:44 - 2018-06-18 08:44 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2018-08-27 09:54 - 2018-08-27 09:54 - 000575704 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"==================== Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 21:34 - 2018-09-04 09:31 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-1741139138-458572066-732062563-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ronni\Pictures\Picasa\Screen Captures\Fullscreen capture 10202016 53548 PM.bmp.jpgDNS Servers: 192.168.1.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==If an entry is included in the fixlist, it will be removed.HKLM\...\StartupApproved\Run32: => "Dropbox"HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"HKU\S-1-5-21-1741139138-458572066-732062563-1000\...\StartupApproved\Run: => "Skype"HKU\S-1-5-21-1741139138-458572066-732062563-1000\...\StartupApproved\Run: => "Steam"==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [{2F1B5C86-2513-424C-9A84-123C413244DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exeFirewallRules: [{509117EE-3528-4919-855C-861E37733BB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exeFirewallRules: [{11516216-CF32-4E94-BB1D-6519BCA84008}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exeFirewallRules: [{0296C5BB-8F79-4DE6-AA7E-0359409C0201}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exeFirewallRules: [{82C27039-F1F9-4156-8D7E-5069A1AFBF84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exeFirewallRules: [{2244774C-E07A-4254-BF53-3044D64DD1C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exeFirewallRules: [{F0B4F01A-A5FA-447B-B398-1B0E6F8FF8EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exeFirewallRules: [{8F484564-E258-4E5B-B519-278306E1823C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exeFirewallRules: [{7F93058F-1EC6-4283-B130-DC177A288C5C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exeFirewallRules: [{38BC5751-26A4-4E61-8ED9-1F2C97C5D67C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exeFirewallRules: [{1A82636D-BD3A-4110-95B6-57FAC722F5F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exeFirewallRules: [{69E2DFBA-23FA-45DF-A5CF-14B9310D548B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exeFirewallRules: [{3C3A304E-9594-4551-842A-4FCA08D55108}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{A837EF5B-B415-4675-BEBA-3FFD242A8756}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{E624374A-8823-415A-A741-39C540D00828}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{6224C4D6-45E7-4FAD-B776-957362146C89}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{13099D20-B5FC-4ED0-A4E6-0C5F583EBFEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exeFirewallRules: [{53CE39DE-6B18-4B2F-886F-3DD4A133A1BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exeFirewallRules: [{92909CFB-BFF7-4760-97CF-64A87FA29535}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exeFirewallRules: [{D9E4D8AC-3A91-4E38-ABC8-0A484DF640E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exeFirewallRules: [TCP Query User{FDA9DEDE-49F5-457A-82D4-6415EF1E1E20}C:\users\ronni\desktop\gaurodan.exe] => (Block) C:\users\ronni\desktop\gaurodan.exeFirewallRules: [UDP Query User{90182EA3-731B-4064-B134-260D26C20D17}C:\users\ronni\desktop\gaurodan.exe] => (Block) C:\users\ronni\desktop\gaurodan.exeFirewallRules: [TCP Query User{12FCC8C9-A361-48EC-ABC6-390F1A1B1EE5}C:\users\ronni\appdata\local\temp\7zoeacd.tmp\gaurodan.exe] => (Allow) C:\users\ronni\appdata\local\temp\7zoeacd.tmp\gaurodan.exeFirewallRules: [UDP Query User{1299159B-24C8-43A0-96F0-936A34EDE55D}C:\users\ronni\appdata\local\temp\7zoeacd.tmp\gaurodan.exe] => (Allow) C:\users\ronni\appdata\local\temp\7zoeacd.tmp\gaurodan.exeFirewallRules: [TCP Query User{EF4DC82A-A39B-4E40-A8AE-38207A42DF5A}C:\users\ronni\appdata\local\temp\7zo87e7.tmp\gaurodan.exe] => (Allow) C:\users\ronni\appdata\local\temp\7zo87e7.tmp\gaurodan.exeFirewallRules: [UDP Query User{975FB142-9463-45E9-BC7D-87E2D6F70AF0}C:\users\ronni\appdata\local\temp\7zo87e7.tmp\gaurodan.exe] => (Allow) C:\users\ronni\appdata\local\temp\7zo87e7.tmp\gaurodan.exeFirewallRules: [TCP Query User{16441C7B-9C79-4EF3-835F-7D2D31EE7A8A}C:\users\ronni\appdata\local\temp\7zo14da.tmp\gaurodan.exe] => (Allow) C:\users\ronni\appdata\local\temp\7zo14da.tmp\gaurodan.exeFirewallRules: [UDP Query User{17E561B2-34EC-4144-AEEF-A2F735552663}C:\users\ronni\appdata\local\temp\7zo14da.tmp\gaurodan.exe] => (Allow) C:\users\ronni\appdata\local\temp\7zo14da.tmp\gaurodan.exeFirewallRules: [{58B887E6-F53C-459B-A378-D0EEAEC0E644}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{77FE59A2-B633-4E1D-95AC-14E7A4337734}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{3C0D462F-9AFD-4C1C-8E87-5B9ADCB02321}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{C274BDB6-11E4-4331-8E88-2E7EEF8469E2}] => (Allow) LPort=2869FirewallRules: [{310E61A6-34D4-4FF9-B2F5-19A11D477A66}] => (Allow) LPort=1900FirewallRules: [{F6235AB5-3C04-4DFB-AA60-AD8DFC6B3A7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exeFirewallRules: [{C5C31392-4CDD-402D-A38D-19AE1B2D8161}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exeFirewallRules: [{FF8AF3E8-C3EF-4BEF-869D-FF47AC91EAD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exeFirewallRules: [{C9DC26C1-0F98-49F8-9521-DBA335E04ECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exeFirewallRules: [TCP Query User{13DB09ED-B0B5-47E1-BD62-5CFD952567BE}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exeFirewallRules: [UDP Query User{338FED2E-798E-4671-9BE5-33D6B0714409}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exeFirewallRules: [{131C12FB-14F8-4295-8FB6-B88826A0E7C6}] => (Allow) C:\Program Files (x86)\LINE\LINE.exeFirewallRules: [{6D1E19E2-C7BA-4229-A879-40FB2D792B1D}] => (Allow) C:\Program Files (x86)\LINE\LINE.exeFirewallRules: [{B31917D9-238F-4BD3-9184-9BBB761A88D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exeFirewallRules: [{AC6BB923-B214-4491-9BCD-8144B9E6B5EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exeFirewallRules: [TCP Query User{907186C5-E9D5-4307-9E53-62EA2B4E955D}C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exeFirewallRules: [UDP Query User{B40DB7E7-2FD4-412F-A64B-7F0EA808FA70}C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exeFirewallRules: [{EF9EBBD7-4652-4BC4-B28C-56E9C296C454}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exeFirewallRules: [{7AE3FCB5-B871-4279-9F4A-1243348710FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exeFirewallRules: [{BE3A48A5-4149-43E8-9CD8-6875AD42214E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exeFirewallRules: [{ADA2B02B-922F-4847-A0F2-0639A6DD5AFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exeFirewallRules: [TCP Query User{61A0D89A-DF99-4EEE-A8B8-112B69115822}C:\users\ronni\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe] => (Block) C:\users\ronni\appdata\local\skypeplugin\7.5.0.127\pluginhost.exeFirewallRules: [UDP Query User{E50F6E3D-DC84-442F-A2AB-9240784888A3}C:\users\ronni\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe] => (Block) C:\users\ronni\appdata\local\skypeplugin\7.5.0.127\pluginhost.exeFirewallRules: [{2A59D3FB-6BE6-4874-AFA1-29FCB9100428}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvilQuestInstall\EvilQuest.exeFirewallRules: [{E8FC7338-E60D-41C3-B7ED-B7F8961089B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvilQuestInstall\EvilQuest.exeFirewallRules: [{71F6EA73-275E-471B-BE0F-2FC1FB1A4559}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{52982342-B29F-4648-A2A4-E03B4578814D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{8BF873D4-0BEC-4910-B961-98E8C55A30CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{43FBC6EA-5F20-4D4F-B930-2547BC448205}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{800799FC-A81E-44E0-B520-765537F20B24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exeFirewallRules: [{35104063-E3F8-4675-89C4-808E6CCA7927}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exeFirewallRules: [{29955149-85D9-413F-B54F-BC3632A5ABE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exeFirewallRules: [{F1CC87D0-39FF-4F92-B361-018672E7D814}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exeFirewallRules: [{8DBC9FE4-4ABD-4C64-9C98-09B3785C5010}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exeFirewallRules: [{1E471BCE-2A78-4919-B656-E56C171ABAAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exeFirewallRules: [TCP Query User{768FB400-DBC4-4961-9B57-740B5948B6D0}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exeFirewallRules: [UDP Query User{27ED688D-BCC2-4E90-B033-6D02280B99A9}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exeFirewallRules: [{9DE83602-1468-4726-8EBA-152D3FB518DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exeFirewallRules: [{94F1BB50-B581-4942-B74D-5DF1DFAE498C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exeFirewallRules: [{21D63D9E-10D7-4E11-A363-B31B52756C9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exeFirewallRules: [{314898EC-B91B-4BF5-9750-38C132FE78D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exeFirewallRules: [{D9EFB42F-246C-49E7-B13D-BC6397D8062F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exeFirewallRules: [{88BBA4BC-41D7-45B1-B1CC-B401CB4B045B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exeFirewallRules: [{EDFE8C8E-CAB6-4E6B-B038-E633A5C13E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exeFirewallRules: [{40DB02C2-8A0A-4A2C-A9CD-9C08E2C00C01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exeFirewallRules: [{CF149A6D-EE28-4650-A724-5501EF96F75A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Danganronpa Trigger