Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possibly infected[2]

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possibly infected[2]

Unread postby OrangeRanger » October 23rd, 2017, 6:38 am

This is my 2nd thread, please close the original one. I removed all cracked content, and P2P programs from my computer. There's a folder that you'll see under "One Month Modified filed and folder". I tried removing all contents but I don't have permission to do it, I changed ownership and tried using unlocker, even tried to force it via cmd, but I cannot remove that folder. Maybe I could get some assistance with that?

===================================================================================================================================================
Hey I noticed that one of my online accounts was compromised and I got a bit paranoid. I've been using MWB for years and open anything suspicious in a sandbox before I run it on my computer. I have very safe online habits, but I haven't had any professional help for years. I'm sure my account was compromised due to it being cracked, rather than my computer having anything malicious on it, but I'd rather be safe than sorry.
You do not have the required permissions to view the files attached to this post.
OrangeRanger
Regular Member
 
Posts: 19
Joined: October 23rd, 2017, 5:06 am
Advertisement
Register to Remove

Re: Possibly infected[2]

Unread postby pgmigg » October 23rd, 2017, 9:44 am

Hello OrangeRanger,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Possibly infected[2]

Unread postby pgmigg » October 23rd, 2017, 12:05 pm

Hello OrangeRanger,

P2P Advisory!
IMPORTANT: There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
µTorrent

As long as you have the P2P program(s) installed, per Forum Policy,
I can offer you no further assistance
.

If you choose NOT to remove the program(s), please indicate that in your next reply and this topic will be closed.

Otherwise, please perform the following steps:

Step 1.
Remove P2P Program
  1. Please press the Windows Key + R.
  2. Enter appwiz.cpl into the text box and click OK.
  3. Locate the following programs:
    µTorrent
  4. Click on the Change/Remove button to uninstall it.
  5. When the program have been uninstalled, please close Control Panel
  6. Reboot (restart) your computer.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program itself may be safe but the files may not - use P2P at your own risk!
Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step 2.
Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 3.
Fresh FRST64 Scan
You should still have FRST64.exe on your Desktop.
  1. Please close all open programs and windows.
  2. Right-click FRST64.exe and select "Run as administrator..." to run it.
  3. When the tool opens click Yes to the disclaimer if it is occurred.
  4. Please be sure that 90 Days Files check box under Optional Scan section is checked.
  5. Please be sure that Addition.txt check box under Optional Scan section is checked.
  6. Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
  7. Please post the content of the both FRST.txt and Addition.txt in your next reply.

Then:
Please tell me is this computer used for business or educational purposes and/or connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Your decision about P2P programs
  2. Do you have any problems executing the instructions?
  3. Contents of CKFiles.txt log file
  4. Contents of the FRST.txt log file after fresh FRST scan
  5. Contents of the Addition.txt log file after fresh FRST scan
  6. Answer to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Possibly infected[2]

Unread postby OrangeRanger » October 24th, 2017, 9:30 pm

Your decision about P2P programs: I removed it as you requested
Do you have any problems executing the instructions?: No.
Contents of CKFiles.txt log file: Read below.
Contents of the FRST.txt log file after fresh FRST scan: In the post below.
Contents of the Addition.txt log file after fresh FRST scan: In the post below.
Answer to my question related to type of using of your computer: It's a personal computer, connected to my home network.

Code: Select all
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.SEEMUA
 ----- EOF ----- 
OrangeRanger
Regular Member
 
Posts: 19
Joined: October 23rd, 2017, 5:06 am

Re: Possibly infected[2]

Unread postby OrangeRanger » October 24th, 2017, 9:31 pm

FRST.txt and Additional.txt are attached to this post, I couldn't post either of them due to the charlimit.
You do not have the required permissions to view the files attached to this post.
OrangeRanger
Regular Member
 
Posts: 19
Joined: October 23rd, 2017, 5:06 am

Re: Possibly infected[2]

Unread postby pgmigg » October 24th, 2017, 11:22 pm

Hello OrangeRanger,

OrangeRanger wrote:FRST.txt and Additional.txt are attached to this post, I couldn't post either of them due to the charlimit.

pgmigg wrote:Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!
Please, next time, be more careful and follow my instructions literally. In all your answers, you are not limited in quantity of sections for your post - no more attachments please.

Well, let start our treatment.

Step 1.
Create a System Restore Point
  1. Right-click on the Start button and select System.
  2. In the left pane, click System protection. If UAC prompts, allow it. The separate window System Properties will be opened on System Protection tab.
  3. Under Protection Settings select disk C:, then click on Configure... button below.
  4. Click on Turn on system protection.
  5. Under Disk Space Usage adjust Max Usage to 5%.
  6. Click Apply, then OK buttons.
  7. Click Create... button.
  8. In the System Protection dialog box, type a description, then click Create.
    A Restore Point will be created and you should receive a message: "The restore point was created successfully."
  9. Click Close and exit.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Create a Backup With Tweaking.com Registry Backup (TCRB)
There is also a tutorial with pictures available HERE.
  1. Please download TCRB from HERE and save it to your Desktop.
  2. Double-click on tweaking.com_registry_backup_setup.exe and follow the prompts to install TCRB.
  3. Launch TCRB.
  4. Click the Backup Registry tab and make sure all the boxes are checked.
  5. Click on Backup Now.
  6. Once the backup is finished you can now exit the program.
< STOP > Do not proceed any further if you were not able to create a registry backup. Post back with what happened so we can determine why it was unsuccessful.

Step 3.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Please press the Windows Key + R.
  4. Type notepad.exe into the text box and click OK.
  5. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    HKLM-x32\...\Run: [] => [X]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    GroupPolicy: Restriction <==== ATTENTION
    GroupPolicyUsers\S-1-5-21-3154826165-2591789761-3766887662-1020\User: Restriction <==== ATTENTION
    Toolbar: HKU\S-1-5-21-3154826165-2591789761-3766887662-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    2017-10-11 04:26 - 2017-10-11 04:38 - 000000000 ____D C:\Users\Lucas\AppData\LocalLow\BitTorrent
    2017-10-11 04:14 - 2017-10-11 04:15 - 000000000 ____D C:\Users\Lucas\Downloads\John.Wick.2014.1080p.BluRay.AC3.x264-tomcat12[ETRG]
    2017-10-11 04:12 - 2017-10-18 23:33 - 000000000 ____D C:\Users\Lucas\Downloads\John.Wick.Chapter.2.2017.1080p.WEB-DL.DD5.1.H264-FGT
    2017-10-10 14:13 - 2017-10-10 14:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2017-10-02 14:13 - 2017-10-17 20:07 - 000000000 ____D C:\Users\Lucas\Downloads\A Day To Remember-Common Courtesy
    2017-10-02 14:13 - 2017-10-02 14:14 - 000000000 ____D C:\Users\Lucas\Downloads\A Day To Remember - Bad Vibrations (Deluxe) (2016) [MP3~320Kbps]~[Hunter] [FRG]
    2017-10-02 14:12 - 2017-10-02 14:12 - 000000000 ____D C:\Users\Lucas\Downloads\NF - Therapy Session (2016)~[MP3~320kbps]~[Hunter] [FRG]
    2017-10-02 14:12 - 2017-10-02 14:12 - 000000000 ____D C:\Users\Lucas\Downloads\NF - Mansion (2015) [MP3~320Kbps]~[Hunter] [FRG]
    2017-10-01 21:27 - 2017-10-03 21:36 - 000000000 ____D C:\Users\Lucas\AppData\Local\Alt1Toolkit
    2017-10-01 21:27 - 2017-10-01 21:27 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps
    2017-09-28 23:20 - 2017-09-28 23:21 - 000000000 ____D C:\Users\Lucas\OSBuddy
    2017-09-28 16:10 - 2017-10-12 19:59 - 000000000 ____D C:\Program Files\rempl
    2017-09-27 22:55 - 2017-09-27 22:55 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape
    2017-09-22 04:27 - 2017-09-22 04:27 - 000000000 ____D C:\Users\Lucas\Downloads\The.Hitmans.Bodyguard.2017.WEBRip.x264-FGT
    2017-09-22 04:26 - 2017-09-22 04:26 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\dcunningham.net
    2017-09-22 04:26 - 2017-09-22 04:26 - 000000000 ____D C:\Users\Lucas\AppData\Local\dcunningham.net
    2017-09-22 04:20 - 2017-09-22 04:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2017-09-22 04:12 - 2017-09-22 04:12 - 000000000 ____D C:\Users\Lucas\Downloads\The Hitmans Bodyguard 2017 720p BrRip x264 - CM
    2017-09-22 04:09 - 2017-09-22 04:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
    2017-09-22 04:09 - 2017-09-22 04:09 - 000000000 ____D C:\Program Files (x86)\ExpressVpn Tap Driver Win10
    2017-09-22 04:09 - 2017-09-22 04:09 - 000000000 ____D C:\Program Files (x86)\expressvpn
    2017-09-21 03:13 - 2017-09-21 03:23 - 000000000 ____D C:\Users\Lucas\Desktop\Aurora-master
    2017-09-19 21:32 - 2017-09-19 21:32 - 000000000 ____D C:\Users\Lucas\AppData\Local\CrashRpt
    Task: {07357B02-9DCB-4825-87A2-B4A76062DFB7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {1924AE72-870F-47CC-B6CC-5155B913EC50} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {1DC9F707-1D59-4053-9688-44F871B525CF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {2C350C65-6623-45E3-B19A-51A8F5870E44} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {2E530D42-E2C2-4DB8-9BB7-93975DE43405} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {3AC9D602-151A-4951-B754-E60AB3B4FC09} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {460DE789-B53E-4088-B913-98B86BC0FEC6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {63F9A26F-1FFE-42BF-98EC-CCBE71C65085} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {67BB6B4D-9DDE-46FA-BC8A-BBA2EC185C96} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {95FA2C0C-BD2D-4753-A7CB-4DC31034FED0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {A6ED3CA2-3657-4391-ACBA-84ACF7A42CD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {D4B40063-F209-4BDF-A245-C7321220B2BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    AlternateDataStreams: C:\Users\Lucas\AppData\Local\Temp:$DATA [16]
    FirewallRules: [{C00B72F6-8EEE-4ABB-8731-A15C782BE72E}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{6A7D1A9F-D7F2-41BB-9639-FCE9FA313F5B}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{F9CD2F70-DB5B-4FBA-B8FC-E8678DE3622A}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{6D5CD6D1-A81B-4818-AB72-A9E1FCABB509}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{BA34AC1F-8891-4A18-BD7A-BAD675D4EDB7}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{6ECFC39A-264D-4098-A60D-4F61FD306929}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{40B7A2A4-831F-47A7-A22B-696C2E98A8CF}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲敲瑳楷潮瑰楦瑬牥⹟硥e
    FirewallRules: [{8005D10A-1A36-4588-9189-1A08DD910AA0}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲楷潮瑰楦瑬牥⹟硥e
    FirewallRules: [{FF1F10AF-D0EC-4922-BCE4-1B70682B73E7}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲敲瑳楷潮瑰楦瑬牥攮數
    FirewallRules: [{D884B386-6771-47E1-9994-217FA2526758}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲楷潮瑰楦瑬牥攮數
    FirewallRules: [{217E358B-4D32-40C8-845D-0BE7647D1D01}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{786E5A88-6460-4530-8023-68A192053DFA}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{9ABC0BFB-4987-4EE2-BF8C-C02DFF566437}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{F9D9C4CF-D559-40AE-8C55-E29CDF13A989}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{71E9D19E-7B39-4D38-8358-A1BAA11C2EE9}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{5C98B787-3FCA-4F37-A90E-6619EBB3AA5C}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{060A6550-B73A-4A48-8C68-315EA0A13137}] => (Allow) LPort=1688
    
    C:\Users\Lucas\AppData\LocalLow\BitTorrent
    C:\Users\Lucas\AppData\Roaming\uTorrent
    C:\Users\Lucas\AppData\Roaming\BitTorrent
    
    EmptyTemp:
    CMD: ipconfig /flushdns
  6. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  7. Right click on FRST64.exe and select Run as administrator.
  8. Press the Fix button one time only and wait.
  9. When FRST finishes you will be prompted to reboot your computer. Click OK.
  10. Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step 4.
AdwCleaner - Scan Only
  1. Please download AdwCleaner (today it is a version 7.0.3.1) and save it to your Desktop.
  2. Close all open programs and windows so that you are at your Desktop.
  3. Right click on adwcleaner.exee and click Run as administrator...
  4. Click on the Scan button.
  5. When the scan finishes, you'll see a message in the AdwCleaner window: "Waiting for action. Please uncheck elements you want to keep." Do not attempt to clean anything at this point!
  6. Click on Logfile button. The Log manager window will be opened.
  7. Double-click on a log file C:\...\AdwCleaner[S0].txt to open it. Copy and paste the contents of that log file in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the fixlog.txt log file
  3. Contents of the AdwCleaner[Sn].txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Possibly infected[2]

Unread postby OrangeRanger » October 24th, 2017, 11:42 pm

My apologies for the attachments.

Do you have any problems executing the instructions?: Nope, everything went smooth.
Do you see any changes in computer behavior?: Chrome loaded faster, and Windows loaded a bit faster too, but that would probably be from the 24GB of temp files being removed. (Jwing, are those mostly log files?)
Contents of the fixlog.txt log file:
Code: Select all
Fix result of Farbar Recovery Scan Tool (x64) Version: 23-10-2017 01
Ran by Lucas (24-10-2017 22:32:44) Run:1
Running from C:\Users\Lucas\Desktop
Loaded Profiles: Lucas (Available Profiles: Lucas & Luucas & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3154826165-2591789761-3766887662-1020\User: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-3154826165-2591789761-3766887662-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
2017-10-11 04:26 - 2017-10-11 04:38 - 000000000 ____D C:\Users\Lucas\AppData\LocalLow\BitTorrent
2017-10-11 04:14 - 2017-10-11 04:15 - 000000000 ____D C:\Users\Lucas\Downloads\John.Wick.2014.1080p.BluRay.AC3.x264-tomcat12[ETRG]
2017-10-11 04:12 - 2017-10-18 23:33 - 000000000 ____D C:\Users\Lucas\Downloads\John.Wick.Chapter.2.2017.1080p.WEB-DL.DD5.1.H264-FGT
2017-10-10 14:13 - 2017-10-10 14:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-10-02 14:13 - 2017-10-17 20:07 - 000000000 ____D C:\Users\Lucas\Downloads\A Day To Remember-Common Courtesy
2017-10-02 14:13 - 2017-10-02 14:14 - 000000000 ____D C:\Users\Lucas\Downloads\A Day To Remember - Bad Vibrations (Deluxe) (2016) [MP3~320Kbps]~[Hunter] [FRG]
2017-10-02 14:12 - 2017-10-02 14:12 - 000000000 ____D C:\Users\Lucas\Downloads\NF - Therapy Session (2016)~[MP3~320kbps]~[Hunter] [FRG]
2017-10-02 14:12 - 2017-10-02 14:12 - 000000000 ____D C:\Users\Lucas\Downloads\NF - Mansion (2015) [MP3~320Kbps]~[Hunter] [FRG]
2017-10-01 21:27 - 2017-10-03 21:36 - 000000000 ____D C:\Users\Lucas\AppData\Local\Alt1Toolkit
2017-10-01 21:27 - 2017-10-01 21:27 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps
2017-09-28 23:20 - 2017-09-28 23:21 - 000000000 ____D C:\Users\Lucas\OSBuddy
2017-09-28 16:10 - 2017-10-12 19:59 - 000000000 ____D C:\Program Files\rempl
2017-09-27 22:55 - 2017-09-27 22:55 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape
2017-09-22 04:27 - 2017-09-22 04:27 - 000000000 ____D C:\Users\Lucas\Downloads\The.Hitmans.Bodyguard.2017.WEBRip.x264-FGT
2017-09-22 04:26 - 2017-09-22 04:26 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\dcunningham.net
2017-09-22 04:26 - 2017-09-22 04:26 - 000000000 ____D C:\Users\Lucas\AppData\Local\dcunningham.net
2017-09-22 04:20 - 2017-09-22 04:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-09-22 04:12 - 2017-09-22 04:12 - 000000000 ____D C:\Users\Lucas\Downloads\The Hitmans Bodyguard 2017 720p BrRip x264 - CM
2017-09-22 04:09 - 2017-09-22 04:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2017-09-22 04:09 - 2017-09-22 04:09 - 000000000 ____D C:\Program Files (x86)\ExpressVpn Tap Driver Win10
2017-09-22 04:09 - 2017-09-22 04:09 - 000000000 ____D C:\Program Files (x86)\expressvpn
2017-09-21 03:13 - 2017-09-21 03:23 - 000000000 ____D C:\Users\Lucas\Desktop\Aurora-master
2017-09-19 21:32 - 2017-09-19 21:32 - 000000000 ____D C:\Users\Lucas\AppData\Local\CrashRpt
Task: {07357B02-9DCB-4825-87A2-B4A76062DFB7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1924AE72-870F-47CC-B6CC-5155B913EC50} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1DC9F707-1D59-4053-9688-44F871B525CF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2C350C65-6623-45E3-B19A-51A8F5870E44} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2E530D42-E2C2-4DB8-9BB7-93975DE43405} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {3AC9D602-151A-4951-B754-E60AB3B4FC09} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {460DE789-B53E-4088-B913-98B86BC0FEC6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {63F9A26F-1FFE-42BF-98EC-CCBE71C65085} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {67BB6B4D-9DDE-46FA-BC8A-BBA2EC185C96} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {95FA2C0C-BD2D-4753-A7CB-4DC31034FED0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A6ED3CA2-3657-4391-ACBA-84ACF7A42CD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D4B40063-F209-4BDF-A245-C7321220B2BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Lucas\AppData\Local\Temp:$DATA [16]
FirewallRules: [{C00B72F6-8EEE-4ABB-8731-A15C782BE72E}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6A7D1A9F-D7F2-41BB-9639-FCE9FA313F5B}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F9CD2F70-DB5B-4FBA-B8FC-E8678DE3622A}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6D5CD6D1-A81B-4818-AB72-A9E1FCABB509}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BA34AC1F-8891-4A18-BD7A-BAD675D4EDB7}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6ECFC39A-264D-4098-A60D-4F61FD306929}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{40B7A2A4-831F-47A7-A22B-696C2E98A8CF}] => (Allow) ????????????????????????????e
FirewallRules: [{8005D10A-1A36-4588-9189-1A08DD910AA0}] => (Allow) ??????????????????????????e
FirewallRules: [{FF1F10AF-D0EC-4922-BCE4-1B70682B73E7}] => (Allow) ????????????????????????????
FirewallRules: [{D884B386-6771-47E1-9994-217FA2526758}] => (Allow) ??????????????????????????
FirewallRules: [{217E358B-4D32-40C8-845D-0BE7647D1D01}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{786E5A88-6460-4530-8023-68A192053DFA}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9ABC0BFB-4987-4EE2-BF8C-C02DFF566437}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F9D9C4CF-D559-40AE-8C55-E29CDF13A989}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{71E9D19E-7B39-4D38-8358-A1BAA11C2EE9}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5C98B787-3FCA-4F37-A90E-6619EBB3AA5C}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{060A6550-B73A-4A48-8C68-315EA0A13137}] => (Allow) LPort=1688

C:\Users\Lucas\AppData\LocalLow\BitTorrent
C:\Users\Lucas\AppData\Roaming\uTorrent
C:\Users\Lucas\AppData\Roaming\BitTorrent

EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3154826165-2591789761-3766887662-1020\User => moved successfully
HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
C:\Users\Lucas\AppData\LocalLow\BitTorrent => moved successfully
C:\Users\Lucas\Downloads\John.Wick.2014.1080p.BluRay.AC3.x264-tomcat12[ETRG] => moved successfully
C:\Users\Lucas\Downloads\John.Wick.Chapter.2.2017.1080p.WEB-DL.DD5.1.H264-FGT => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype => moved successfully
C:\Users\Lucas\Downloads\A Day To Remember-Common Courtesy => moved successfully
C:\Users\Lucas\Downloads\A Day To Remember - Bad Vibrations (Deluxe) (2016) [MP3~320Kbps]~[Hunter] [FRG] => moved successfully
C:\Users\Lucas\Downloads\NF - Therapy Session (2016)~[MP3~320kbps]~[Hunter] [FRG] => moved successfully
C:\Users\Lucas\Downloads\NF - Mansion (2015) [MP3~320Kbps]~[Hunter] [FRG] => moved successfully
C:\Users\Lucas\AppData\Local\Alt1Toolkit => moved successfully
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps => moved successfully
C:\Users\Lucas\OSBuddy => moved successfully
C:\Program Files\rempl => moved successfully
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape => moved successfully
C:\Users\Lucas\Downloads\The.Hitmans.Bodyguard.2017.WEBRip.x264-FGT => moved successfully
C:\Users\Lucas\AppData\Roaming\dcunningham.net => moved successfully
C:\Users\Lucas\AppData\Local\dcunningham.net => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN => moved successfully
C:\Users\Lucas\Downloads\The Hitmans Bodyguard 2017 720p BrRip x264 - CM => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN => moved successfully
C:\Program Files (x86)\ExpressVpn Tap Driver Win10 => moved successfully

"C:\Program Files (x86)\expressvpn" folder move:

Could not move "C:\Program Files (x86)\expressvpn" => Scheduled to move on reboot.