Happy Havoc\Launcher.exeFirewallRules: [{83FADA9A-8E83-46BF-A474-0B8A062E0747}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Danganronpa Trigger Happy Havoc\Launcher.exeFirewallRules: [{50719CE6-84E7-4024-A050-AD27AF0BEDBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exeFirewallRules: [{FD71E643-DAD7-4DFE-9C71-B8703EBFA9E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exeFirewallRules: [{DDC71545-B7D8-4BDA-AEA5-43F65093A1E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeFirewallRules: [{B1A0F058-3CF3-47DE-892B-1F349B4DDC9B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeFirewallRules: [{207B42A9-7E23-4A6E-BC99-A42F5D11CE1B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exeFirewallRules: [{E832818D-D0B6-43D4-8FC2-DC0A791B5B09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exeFirewallRules: [{90DC2EC2-E9D3-4406-9A28-557A4F07D5D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exeFirewallRules: [{A6563220-F19E-43F8-AA55-F28FF3CBA31F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\mod_uploader.exeFirewallRules: [{E705B6CE-E70F-42CE-B1E6-529DD3390AFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\mod_uploader.exeFirewallRules: [{2F40FEB6-1BB2-4B29-BAA4-FB465BBC2DB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exeFirewallRules: [{E2363E84-C892-447D-8956-C800F014D705}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exeFirewallRules: [{DED99C42-95D4-4FAC-A4BB-E73898FB4423}] => (Allow) C:\Users\Ronni\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{1CFD7974-7C37-4DD8-8917-270D26FF1353}] => (Allow) C:\Users\Ronni\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{3E2E7161-DFFF-4543-B6B5-DC4150E59175}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exeFirewallRules: [{D624893B-2050-4BDC-907F-7A4687A0A789}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exeFirewallRules: [TCP Query User{10E3CAF9-2BA3-4784-9766-39E45E0B7835}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exeFirewallRules: [UDP Query User{2BCD894B-E854-4F99-8BD4-4168C743F5B1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exeFirewallRules: [{D1C7B7FD-BA45-4667-82A3-FD20356B53DE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exeFirewallRules: [{F1C6AEE4-6124-4E71-AE9E-3B6955513EAD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exeFirewallRules: [{B451B058-4BF3-48CF-A5DB-7CABFF4C2131}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{1086AAED-7E1E-4D7E-B9CB-A1CE61BEA3F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exeFirewallRules: [{062B933F-1E85-4F1A-BF08-F7BE41E089B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exeFirewallRules: [{A3366873-9096-48EF-A4DC-065DA9839441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed\AssassinsCreed_Game.exeFirewallRules: [{074DB985-4942-46DB-8B6A-150D35DF3CAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed\AssassinsCreed_Game.exeFirewallRules: [{F1C1334E-772F-450B-BEA8-D9B634C5D2E4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{9CE09F71-A0DE-4E65-A6E8-628466B77248}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mini Ninjas\ninja.exeFirewallRules: [{AF3BF0EC-3994-4F53-928B-ADBD998E2B04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mini Ninjas\ninja.exeFirewallRules: [{5AE5E0C6-E362-4A00-BAC6-5F18BE06D034}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exeFirewallRules: [{57916A37-0414-47F3-A969-412EB1C08262}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exeFirewallRules: [{2C7761FB-F00C-45AA-B978-9C658695A94A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exeFirewallRules: [{DEF98F80-6A2C-4950-A366-6E8F8A09D628}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exeFirewallRules: [{227007B2-CAEE-4C24-B13C-D6E82C1E1708}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exeFirewallRules: [{46671EAA-99AB-4FA2-97C9-9EEA5A2F251C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exeFirewallRules: [{F48C730B-DE4F-46AC-B3A5-DEAF91E757F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exeFirewallRules: [{0A7453E4-5E8B-47A2-87D1-8781296F8D52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exeFirewallRules: [{80DA507D-61F7-4E12-929F-A85DA706856A}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exeFirewallRules: [{E8640B90-1DC0-46C7-BF7D-FF446811F776}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exeFirewallRules: [{1DD27192-9E35-4B9F-8C5E-5EE083D70DAB}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exeFirewallRules: [{CCD85DB5-DEBC-4ED4-8625-E0F410CE71EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{63ABFBA9-3E49-47C5-8D2E-DC54A2074E9D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exeFirewallRules: [{08005395-583B-4DB5-B11A-AFAC13182544}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exeFirewallRules: [{154E7DA2-E052-494D-8CED-611333C7622D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exeFirewallRules: [{1941C2D4-B79B-451F-98FD-E05C01E718FD}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe==================== Restore Points =========================30-09-2018 11:12:22 Scheduled Checkpoint10-10-2018 01:47:42 Scheduled Checkpoint19-10-2018 09:50:17 Scheduled Checkpoint==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (10/20/2018 02:15:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 40797641Error: (10/20/2018 02:15:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 40797641Error: (10/20/2018 02:15:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (10/20/2018 02:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 40796219Error: (10/20/2018 02:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 40796219Error: (10/20/2018 02:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (10/20/2018 02:15:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 40794766Error: (10/20/2018 02:15:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 40794766System errors:=============Error: (10/20/2018 03:36:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID{D63B10C5-BB46-4990-A94F-E40B9D520160}and APPID{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.Error: (10/20/2018 02:58:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID{D63B10C5-BB46-4990-A94F-E40B9D520160}and APPID{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.Error: (10/20/2018 02:23:34 PM) (Source: DCOM) (EventID: 10016) (User: Kzo)Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID{D63B10C5-BB46-4990-A94F-E40B9D520160}and APPID{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}to the user Kzo\Ronni SID (S-1-5-21-1741139138-458572066-732062563-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.Error: (10/20/2018 02:17:32 PM) (Source: DCOM) (EventID: 10016) (User: Kzo)Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID{D63B10C5-BB46-4990-A94F-E40B9D520160}and APPID{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}to the user Kzo\Ronni SID (S-1-5-21-1741139138-458572066-732062563-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.Error: (10/19/2018 10:49:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID{D63B10C5-BB46-4990-A94F-E40B9D520160}and APPID{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.Error: (10/19/2018 10:45:36 PM) (Source: DCOM) (EventID: 10016) (User: Kzo)Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID{D63B10C5-BB46-4990-A94F-E40B9D520160}and APPID{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}to the user Kzo\Ronni SID (S-1-5-21-1741139138-458572066-732062563-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.Error: (10/19/2018 10:43:33 PM) (Source: DCOM) (EventID: 10016) (User: Kzo)Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID{D63B10C5-BB46-4990-A94F-E40B9D520160}and APPID{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}to the user Kzo\Ronni SID (S-1-5-21-1741139138-458572066-732062563-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.Error: (10/19/2018 10:39:09 PM) (Source: DCOM) (EventID: 10016) (User: Kzo)Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID{D63B10C5-BB46-4990-A94F-E40B9D520160}and APPID{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}to the user Kzo\Ronni SID (S-1-5-21-1741139138-458572066-732062563-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.CodeIntegrity:===================================Date: 2018-10-20 15:55:44.008Description:Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.Date: 2018-10-20 14:23:42.485Description:Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.Date: 2018-10-20 14:23:42.328Description:Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.Date: 2018-10-20 14:23:42.178Description:Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.Date: 2018-10-20 14:23:40.725Description:Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.Date: 2018-10-19 09:32:08.984Description:Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.Date: 2018-10-18 13:29:17.713Description:Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.Date: 2018-10-18 09:28:41.600Description:Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.==================== Memory info ===========================Processor: Intel® Core i5-4690 CPU @ 3.50GHzPercentage of memory in use: 48%Total physical RAM: 8053.29 MBAvailable physical RAM: 4128.63 MBTotal Virtual: 16245.29 MBAvailable Virtual: 10458.96 MB==================== Drives ================================Drive c: () (Fixed) (Total:930.97 GB) (Free:486.82 GB) NTFS\\?\Volume{d4c371cd-d871-11e4-982f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS\\?\Volume{24e7a045-0000-0000-0000-a0c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 24E7A045)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=450 MB) - (Type=27)==================== End of Addition.txt ============================