C:\Users\Lucas\Desktop\Aurora-master => moved successfully
C:\Users\Lucas\AppData\Local\CrashRpt => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07357B02-9DCB-4825-87A2-B4A76062DFB7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07357B02-9DCB-4825-87A2-B4A76062DFB7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1924AE72-870F-47CC-B6CC-5155B913EC50} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1924AE72-870F-47CC-B6CC-5155B913EC50} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DC9F707-1D59-4053-9688-44F871B525CF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DC9F707-1D59-4053-9688-44F871B525CF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C350C65-6623-45E3-B19A-51A8F5870E44} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C350C65-6623-45E3-B19A-51A8F5870E44} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E530D42-E2C2-4DB8-9BB7-93975DE43405} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E530D42-E2C2-4DB8-9BB7-93975DE43405} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3AC9D602-151A-4951-B754-E60AB3B4FC09} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AC9D602-151A-4951-B754-E60AB3B4FC09} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{460DE789-B53E-4088-B913-98B86BC0FEC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{460DE789-B53E-4088-B913-98B86BC0FEC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63F9A26F-1FFE-42BF-98EC-CCBE71C65085} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63F9A26F-1FFE-42BF-98EC-CCBE71C65085} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67BB6B4D-9DDE-46FA-BC8A-BBA2EC185C96} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67BB6B4D-9DDE-46FA-BC8A-BBA2EC185C96} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95FA2C0C-BD2D-4753-A7CB-4DC31034FED0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95FA2C0C-BD2D-4753-A7CB-4DC31034FED0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6ED3CA2-3657-4391-ACBA-84ACF7A42CD0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6ED3CA2-3657-4391-ACBA-84ACF7A42CD0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4B40063-F209-4BDF-A245-C7321220B2BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4B40063-F209-4BDF-A245-C7321220B2BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
C:\Users\Lucas\AppData\Local\Temp => ":$DATA" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C00B72F6-8EEE-4ABB-8731-A15C782BE72E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A7D1A9F-D7F2-41BB-9639-FCE9FA313F5B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9CD2F70-DB5B-4FBA-B8FC-E8678DE3622A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D5CD6D1-A81B-4818-AB72-A9E1FCABB509} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA34AC1F-8891-4A18-BD7A-BAD675D4EDB7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6ECFC39A-264D-4098-A60D-4F61FD306929} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40B7A2A4-831F-47A7-A22B-696C2E98A8CF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8005D10A-1A36-4588-9189-1A08DD910AA0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF1F10AF-D0EC-4922-BCE4-1B70682B73E7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D884B386-6771-47E1-9994-217FA2526758} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{217E358B-4D32-40C8-845D-0BE7647D1D01} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{786E5A88-6460-4530-8023-68A192053DFA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9ABC0BFB-4987-4EE2-BF8C-C02DFF566437} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9D9C4CF-D559-40AE-8C55-E29CDF13A989} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71E9D19E-7B39-4D38-8358-A1BAA11C2EE9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C98B787-3FCA-4F37-A90E-6619EBB3AA5C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{060A6550-B73A-4A48-8C68-315EA0A13137} => value removed successfully
"C:\Users\Lucas\AppData\LocalLow\BitTorrent" => not found.
"C:\Users\Lucas\AppData\Roaming\uTorrent" => not found.
"C:\Users\Lucas\AppData\Roaming\BitTorrent" => not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 135358917 B
Java, Flash, Steam htmlcache => 519386913 B
Windows/system/drivers => 187766 B
Edge => 0 B
Chrome => 656850107 B
Firefox => 9162966 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6144 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 4530 B
NetworkService => 198284 B
Lucas => 23312650163 B
purpl => 143892972 B
DefaultAppPool => 0 B

RecycleBin => 869446455 B
EmptyTemp: => 23.9 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-10-2017 22:34:14)

C:\Program Files (x86)\expressvpn => Is moved successfully

==== End of Fixlog 22:34:14 ====


Contents of the AdwCleaner[Sn].txt log file:
Code: Select all
# AdwCleaner 7.0.3.1 - Logfile created on Wed Oct 25 03:37:47 2017
# Updated on 2017/29/09 by Malwarebytes 
# Database: 10-17-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\All Users\Documents\Downloaded Installers
PUP.Optional.Legacy, C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.SlimCleanerPlus, C:\Users\Lucas\AppData\Local\slimware utilities inc
PUP.Optional.SlimCleanerPlus, C:\Users\Lucas\AppData\Local\SlimWare Utilities Inc
PUP.Adware.Heuristic, C:\ProgramData\Service7609


***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\Lucas\Desktop\SysInfo.exe


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\Software\__SP__browser_name__SP__
PUP.Optional.Legacy, [Key] - HKCU\Software\__SP__browser_name__SP__
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\Software\winmnt
PUP.Optional.Legacy, [Key] - HKCU\Software\winmnt
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
PUP.Optional.SlimCleanerPlus, [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus, [Key] - HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\Software\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\SlimWare Utilities Inc


***** [ Firefox (and derivatives) ] *****

PUP.Optional.BrowseToSave, Plugin found: SaveFrom.net - helper - SaveFrom.net


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
OrangeRanger
Regular Member
 
Posts: 19
Joined: October 23rd, 2017, 5:06 am

Re: Possibly infected[2]

Unread postby pgmigg » October 24th, 2017, 11:56 pm

Hello OrangeRanger,

OrangeRanger wrote:My apologies for the attachments.
You are welcome! :) But... I asked you to post each log separately - two logs are equal two posts. How many of them did you create? ;)

So far, so good... Let's continue. :D

Please do the following:

Step 1.
AdwCleaner - Scan and Clean
  1. You should still have adwcleaner_7.0.3.1.exe on your Desktop. If not please download it from HERE.
  2. Close all open programs and windows.
  3. Right click on adwcleaner_7.3.0.1.exe and click Run as administrator.
  4. Click on the Scan button.
  5. When the scan finishes, you'll see a message in the AdwCleaner window: "Waiting for action. Please uncheck elements you want to keep."
  6. Click on Clean button.
  7. Once finished AdwCleaner will prompt you to reboot. Please allow it to do so.
  8. On reboot a log will open AdwCleaner[Rn].txt. Copy and paste the contents of that log file in your reply.

Step 2.
Fresh FRST64 Scan
You should still have FRST64.exe on your Desktop.
  1. Please close all open programs and windows.
  2. Right-click FRST64.exe and select "Run as administrator..." to run it.
  3. When the tool opens click Yes to the disclaimer if it is occurred.
  4. Please be sure that 90 Days Files check box under Optional Scan section is unchecked.
  5. Please be sure that Addition.txt check box under Optional Scan section is checked.
  6. Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
  7. Please post the content of the both FRST.txt and Addition.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[Rn].txt log file
  3. Contents of the FRST.txt log file after fresh FRST scan
  4. Contents of the Addition.txt log file after fresh FRST scan
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Possibly infected[2]

Unread postby OrangeRanger » October 25th, 2017, 12:11 am

pgmigg wrote:Hello OrangeRanger,

OrangeRanger wrote:My apologies for the attachments.
You are welcome! :) But... I asked you to post each log separately - two logs are equal two posts. How many of them did you create? ;)


Lol I just can't seem to follow your organizational rules.

Do you have any problems executing the instructions?: Nope!
Do you see any changes in computer behavior?: Windows loaded a tad bit slower.

Code: Select all
# AdwCleaner 7.0.3.1 - Logfile created on Wed Oct 25 04:06:54 2017
# Updated on 2017/29/09 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\All Users\Documents\Downloaded Installers
Deleted: C:\Users\Public\Documents\Downloaded Installers
Deleted: C:\Users\Lucas\AppData\Local\slimware utilities inc
Deleted: C:\Users\Lucas\AppData\Local\SlimWare Utilities Inc
Deleted: C:\ProgramData\Service7609


***** [ Files ] *****

Deleted: C:\Users\Lucas\Desktop\SysInfo.exe


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\Software\__SP__browser_name__SP__
Deleted: [Key] - HKCU\Software\__SP__browser_name__SP__
Deleted: [Key] - HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\Software\winmnt
Deleted: [Key] - HKCU\Software\winmnt
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\Software\SlimWare Utilities Inc
Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc


***** [ Firefox (and derivatives) ] *****

Plugin deleted: SaveFrom.net - helper - SaveFrom.net


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2639 B] - [2017/10/25 3:37:47]
C:/AdwCleaner/AdwCleaner[S1].txt - [2707 B] - [2017/10/25 4:6:11]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
OrangeRanger
Regular Member
 
Posts: 19
Joined: October 23rd, 2017, 5:06 am

Re: Possibly infected[2]

Unread postby OrangeRanger » October 25th, 2017, 12:13 am

FRST
Code: Select all
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-10-2017 01
Ran by Lucas (administrator) on LUCAS-PC (24-10-2017 23:08:21)
Running from C:\Users\Lucas\Desktop
Loaded Profiles: Lucas (Available Profiles: Lucas & Luucas & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 14393.1770 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17662072 2017-07-10] (Logitech Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\GIGABYTE\EasyTune\etro.exe [5632 2016-10-03] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [EasyTuneEngineService] => C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EngineRunOnce.exe [14632 2016-05-03] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [DualBiosRescue] => C:\Program Files (x86)\GIGABYTE\GigabyteFirmwareUpdateUtility\dbrro.exe [12096 2015-08-19] ()
HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{05569c98-36f7-48a0-854a-80957b6e0385}: [DhcpNameServer] 44.0.0.252
Tcpip\..\Interfaces\{5a192499-7b67-4098-88ae-81bb60535753}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bc6f3781-1599-481f-b2b1-e0065ba674de}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d32007ed-56a1-4872-a37e-3a79eda5ab48}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{e39647ad-c061-4d8a-a668-5cb4371054a3}: [DhcpNameServer] 10.48.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-31] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-31] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: y0vcij23.default
FF ProfilePath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\y0vcij23.default [2017-10-24]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3154826165-2591789761-3766887662-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Lucas\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-22] (Citrix Online)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=FAHzamobl06629,4047f6e0-98bb-4530-8f93-e0e3c2e5d822&vp=ch&prd=set
CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default [2017-10-24]
CHR Extension: (Slides) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]
CHR Extension: (Chrome RDP) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch [2016-03-01]
CHR Extension: (Adblock Plus) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-06]
CHR Extension: (Google Search) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Tampermonkey) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-03]
CHR Extension: (Sheets) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-10-13]
CHR Extension: (AdBlock) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-19]
CHR Extension: (Ad,Block Plus) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojdigjopnhgodnciccmjddabckjanko [2016-04-12]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-12-07]
CHR Extension: (Chrome RDP for Google Cloud Platform) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbbnannobiobpnfblimoapbephgifkm [2016-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-17]
CHR Extension: (Chrome Media Router) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-15]
CHR HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1533448 2017-09-13] ()
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe [72024 2017-02-07] (Google Inc.)
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-12-23] (Creative Labs) [File not signed]
S4 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
S4 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [142632 2016-06-14] (GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S4 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
S4 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [457432 2016-11-01] (Rivet Networks)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-07-10] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-21] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
S4 OcButtonService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe [127272 2016-06-14] (GIGA-BYTE TECHNOLOGY CO., LTD.)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2169696 2017-07-05] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3149664 2017-07-05] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1451336 2017-10-17] (Overwolf LTD)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
S4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-06-27] ()
S4 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-07-22] ()
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [401024 2017-07-02] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [179840 2017-06-20] (Razer Inc.)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S4 RipsawUSBPortChecker; C:\Program Files (x86)\Razer\Razer_Ripsaw_Driver\RipsawUSBPortChecker.exe [186904 2016-06-23] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-09-28] (Razer Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197768 2017-04-12] (Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-08-08] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-08] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 b06diag; C:\WINDOWS\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [145736 2016-09-19] (Rivet Networks, LLC.)
S3 BFN7x64; C:\WINDOWS\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
S3 EtronSTOR; C:\WINDOWS\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.)
S3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [162120 2016-09-16] (Qualcomm Atheros, Inc.)
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45192 2017-07-10] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-07-10] (Logitech Inc.)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-23] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-10-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-10-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-24] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-10-24] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ce1961376673184c\nvlddmkm.sys [15600248 2017-08-22] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-10] (NVIDIA Corporation)
S3 RIPSAWHC64; C:\WINDOWS\system32\drivers\Ripsawx64.sys [690072 2016-06-23] (Razer Inc)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [40640 2015-07-28] (Windows (R) Win 7 DDK provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [206984 2017-04-12] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45048 2017-07-06] (The OpenVPN Project)
S3 tapSF0901; C:\WINDOWS\System32\drivers\tapSF0901.sys [39104 2015-07-30] (Spotflux, Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S1 UsbCharger; C:\WINDOWS\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
U3 idsvc; no ImagePath
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-24 23:04 - 2017-10-24 23:04 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-10-24 22:58 - 2017-10-24 22:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2017-10-24 22:58 - 2017-10-24 22:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2017-10-24 22:52 - 2017-10-24 22:52 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-10-24 22:36 - 2017-10-24 23:06 - 000000000 ____D C:\AdwCleaner
2017-10-24 22:36 - 2017-10-24 22:36 - 008250832 _____ (Malwarebytes) C:\Users\Lucas\Desktop\adwcleaner_7.0.3.1.exe
2017-10-24 22:32 - 2017-10-24 22:34 - 000019040 _____ C:\Users\Lucas\Desktop\Fixlog.txt
2017-10-24 22:30 - 2017-10-24 22:30 - 000002312 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-10-24 22:30 - 2017-10-24 22:30 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-LUCAS-PC-Windows-10-Pro-(64-bit).dat
2017-10-24 22:30 - 2017-10-24 22:30 - 000000000 ____D C:\RegBackup
2017-10-24 22:30 - 2017-10-24 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-10-24 22:30 - 2017-10-24 22:30 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2017-10-24 22:29 - 2017-10-24 22:29 - 005766144 _____ (Tweaking.com) C:\Users\Lucas\Desktop\tweaking.com_registry_backup_setup.exe
2017-10-24 20:25 - 2017-10-24 20:25 - 000084659 _____ C:\Users\Lucas\Desktop\Addition.txt
2017-10-24 20:24 - 2017-10-24 23:08 - 000023397 _____ C:\Users\Lucas\Desktop\FRST.txt
2017-10-24 20:23 - 2017-10-24 20:23 - 000000127 _____ C:\Users\Lucas\Desktop\ckfiles.txt
2017-10-23 04:54 - 2017-10-23 04:54 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2017-10-23 04:54 - 2017-10-23 04:54 - 000000000 ____D C:\Program Files\Unlocker
2017-10-23 04:50 - 2017-10-24 23:03 - 000000000 ____D C:\Program Files (x86)\Wise
2017-10-23 04:45 - 2016-07-16 06:42 - 000232960 _____ (Microsoft Corporation) C:\Program Files\cmd.exe
2017-10-23 04:40 - 2017-10-23 04:40 - 000000201 _____ C:\Users\Lucas\Desktop\backup.txt
2017-10-23 04:33 - 2017-10-23 04:33 - 000468480 _____ () C:\Users\Lucas\Desktop\CKScanner.exe
2017-10-23 04:04 - 2017-10-24 23:08 - 000000000 ____D C:\FRST
2017-10-23 04:04 - 2017-10-24 20:24 - 002403328 _____ (Farbar) C:\Users\Lucas\Desktop\FRST64.exe
2017-10-23 03:59 - 2017-10-23 03:59 - 000000036 _____ C:\Users\Lucas\AppData\Local\housecall.guid.cache
2017-10-23 03:59 - 2017-10-17 11:40 - 000334488 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-10-23 03:53 - 2017-10-24 23:07 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-23 03:53 - 2017-10-24 23:07 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-10-23 03:53 - 2017-10-24 23:07 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-10-23 03:53 - 2017-10-24 23:07 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-23 03:53 - 2017-10-23 03:53 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-10-23 03:53 - 2017-10-23 03:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-23 03:53 - 2017-10-23 03:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-23 03:53 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-23 03:51 - 2017-10-23 03:52 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-10-21 19:52 - 2017-10-21 19:52 - 000003516 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-10-21 19:52 - 2017-10-21 19:52 - 000003380 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-10-11 08:45 - 2017-10-11 08:45 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 08:45 - 2017-09-17 22:27 - 001651552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2017-10-11 08:45 - 2017-09-17 22:27 - 000218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-10-11 08:45 - 2017-09-17 22:22 - 001470816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-10-11 08:45 - 2017-09-17 22:05 - 000497424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-11 08:45 - 2017-09-17 22:04 - 000918304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-11 08:45 - 2017-09-17 22:03 - 000791272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-11 08:45 - 2017-09-17 21:59 - 000341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-11 08:45 - 2017-09-17 21:55 - 005722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-11 08:45 - 2017-09-17 21:55 - 001431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-10-11 08:45 - 2017-09-17 21:54 - 001980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-10-11 08:45 - 2017-09-17 21:52 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-11 08:45 - 2017-09-17 21:52 - 006672680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-11 08:45 - 2017-09-17 21:52 - 004023560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-10-11 08:45 - 2017-09-17 21:52 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-10-11 08:45 - 2017-09-17 21:52 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-10-11 08:45 - 2017-09-17 21:52 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-10-11 08:45 - 2017-09-17 21:52 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-10-11 08:45 - 2017-09-17 21:51 - 000178016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-11 08:45 - 2017-09-17 21:49 - 001435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-11 08:45 - 2017-09-17 21:49 - 001412128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-11 08:45 - 2017-09-17 21:49 - 001260784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-11 08:45 - 2017-09-17 21:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-10-11 08:45 - 2017-09-17 21:31 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-10-11 08:45 - 2017-09-17 21:31 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-10-11 08:45 - 2017-09-17 21:30 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-11 08:45 - 2017-09-17 21:30 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-10-11 08:45 - 2017-09-17 21:29 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-10-11 08:45 - 2017-09-17 21:28 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-10-11 08:45 - 2017-09-17 21:28 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-10-11 08:45 - 2017-09-17 21:27 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-10-11 08:45 - 2017-09-17 21:26 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-10-11 08:45 - 2017-09-17 21:26 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-10-11 08:45 - 2017-09-17 21:26 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-10-11 08:45 - 2017-09-17 21:26 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-10-11 08:45 - 2017-09-17 21:26 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-10-11 08:45 - 2017-09-17 21:25 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-10-11 08:45 - 2017-09-17 21:25 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-11 08:45 - 2017-09-17 21:24 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-11 08:45 - 2017-09-17 21:24 - 000819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-10-11 08:45 - 2017-09-17 21:24 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-10-11 08:45 - 2017-09-17 21:23 - 000857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-10-11 08:45 - 2017-09-17 21:23 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-10-11 08:45 - 2017-09-17 21:23 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-10-11 08:45 - 2017-09-17 21:23 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-10-11 08:45 - 2017-09-17 21:23 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-11 08:45 - 2017-09-17 21:23 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-10-11 08:45 - 2017-09-17 21:22 - 001323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-11 08:45 - 2017-09-17 21:22 - 001137664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-11 08:45 - 2017-09-17 21:20 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-11 08:45 - 2017-09-17 21:20 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-10-11 08:45 - 2017-09-17 21:19 - 002750976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-10-11 08:45 - 2017-09-17 21:18 - 007470592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-11 08:45 - 2017-09-17 21:17 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-10-11 08:45 - 2017-09-17 21:14 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-11 08:45 - 2017-09-17 21:14 - 002740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-11 08:45 - 2017-09-17 21:14 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-10-11 08:45 - 2017-09-17 21:14 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-10-11 08:45 - 2017-09-17 21:14 - 002483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-11 08:45 - 2017-09-17 21:14 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-10-11 08:45 - 2017-09-17 21:14 - 001599488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-11 08:45 - 2017-09-17 21:14 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-10-11 08:45 - 2017-09-17 21:14 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-10-11 08:45 - 2017-09-17 21:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-10-11 08:45 - 2017-09-17 21:14 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-10-11 08:45 - 2017-09-17 21:14 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-10-11 08:45 - 2017-09-17 21:13 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-10-11 08:45 - 2017-09-17 21:13 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-10-11 08:45 - 2017-09-17 21:13 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-10-11 08:45 - 2017-09-17 21:13 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-10-11 08:45 - 2017-09-17 21:13 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-10-11 08:45 - 2017-09-17 21:13 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-10-11 08:45 - 2017-09-17 21:11 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-10-11 08:45 - 2017-09-17 21:11 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-11 08:45 - 2017-09-14 17:49 - 001202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-10-11 08:45 - 2017-09-14 17:31 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-11 08:45 - 2017-09-14 17:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-11 08:45 - 2017-09-14 17:28 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-10-11 08:45 - 2017-09-14 17:26 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-10-11 08:45 - 2017-09-14 17:15 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-11 08:45 - 2017-09-13 21:04 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-11 08:45 - 2017-03-04 01:28 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-10-11 08:45 - 2017-03-04 01:24 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-10-11 08:45 - 2017-03-04 01:23 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-10-11 08:45 - 2017-03-04 01:18 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-10-11 08:45 - 2017-03-04 01:16 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-10-11 08:45 - 2017-03-04 01:00 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-10-11 08:45 - 2017-03-04 01:00 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-10-11 08:44 - 2017-09-17 22:18 - 002414432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2017-10-11 08:44 - 2017-09-17 22:17 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-10-11 08:44 - 2017-09-17 22:17 - 000245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-10-11 08:44 - 2017-09-17 22:17 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-10-11 08:44 - 2017-09-17 22:14 - 001408352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-10-11 08:44 - 2017-09-17 22:14 - 001054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-10-11 08:44 - 2017-09-17 22:14 - 000992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-10-11 08:44 - 2017-09-17 22:14 - 000813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-10-11 08:44 - 2017-09-17 22:14 - 000779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-10-11 08:44 - 2017-09-17 22:14 - 000766304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-10-11 08:44 - 2017-09-17 22:14 - 000699232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-10-11 08:44 - 2017-09-17 22:14 - 000513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-10-11 08:44 - 2017-09-17 22:14 - 000412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-10-11 08:44 - 2017-09-17 22:14 - 000076128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-10-11 08:44 - 2017-09-17 22:13 - 002170720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-10-11 08:44 - 2017-09-17 22:13 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-10-11 08:44 - 2017-09-17 22:13 - 000704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-10-11 08:44 - 2017-09-17 22:13 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-10-11 08:44 - 2017-09-17 22:13 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-10-11 08:44 - 2017-09-17 22:13 - 000202592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-10-11 08:44 - 2017-09-17 22:09 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-11 08:44 - 2017-09-17 22:09 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-11 08:44 - 2017-09-17 22:09 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-11 08:44 - 2017-09-17 22:09 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-11 08:44 - 2017-09-17 22:08 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-11 08:44 - 2017-09-17 22:08 - 000998920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-11 08:44 - 2017-09-17 22:05 - 001177688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-11 08:44 - 2017-09-17 22:05 - 000172536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-11 08:44 - 2017-09-17 22:05 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-10-11 08:44 - 2017-09-17 22:04 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-11 08:44 - 2017-09-17 22:04 - 000404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-11 08:44 - 2017-09-17 22:02 - 007213464 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-11 08:44 - 2017-09-17 22:02 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-10-11 08:44 - 2017-09-17 22:01 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-10-11 08:44 - 2017-09-17 22:01 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-11 08:44 - 2017-09-17 22:01 - 000431456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-10-11 08:44 - 2017-09-17 22:01 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-11 08:44 - 2017-09-17 22:00 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-10-11 08:44 - 2017-09-17 21:59 - 022220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-11 08:44 - 2017-09-17 21:59 - 008173672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-11 08:44 - 2017-09-17 21:59 - 004260072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-10-11 08:44 - 2017-09-17 21:59 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-10-11 08:44 - 2017-09-17 21:59 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-10-11 08:44 - 2017-09-17 21:59 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-10-11 08:44 - 2017-09-17 21:58 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-10-11 08:44 - 2017-09-17 21:58 - 000206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-11 08:44 - 2017-09-17 21:57 - 001566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-11 08:44 - 2017-09-17 21:57 - 001460696 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-11 08:44 - 2017-09-17 21:57 - 001415712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-11 08:44 - 2017-09-17 21:56 - 000057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-11 08:44 - 2017-09-17 21:48 - 000117792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-11 08:44 - 2017-09-17 21:36 - 022570496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-11 08:44 - 2017-09-17 21:35 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-10-11 08:44 - 2017-09-17 21:33 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-11 08:44 - 2017-09-17 21:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-10-11 08:44 - 2017-09-17 21:33 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransliterationRanker.dll
2017-10-11 08:44 - 2017-09-17 21:32 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-11 08:44 - 2017-09-17 21:32 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpninputrouter.dll
2017-10-11 08:44 - 2017-09-17 21:32 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmojiDS.dll
2017-10-11 08:44 - 2017-09-17 21:32 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-11 08:44 - 2017-09-17 21:32 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-11 08:44 - 2017-09-17 21:31 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-10-11 08:44 - 2017-09-17 21:31 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-11 08:44 - 2017-09-17 21:31 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-11 08:44 - 2017-09-17 21:31 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\RuleBasedDS.dll
2017-10-11 08:44 - 2017-09-17 21:30 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll
2017-10-11 08:44 - 2017-09-17 21:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpnranker.dll
2017-10-11 08:44 - 2017-09-17 21:30 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-11 08:44 - 2017-09-17 21:30 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-10-11 08:44 - 2017-09-17 21:30 - 000174592 _____ C:\WINDOWS\system32\IHDS.dll
2017-10-11 08:44 - 2017-09-17 21:30 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\VocabRoamingHandler.dll
2017-10-11 08:44 - 2017-09-17 21:30 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StaticDictDS.dll
2017-10-11 08:44 - 2017-09-17 21:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-10-11 08:44 - 2017-09-17 21:30 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxranker.dll
2017-10-11 08:44 - 2017-09-17 21:29 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-11 08:44 - 2017-09-17 21:29 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsStrokeDS.dll
2017-10-11 08:44 - 2017-09-17 21:29 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-11 08:44 - 2017-09-17 21:29 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll
2017-10-11 08:44 - 2017-09-17 21:29 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-10-11 08:44 - 2017-09-17 21:29 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-10-11 08:44 - 2017-09-17 21:28 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-11 08:44 - 2017-09-17 21:28 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe
2017-10-11 08:44 - 2017-09-17 21:28 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe
2017-10-11 08:44 - 2017-09-17 21:28 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtHkStrokeDS.dll
2017-10-11 08:44 - 2017-09-17 21:28 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsPinyinRanker.dll
2017-10-11 08:44 - 2017-09-17 21:28 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MtfDecoder.dll
2017-10-11 08:44 - 2017-09-17 21:28 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-10-11 08:44 - 2017-09-17 21:28 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2017-10-11 08:44 - 2017-09-17 21:28 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-10-11 08:44 - 2017-09-17 21:28 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-10-11 08:44 - 2017-09-17 21:27 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxAPDS.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimeChsPinyinMainDS.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxHAPDS.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtCangjieDS.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtQuickDS.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-10-11 08:44 - 2017-09-17 21:27 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpndecoder.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxinputrouter.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-10-11 08:44 - 2017-09-17 21:27 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-11 08:44 - 2017-09-17 21:26 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-10-11 08:44 - 2017-09-17 21:26 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-10-11 08:44 - 2017-09-17 21:26 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2017-10-11 08:44 - 2017-09-17 21:26 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-11 08:44 - 2017-09-17 21:26 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-10-11 08:44 - 2017-09-17 21:26 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-10-11 08:44 - 2017-09-17 21:26 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-11 08:44 - 2017-09-17 21:26 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-11 08:44 - 2017-09-17 21:26 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-11 08:44 - 2017-09-17 21:26 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-10-11 08:44 - 2017-09-17 21:26 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-10-11 08:44 - 2017-09-17 21:25 - 001914368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-11 08:44 - 2017-09-17 21:25 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-11 08:44 - 2017-09-17 21:25 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-11 08:44 - 2017-09-17 21:25 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-10-11 08:44 - 2017-09-17 21:24 - 013107712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-11 08:44 - 2017-09-17 21:24 - 002103808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-10-11 08:44 - 2017-09-17 21:24 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-10-11 08:44 - 2017-09-17 21:24 - 001584640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-11 08:44 - 2017-09-17 21:24 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-11 08:44 - 2017-09-17 21:24 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-11 08:44 - 2017-09-17 21:23 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-10-11 08:44 - 2017-09-17 21:22 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-10-11 08:44 - 2017-09-17 21:22 - 003291648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-10-11 08:44 - 2017-09-17 21:22 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-10-11 08:44 - 2017-09-17 21:22 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-11 08:44 - 2017-09-17 21:22 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-11 08:44 - 2017-09-17 21:21 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-11 08:44 - 2017-09-17 21:20 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-11 08:44 - 2017-09-17 21:20 - 019414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-11 08:44 - 2017-09-17 21:20 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-10-11 08:44 - 2017-09-17 21:20 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-10-11 08:44 - 2017-09-17 21:19 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-10-11 08:44 - 2017-09-17 21:19 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-11 08:44 - 2017-09-17 21:19 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2017-10-11 08:44 - 2017-09-17 21:19 - 000303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-11 08:44 - 2017-09-17 21:19 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-11 08:44 - 2017-09-17 21:18 - 012204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-11 08:44 - 2017-09-17 21:18 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-11 08:44 - 2017-09-17 21:18 - 008077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-11 08:44 - 2017-09-17 21:18 - 001145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-10-11 08:44 - 2017-09-17 21:18 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-11 08:44 - 2017-09-17 21:18 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-11 08:44 - 2017-09-17 21:18 - 000932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-10-11 08:44 - 2017-09-17 21:18 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-10-11 08:44 - 2017-09-17 21:17 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-11 08:44 - 2017-09-17 21:17 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-11 08:44 - 2017-09-17 21:17 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-11 08:44 - 2017-09-17 21:17 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-10-11 08:44 - 2017-09-17 21:16 - 004743168 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-11 08:44 - 2017-09-17 21:16 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-10-11 08:44 - 2017-09-17 21:16 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-10-11 08:44 - 2017-09-17 21:16 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-11 08:44 - 2017-09-17 21:15 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-11 08:44 - 2017-09-17 21:15 - 003202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-11 08:44 - 2017-09-17 21:15 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-10-11 08:44 - 2017-09-17 21:15 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-10-11 08:44 - 2017-09-17 21:15 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-10-11 08:44 - 2017-09-17 21:15 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-10-11 08:44 - 2017-09-17 21:15 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-11 08:44 - 2017-09-17 21:15 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-11 08:44 - 2017-09-17 21:15 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-11 08:44 - 2017-09-17 21:15 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-11 08:44 - 2017-09-17 21:15 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-10-11 08:44 - 2017-09-17 21:14 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-11 08:44 - 2017-09-17 21:14 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-11 08:44 - 2017-09-17 21:14 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 001040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 000983552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-10-11 08:44 - 2017-09-17 21:14 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 000650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-11 08:44 - 2017-09-17 21:13 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-10-11 08:44 - 2017-09-17 21:13 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-10-11 08:44 - 2017-09-17 21:13 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-10-11 08:44 - 2017-09-17 21:13 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2017-10-11 08:44 - 2017-09-17 21:13 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2017-10-11 08:44 - 2017-09-17 21:12 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-10-11 08:44 - 2017-09-17 21:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-11 08:44 - 2017-09-17 21:12 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2017-10-11 08:44 - 2017-09-17 21:11 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\trie.dll
2017-10-11 08:44 - 2017-09-17 21:11 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFFuzzyDS.dll
2017-10-11 08:44 - 2017-09-17 21:11 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFSpellcheckDS.dll
2017-10-11 08:44 - 2017-09-14 18:14 - 000119328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-10-11 08:44 - 2017-09-14 18:05 - 001302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-10-11 08:44 - 2017-09-14 17:59 - 000096064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-10-11 08:44 - 2017-09-14 17:52 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-10-11 08:44 - 2017-09-14 17:39 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2017-10-11 08:44 - 2017-09-14 17:39 - 001227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2017-10-11 08:44 - 2017-09-14 17:39 - 001222144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2017-10-11 08:44 - 2017-09-14 17:39 - 001165824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2017-10-11 08:44 - 2017-09-14 17:39 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2017-10-11 08:44 - 2017-09-14 17:39 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2017-10-11 08:44 - 2017-09-14 17:39 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2017-10-11 08:44 - 2017-09-14 17:39 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2017-10-11 08:44 - 2017-09-14 17:39 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll
2017-10-11 08:44 - 2017-09-14 17:39 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2017-10-11 08:44 - 2017-09-14 17:38 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2017-10-11 08:44 - 2017-09-14 17:34 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-10-11 08:44 - 2017-09-14 17:32 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2017-10-11 08:44 - 2017-09-14 17:32 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB7.dll
2017-10-11 08:44 - 2017-09-14 17:32 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-10-11 08:44 - 2017-09-14 17:32 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-10-11 08:44 - 2017-09-14 17:32 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-11 08:44 - 2017-09-14 17:31 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-11 08:44 - 2017-09-14 17:31 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-10-11 08:44 - 2017-09-14 17:30 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-10-11 08:44 - 2017-09-14 17:30 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2017-10-11 08:44 - 2017-09-14 17:30 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB7.dll
2017-10-11 08:44 - 2017-09-14 17:30 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-10-11 08:44 - 2017-09-14 17:30 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-10-11 08:44 - 2017-09-14 17:29 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-10-11 08:44 - 2017-09-14 17:28 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-10-11 08:44 - 2017-09-14 17:27 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-10-11 08:44 - 2017-09-14 17:26 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-10-11 08:44 - 2017-09-14 17:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2017-10-11 08:44 - 2017-09-14 17:25 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-10-11 08:44 - 2017-09-14 17:25 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2017-10-11 08:44 - 2017-09-14 17:25 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-10-11 08:44 - 2017-09-14 17:24 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-10-11 08:44 - 2017-09-14 17:24 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2017-10-11 08:44 - 2017-09-14 17:23 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-11 08:44 - 2017-09-14 17:22 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-10-11 08:44 - 2017-09-14 17:22 - 000820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-10-11 08:44 - 2017-09-14 17:22 - 000634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-10-11 08:44 - 2017-09-14 17:21 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2017-10-11 08:44 - 2017-09-14 17:20 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-10-11 08:44 - 2017-09-14 17:19 - 001421824 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-10-11 08:44 - 2017-09-14 17:19 - 000928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-10-11 08:44 - 2017-09-14 17:18 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-11 08:44 - 2017-09-14 17:18 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2017-10-11 08:44 - 2017-09-14 17:17 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2017-10-11 08:44 - 2017-09-14 17:16 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2017-10-11 08:44 - 2017-09-13 21:04 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-11 08:44 - 2017-09-13 21:04 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-11 08:44 - 2017-03-04 02:10 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-10-11 08:44 - 2017-03-04 01:25 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-10-11 08:44 - 2017-03-04 01:23 - 001184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-10-11 08:44 - 2017-03-04 01:11 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-10-11 08:44 - 2017-03-04 01:07 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-10-11 08:44 - 2017-03-04 01:03 - 000119808 ____R (Microsoft Corporation) C:\WINDOWS\system32\SecureAssessmentHandlers.dll
2017-10-11 08:44 - 2016-08-27 00:12 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-10-11 08:44 - 2016-08-05 23:16 - 000026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-10-11 08:44 - 2016-08-02 03:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-09-27 22:55 - 2017-09-27 22:55 - 000002110 _____ C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape.lnk
2017-09-27 22:49 - 2017-09-27 22:49 - 000000177 _____ C:\Users\Public\Desktop\RuneScape Launcher.url
2017-09-12 20:23 - 2017-09-07 02:07 - 000315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-09-12 20:23 - 2017-09-07 01:32 - 001573792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 20:23 - 2017-09-07 01:29 - 002048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-12 20:23 - 2017-09-07 01:24 - 000869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-09-12 20:23 - 2017-09-07 01:24 - 000263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-09-12 20:23 - 2017-09-07 01:22 - 001504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-09-12 20:23 - 2017-09-07 01:21 - 002265368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 20:23 - 2017-09-07 01:21 - 000975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-09-12 20:23 - 2017-09-07 01:21 - 000861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-09-12 20:23 - 2017-09-07 01:21 - 000780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-12 20:23 - 2017-09-07 01:21 - 000116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-09-12 20:23 - 2017-09-07 01:20 - 000577976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 20:23 - 2017-09-07 01:20 - 000339896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-12 20:23 - 2017-09-07 01:20 - 000267104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-12 20:23 - 2017-09-07 01:20 - 000139104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 20:23 - 2017-09-07 01:20 - 000037200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 20:23 - 2017-09-07 01:19 - 002168288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 20:23 - 2017-09-07 01:19 - 000846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-09-12 20:23 - 2017-09-07 01:19 - 000606560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-09-12 20:23 - 2017-09-07 01:19 - 000111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-09-12 20:23 - 2017-09-07 01:17 - 001557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-09-12 20:23 - 2017-09-07 01:16 - 000962768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-09-12 20:23 - 2017-09-07 01:13 - 000546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 20:23 - 2017-09-07 01:12 - 000306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-09-12 20:23 - 2017-09-07 01:07 - 005686784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 20:23 - 2017-09-07 01:01 - 001631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-12 20:23 - 2017-09-07 01:01 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-12 20:23 - 2017-09-07 01:00 - 000037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-09-12 20:23 - 2017-09-07 00:59 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 20:23 - 2017-09-07 00:58 - 000554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 20:23 - 2017-09-07 00:58 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-09-12 20:23 - 2017-09-07 00:58 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IconCodecService.dll
2017-09-12 20:23 - 2017-09-07 00:57 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\socialapis.dll
2017-09-12 20:23 - 2017-09-07 00:57 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-09-12 20:23 - 2017-09-07 00:57 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-09-12 20:23 - 2017-09-07 00:57 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-09-12 20:23 - 2017-09-07 00:56 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-09-12 20:23 - 2017-09-07 00:56 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-09-12 20:23 - 2017-09-07 00:55 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-09-12 20:23 - 2017-09-07 00:55 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-09-12 20:23 - 2017-09-07 00:55 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-09-12 20:23 - 2017-09-07 00:54 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-12 20:23 - 2017-09-07 00:54 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-09-12 20:23 - 2017-09-07 00:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-09-12 20:23 - 2017-09-07 00:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-09-12 20:23 - 2017-09-07 00:54 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-09-12 20:23 - 2017-09-07 00:54 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-09-12 20:23 - 2017-09-07 00:54 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-09-12 20:23 - 2017-09-07 00:53 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\psisdecd.dll
2017-09-12 20:23 - 2017-09-07 00:53 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-09-12 20:23 - 2017-09-07 00:53 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-09-12 20:23 - 2017-09-07 00:53 - 000313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 20:23 - 2017-09-07 00:53 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-09-12 20:23 - 2017-09-07 00:52 - 001300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-09-12 20:23 - 2017-09-07 00:52 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-09-12 20:23 - 2017-09-07 00:52 - 000265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-09-12 20:23 - 2017-09-07 00:52 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-09-12 20:23 - 2017-09-07 00:52 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-09-12 20:23 - 2017-09-07 00:51 - 001243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-09-12 20:23 - 2017-09-07 00:51 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-09-12 20:23 - 2017-09-07 00:51 - 000609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-09-12 20:23 - 2017-09-07 00:51 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 20:23 - 2017-09-07 00:51 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-09-12 20:23 - 2017-09-07 00:51 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-09-12 20:23 - 2017-09-07 00:51 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-09-12 20:23 - 2017-09-07 00:51 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-09-12 20:23 - 2017-09-07 00:51 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-09-12 20:23 - 2017-09-07 00:51 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-09-12 20:23 - 2017-09-07 00:51 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-09-12 20:23 - 2017-09-07 00:51 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-12 20:23 - 2017-09-07 00:50 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-09-12 20:23 - 2017-09-07 00:50 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-09-12 20:23 - 2017-09-07 00:50 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-09-12 20:23 - 2017-09-07 00:50 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-09-12 20:23 - 2017-09-07 00:50 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-09-12 20:23 - 2017-09-07 00:50 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-09-12 20:23 - 2017-09-07 00:49 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-09-12 20:23 - 2017-09-07 00:49 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 20:23 - 2017-09-07 00:49 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-09-12 20:23 - 2017-09-07 00:48 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-09-12 20:23 - 2017-09-07 00:48 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-12 20:23 - 2017-09-07 00:48 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-09-12 20:23 - 2017-09-07 00:48 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-09-12 20:23 - 2017-09-07 00:48 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 20:23 - 2017-09-07 00:47 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 20:23 - 2017-09-07 00:47 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-09-12 20:23 - 2017-09-07 00:47 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-09-12 20:23 - 2017-09-07 00:47 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-09-12 20:23 - 2017-09-07 00:47 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-09-12 20:23 - 2017-09-07 00:45 - 013875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-12 20:23 - 2017-09-07 00:45 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroleui.dll
2017-09-12 20:23 - 2017-09-07 00:44 - 001534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-09-12 20:23 - 2017-09-07 00:44 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-09-12 20:23 - 2017-09-07 00:44 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-09-12 20:23 - 2017-09-07 00:43 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-09-12 20:23 - 2017-09-07 00:42 - 001077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-09-12 20:23 - 2017-09-07 00:42 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-09-12 20:23 - 2017-09-07 00:42 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2017-09-12 20:23 - 2017-09-07 00:41 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2017-09-12 20:23 - 2017-09-07 00:40 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-09-12 20:23 - 2017-09-07 00:40 - 003198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-09-12 20:23 - 2017-09-07 00:40 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-09-12 20:23 - 2017-09-07 00:40 - 000746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-09-12 20:23 - 2017-09-07 00:40 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-09-12 20:23 - 2017-09-07 00:39 - 006109696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-09-12 20:23 - 2017-09-07 00:39 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2017-09-12 20:23 - 2017-09-07 00:38 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-12 20:23 - 2017-09-07 00:38 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-09-12 20:23 - 2017-09-07 00:38 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2017-09-12 20:23 - 2017-09-07 00:37 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-09-12 20:23 - 2017-09-07 00:37 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-12 20:23 - 2017-09-07 00:36 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-09-12 20:23 - 2017-09-07 00:36 - 001221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-09-12 20:23 - 2017-09-07 00:36 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CameraCaptureUI.dll
2017-09-12 20:23 - 2017-09-07 00:35 - 000357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-09-12 20:23 - 2017-09-07 00:35 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-09-12 20:23 - 2017-09-07 00:34 - 003733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 20:23 - 2017-09-07 00:34 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-09-12 20:23 - 2017-09-07 00:34 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-09-12 20:23 - 2017-09-07 00:34 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-09-12 20:23 - 2017-09-07 00:33 - 001656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-09-12 20:23 - 2017-09-07 00:33 - 001135616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 20:23 - 2017-09-07 00:33 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-09-12 20:23 - 2017-09-07 00:32 - 001993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-09-12 20:23 - 2017-09-07 00:32 - 001247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-09-12 20:23 - 2017-09-07 00:32 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-09-12 20:23 - 2017-09-07 00:31 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-09-12 20:23 - 2017-09-07 00:31 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-09-12 20:23 - 2017-09-07 00:31 - 000654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-09-12 20:23 - 2017-09-07 00:31 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-09-12 20:23 - 2017-09-07 00:31 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-09-12 20:23 - 2017-09-07 00:30 - 002747904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-09-12 20:23 - 2017-09-07 00:30 - 001413632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 20:23 - 2017-09-07 00:30 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-09-12 20:23 - 2017-09-07 00:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-09-12 20:23 - 2017-09-07 00:29 - 001576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-09-12 20:23 - 2017-09-07 00:19 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-09-12 20:23 - 2017-09-07 00:17 - 000730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 20:23 - 2017-09-07 00:16 - 001507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2017-09-12 20:23 - 2017-09-07 00:14 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-09-12 20:23 - 2017-09-07 00:14 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-09-12 20:23 - 2017-09-07 00:13 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2017-09-12 20:23 - 2017-09-07 00:13 - 000245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-09-12 20:23 - 2017-09-07 00:12 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-09-12 20:23 - 2017-09-07 00:07 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-12 20:23 - 2017-09-07 00:04 - 001908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-12 20:23 - 2017-09-06 23:58 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-09-12 20:23 - 2017-09-06 23:55 - 002424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-09-12 20:23 - 2017-08-22 00:08 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-12 20:23 - 2017-08-22 00:02 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-12 20:23 - 2017-08-21 23:57 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-12 20:23 - 2017-08-21 23:49 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-09-12 20:23 - 2017-08-08 01:03 - 000102240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2017-09-12 20:23 - 2017-08-08 00:56 - 000054240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 20:23 - 2017-08-08 00:53 - 000715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-09-12 20:23 - 2017-08-08 00:53 - 000557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
OrangeRanger
Regular Member
 
Posts: 19
Joined: October 23rd, 2017, 5:06 am

Re: Possibly infected[2]

Unread postby OrangeRanger » October 25th, 2017, 12:13 am

FRST
Code: Select all
2017-09-12 20:23 - 2017-08-08 00:25 - 000255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2017-09-12 20:23 - 2017-08-08 00:16 - 000294952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 20:23 - 2017-08-08 00:16 - 000086232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2017-09-12 20:23 - 2017-08-07 23:56 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidtel.exe
2017-09-12 20:23 - 2017-08-07 23:53 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-09-12 20:23 - 2017-08-07 23:53 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 20:23 - 2017-08-07 23:53 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2017-09-12 20:23 - 2017-08-07 23:50 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-09-12 20:23 - 2017-08-07 23:50 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-09-12 20:23 - 2017-08-07 23:50 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-09-12 20:23 - 2017-08-07 23:49 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-09-12 20:23 - 2017-08-07 23:48 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-09-12 20:23 - 2017-08-07 23:47 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 20:23 - 2017-08-07 23:41 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-09-12 20:23 - 2017-03-04 01:24 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-09-12 20:23 - 2017-03-04 01:05 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-09-12 20:23 - 2017-03-04 01:01 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-09-12 20:23 - 2016-12-20 23:43 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-09-12 20:23 - 2016-09-15 11:40 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-09-12 20:23 - 2016-09-15 11:24 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-09-12 20:22 - 2017-09-07 01:20 - 000367208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-09-12 20:22 - 2017-09-07 01:16 - 000379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-09-12 20:22 - 2017-09-07 01:10 - 000603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-09-12 20:22 - 2017-09-07 01:02 - 032693432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-09-12 20:22 - 2017-09-07 01:01 - 002681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-12 20:22 - 2017-09-07 01:01 - 002049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-09-12 20:22 - 2017-09-07 00:57 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 20:22 - 2017-09-07 00:56 - 001069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 20:22 - 2017-09-07 00:56 - 000328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-09-12 20:22 - 2017-09-07 00:54 - 002761248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 20:22 - 2017-09-07 00:54 - 002188128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-12 20:22 - 2017-09-07 00:54 - 001739072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-09-12 20:22 - 2017-09-07 00:54 - 001157008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-09-12 20:22 - 2017-09-07 00:54 - 000658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-09-12 20:22 - 2017-09-07 00:54 - 000402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-09-12 20:22 - 2017-09-07 00:53 - 000684896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 20:22 - 2017-09-07 00:53 - 000431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-09-12 20:22 - 2017-09-07 00:53 - 000097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-09-12 20:22 - 2017-09-07 00:52 - 002915704 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 20:22 - 2017-09-07 00:52 - 001267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-09-12 20:22 - 2017-09-07 00:52 - 000858464 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-09-12 20:22 - 2017-09-07 00:52 - 000148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-09-12 20:22 - 2017-09-07 00:52 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 20:22 - 2017-09-07 00:52 - 000044464 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 20:22 - 2017-09-07 00:51 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-12 20:22 - 2017-09-07 00:51 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-12 20:22 - 2017-09-07 00:50 - 001694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-09-12 20:22 - 2017-09-07 00:50 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 20:22 - 2017-09-07 00:49 - 001277824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-09-12 20:22 - 2017-09-07 00:49 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 20:22 - 2017-09-07 00:47 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-12 20:22 - 2017-09-07 00:46 - 000628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 20:22 - 2017-09-07 00:45 - 002532704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-12 20:22 - 2017-09-07 00:45 - 000387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-12 20:22 - 2017-09-07 00:43 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 20:22 - 2017-09-07 00:31 - 002028032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 20:22 - 2017-09-07 00:31 - 001509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 20:22 - 2017-09-07 00:30 - 007218176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 20:22 - 2017-09-07 00:24 - 001631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-12 20:22 - 2017-09-07 00:23 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-09-12 20:22 - 2017-09-07 00:22 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-12 20:22 - 2017-09-07 00:22 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 20:22 - 2017-09-07 00:21 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-09-12 20:22 - 2017-09-07 00:21 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-09-12 20:22 - 2017-09-07 00:21 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-09-12 20:22 - 2017-09-07 00:21 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2017-09-12 20:22 - 2017-09-07 00:21 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 20:22 - 2017-09-07 00:20 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-09-12 20:22 - 2017-09-07 00:20 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-09-12 20:22 - 2017-09-07 00:20 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 20:22 - 2017-09-07 00:19 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-09-12 20:22 - 2017-09-07 00:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-09-12 20:22 - 2017-09-07 00:18 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsecsnp.dll
2017-09-12 20:22 - 2017-09-07 00:18 - 000418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-09-12 20:22 - 2017-09-07 00:18 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 20:22 - 2017-09-07 00:18 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 20:22 - 2017-09-07 00:18 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-09-12 20:22 - 2017-09-07 00:17 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-09-12 20:22 - 2017-09-07 00:17 - 000418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-09-12 20:22 - 2017-09-07 00:17 - 000360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-09-12 20:22 - 2017-09-07 00:17 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 20:22 - 2017-09-07 00:17 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 20:22 - 2017-09-07 00:17 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-09-12 20:22 - 2017-09-07 00:17 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-09-12 20:22 - 2017-09-07 00:17 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 20:22 - 2017-09-07 00:16 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-09-12 20:22 - 2017-09-07 00:16 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-09-12 20:22 - 2017-09-07 00:16 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-12 20:22 - 2017-09-07 00:16 - 000680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 20:22 - 2017-09-07 00:16 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-09-12 20:22 - 2017-09-07 00:16 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\socialapis.dll
2017-09-12 20:22 - 2017-09-07 00:16 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-09-12 20:22 - 2017-09-07 00:16 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 20:22 - 2017-09-07 00:15 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-09-12 20:22 - 2017-09-07 00:15 - 000432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 20:22 - 2017-09-07 00:15 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 20:22 - 2017-09-07 00:15 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-09-12 20:22 - 2017-09-07 00:15 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-09-12 20:22 - 2017-09-07 00:15 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-09-12 20:22 - 2017-09-07 00:15 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-12 20:22 - 2017-09-07 00:15 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 20:22 - 2017-09-07 00:14 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-09-12 20:22 - 2017-09-07 00:14 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-09-12 20:22 - 2017-09-07 00:14 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-09-12 20:22 - 2017-09-07 00:13 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-09-12 20:22 - 2017-09-07 00:13 - 000645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2017-09-12 20:22 - 2017-09-07 00:13 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-09-12 20:22 - 2017-09-07 00:13 - 000437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-09-12 20:22 - 2017-09-07 00:12 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-09-12 20:22 - 2017-09-07 00:11 - 000966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-09-12 20:22 - 2017-09-07 00:11 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-12 20:22 - 2017-09-07 00:11 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-09-12 20:22 - 2017-09-07 00:11 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 20:22 - 2017-09-07 00:11 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 20:22 - 2017-09-07 00:10 - 017200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-12 20:22 - 2017-09-07 00:10 - 001037312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 20:22 - 2017-09-07 00:09 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-12 20:22 - 2017-09-07 00:09 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 20:22 - 2017-09-07 00:08 - 001639424 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-09-12 20:22 - 2017-09-07 00:08 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-09-12 20:22 - 2017-09-07 00:08 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2017-09-12 20:22 - 2017-09-07 00:08 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-09-12 20:22 - 2017-09-07 00:07 - 007655424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-09-12 20:22 - 2017-09-07 00:07 - 003778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-09-12 20:22 - 2017-09-07 00:07 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-09-12 20:22 - 2017-09-07 00:07 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-09-12 20:22 - 2017-09-07 00:07 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2017-09-12 20:22 - 2017-09-07 00:05 - 005114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-09-12 20:22 - 2017-09-07 00:05 - 001105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-09-12 20:22 - 2017-09-07 00:05 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-09-12 20:22 - 2017-09-07 00:04 - 005850624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-09-12 20:22 - 2017-09-07 00:04 - 000870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-09-12 20:22 - 2017-09-07 00:04 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-09-12 20:22 - 2017-09-07 00:04 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-09-12 20:22 - 2017-09-07 00:03 - 001837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-09-12 20:22 - 2017-09-07 00:03 - 001078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-09-12 20:22 - 2017-09-07 00:03 - 000942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-09-12 20:22 - 2017-09-07 00:03 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2017-09-12 20:22 - 2017-09-07 00:03 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 20:22 - 2017-09-07 00:02 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-09-12 20:22 - 2017-09-07 00:01 - 002390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-09-12 20:22 - 2017-09-07 00:01 - 001217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-09-12 20:22 - 2017-09-07 00:01 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-09-12 20:22 - 2017-09-07 00:01 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-09-12 20:22 - 2017-09-07 00:00 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-09-12 20:22 - 2017-09-07 00:00 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-09-12 20:22 - 2017-09-07 00:00 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-09-12 20:22 - 2017-09-06 23:59 - 004474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 20:22 - 2017-09-06 23:59 - 001281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-12 20:22 - 2017-09-06 23:59 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-09-12 20:22 - 2017-09-06 23:59 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 20:22 - 2017-09-06 23:59 - 000611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-09-12 20:22 - 2017-09-06 23:58 - 002097152 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 20:22 - 2017-09-06 23:58 - 001700352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 20:22 - 2017-09-06 23:58 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-09-12 20:22 - 2017-09-06 23:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-09-12 20:22 - 2017-09-06 23:57 - 005611520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-09-12 20:22 - 2017-09-06 23:57 - 003134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-09-12 20:22 - 2017-09-06 23:57 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-09-12 20:22 - 2017-09-06 23:57 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-09-12 20:22 - 2017-09-06 23:57 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-09-12 20:22 - 2017-09-06 23:56 - 004149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-09-12 20:22 - 2017-09-06 23:56 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-09-12 20:22 - 2017-09-06 23:56 - 002286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-09-12 20:22 - 2017-09-06 23:56 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-09-12 20:22 - 2017-09-06 23:56 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-09-12 20:22 - 2017-09-06 23:55 - 002820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-09-12 20:22 - 2017-09-06 23:55 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-12 20:22 - 2017-09-06 23:55 - 001637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 20:22 - 2017-09-06 23:55 - 001369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-09-12 20:22 - 2017-09-06 23:55 - 001131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 20:22 - 2017-09-06 23:54 - 000834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 20:22 - 2017-08-22 00:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-12 20:22 - 2017-08-22 00:05 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-09-12 20:22 - 2017-08-22 00:04 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-12 20:22 - 2017-08-21 23:53 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-09-12 20:22 - 2017-08-21 23:52 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-09-12 20:22 - 2017-08-21 23:50 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-09-12 20:22 - 2017-08-21 23:47 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-12 20:22 - 2017-08-21 23:38 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\tspubwmi.dll
2017-09-12 20:22 - 2017-08-08 01:01 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-09-12 20:22 - 2017-08-08 00:59 - 000357984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2017-09-12 20:22 - 2017-08-08 00:59 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-09-12 20:22 - 2017-08-08 00:53 - 000026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-09-12 20:22 - 2017-08-08 00:52 - 000450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-09-12 20:22 - 2017-08-08 00:45 - 001102176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-09-12 20:22 - 2017-08-08 00:45 - 000453544 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-09-12 20:22 - 2017-08-08 00:18 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-12 20:22 - 2017-08-08 00:17 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-09-12 20:22 - 2017-08-08 00:16 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2017-09-12 20:22 - 2017-08-08 00:15 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-09-12 20:22 - 2017-08-08 00:15 - 000502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-09-12 20:22 - 2017-08-08 00:14 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 20:22 - 2017-08-08 00:14 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 20:22 - 2017-08-08 00:13 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-09-12 20:22 - 2017-08-08 00:12 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebManagement.exe
2017-09-12 20:22 - 2017-08-08 00:12 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-09-12 20:22 - 2017-08-08 00:10 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 20:22 - 2017-08-08 00:04 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2017-09-12 20:22 - 2017-08-07 23:55 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-09-12 20:22 - 2017-08-01 00:09 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2017-09-12 20:22 - 2017-03-04 02:03 - 000160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-09-12 20:22 - 2017-03-04 01:32 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdp.dll
2017-09-12 20:22 - 2017-03-04 01:28 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-09-12 20:22 - 2017-03-04 01:28 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-09-12 20:22 - 2017-03-04 01:13 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
2017-09-12 20:22 - 2017-03-04 01:10 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-09-12 20:22 - 2017-03-04 01:08 - 001266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-09-12 20:22 - 2016-11-02 05:43 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 20:22 - 2016-09-15 11:34 - 000441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2017-09-12 20:22 - 2016-09-15 11:30 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2017-09-12 20:21 - 2017-09-07 01:10 - 000825696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-12 20:21 - 2017-09-07 01:04 - 000894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-09-12 20:21 - 2017-09-07 01:03 - 001887408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 20:21 - 2017-09-07 01:00 - 000764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-12 20:21 - 2017-09-07 00:57 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-12 20:21 - 2017-09-07 00:54 - 000146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-09-12 20:21 - 2017-09-07 00:53 - 000383776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-12 20:21 - 2017-09-07 00:53 - 000296288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-12 20:21 - 2017-09-07 00:53 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 20:21 - 2017-09-07 00:52 - 001100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-12 20:21 - 2017-09-07 00:52 - 000989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-12 20:21 - 2017-09-07 00:45 - 000372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-09-12 20:21 - 2017-09-07 00:22 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-12 20:21 - 2017-09-07 00:22 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 20:21 - 2017-09-07 00:22 - 000045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-09-12 20:21 - 2017-09-07 00:22 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\IconCodecService.dll
2017-09-12 20:21 - 2017-09-07 00:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-09-12 20:21 - 2017-09-07 00:21 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Authentication.dll
2017-09-12 20:21 - 2017-09-07 00:20 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-09-12 20:21 - 2017-09-07 00:20 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-09-12 20:21 - 2017-09-07 00:20 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-09-12 20:21 - 2017-09-07 00:20 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2017-09-12 20:21 - 2017-09-07 00:19 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-09-12 20:21 - 2017-09-07 00:19 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-09-12 20:21 - 2017-09-07 00:18 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-09-12 20:21 - 2017-09-07 00:18 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-09-12 20:21 - 2017-09-07 00:18 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-09-12 20:21 - 2017-09-07 00:17 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll
2017-09-12 20:21 - 2017-09-07 00:17 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-09-12 20:21 - 2017-09-07 00:16 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 20:21 - 2017-09-07 00:16 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-09-12 20:21 - 2017-09-07 00:15 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-09-12 20:21 - 2017-09-07 00:15 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-09-12 20:21 - 2017-09-07 00:15 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-09-12 20:21 - 2017-09-07 00:15 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-09-12 20:21 - 2017-09-07 00:14 - 000678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 20:21 - 2017-09-07 00:14 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-12 20:21 - 2017-09-07 00:14 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-12 20:21 - 2017-09-07 00:14 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-12 20:21 - 2017-09-07 00:14 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-12 20:21 - 2017-09-07 00:12 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-09-12 20:21 - 2017-09-07 00:12 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-12 20:21 - 2017-09-07 00:02 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-09-12 20:21 - 2017-09-07 00:01 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-12 20:21 - 2017-09-07 00:00 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-09-12 20:21 - 2017-09-06 23:59 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-12 20:21 - 2017-09-06 23:59 - 001359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-09-12 20:21 - 2017-09-06 23:59 - 000460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-09-12 20:21 - 2017-09-06 23:59 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 20:21 - 2017-09-06 23:58 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 20:21 - 2017-09-06 23:58 - 001656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 20:21 - 2017-09-06 23:58 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-09-12 20:21 - 2017-09-06 23:57 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-09-12 20:21 - 2017-09-06 23:55 - 002217472 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 20:21 - 2017-09-06 23:54 - 003542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-09-12 20:21 - 2017-09-06 23:54 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-09-12 20:21 - 2017-08-22 00:09 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-12 20:21 - 2017-08-08 01:09 - 000065648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 20:21 - 2017-08-08 00:52 - 000649568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-12 20:21 - 2017-08-08 00:52 - 000386408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 20:21 - 2017-08-08 00:52 - 000101776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2017-09-12 20:21 - 2017-08-08 00:52 - 000079712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-09-12 20:21 - 2017-08-08 00:20 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-09-12 20:21 - 2017-08-08 00:20 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 20:21 - 2017-08-08 00:20 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-09-12 20:21 - 2017-08-08 00:20 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2017-09-12 20:21 - 2017-08-08 00:18 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-09-12 20:21 - 2017-08-08 00:16 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-09-12 20:21 - 2017-08-08 00:13 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2017-09-12 20:21 - 2017-08-07 23:58 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-09-12 20:21 - 2017-08-07 23:51 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-09-12 20:21 - 2017-03-04 02:09 - 000178520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-09-12 20:21 - 2017-03-04 02:07 - 000947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-09-12 20:21 - 2017-03-04 01:32 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-08-29 10:27 - 2017-08-04 00:31 - 001214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-08-29 10:27 - 2017-08-04 00:31 - 000629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-08-29 10:27 - 2017-08-04 00:31 - 000544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-08-29 10:27 - 2017-08-04 00:31 - 000335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-08-29 10:27 - 2017-08-04 00:31 - 000334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-08-29 10:27 - 2017-08-04 00:31 - 000233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-08-29 10:27 - 2017-08-04 00:31 - 000096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-08-29 10:27 - 2017-08-04 00:31 - 000034656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-08-29 10:27 - 2017-08-03 23:26 - 000192864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-08-28 12:05 - 2017-08-28 12:05 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Bungie
2017-08-28 11:43 - 2017-08-28 11:43 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-28 11:43 - 2017-08-21 17:33 - 000135800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-08-28 11:43 - 2017-06-15 14:32 - 000541984 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-08-28 11:43 - 2017-06-15 14:32 - 000525088 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-08-28 11:43 - 2017-06-15 14:32 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-08-28 11:43 - 2017-06-15 14:32 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-08-28 11:41 - 2017-08-21 20:01 - 040240248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 035924600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 035314112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 029019072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 023132184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 018849456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 013782904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 012225984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 011692344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 010072768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 004162496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 003590592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438541.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 001597888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438541.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 001292096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 001008816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 000972736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 000725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 000690320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 000617232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 000609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 000584312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 000499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-08-28 11:41 - 2017-08-21 20:01 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-08-28 11:41 - 2017-08-21 20:01 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-08-25 20:11 - 2017-08-25 20:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Destiny 2
2017-08-23 21:25 - 2017-08-23 21:25 - 000001456 _____ C:\Users\Lucas\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-08-19 21:53 - 2017-08-27 22:22 - 000005029 _____ C:\Users\Lucas\Desktop\Speechlist.txt
2017-08-17 00:08 - 2017-10-20 08:08 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-08-17 00:08 - 2017-08-17 00:08 - 000004382 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2017-08-17 00:08 - 2017-08-17 00:08 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2017-08-17 00:07 - 2017-10-06 03:18 - 000000000 ____D C:\Users\Lucas\AppData\Local\Overwolf
2017-08-17 00:07 - 2017-08-17 00:09 - 000000000 ____D C:\ProgramData\Overwolf
2017-08-16 18:15 - 2017-08-16 18:24 - 000000364 _____ C:\Users\Lucas\AppData\Roaming\pc-capture-log.txt
2017-08-16 18:09 - 2017-08-16 18:28 - 000008756 _____ C:\Users\Lucas\AppData\Roaming\net.telestream.gameshow.xml
2017-08-16 18:09 - 2017-08-16 18:28 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Vara Software
2017-08-16 18:09 - 2017-08-16 18:22 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\WirecastCache
2017-08-16 18:09 - 2017-08-16 18:09 - 000000101 _____ C:\Users\Lucas\AppData\Roaming\net.telestream.gameshow.app_user_guid.xml
2017-08-16 18:09 - 2017-08-16 18:09 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Wirecast
2017-08-16 18:09 - 2017-08-16 18:09 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Gameshow
2017-08-16 18:09 - 2017-08-16 18:09 - 000000000 ____D C:\Users\Lucas\AppData\Local\Telestream
2017-08-16 18:09 - 2017-08-16 18:09 - 000000000 ____D C:\ProgramData\Telestream
2017-08-15 02:33 - 2017-10-01 00:42 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3154826165-2591789761-3766887662-1020
2017-08-15 02:32 - 2017-10-23 06:53 - 000000000 ____D C:\WINDOWS\Panther
2017-08-15 02:32 - 2017-08-15 02:32 - 000000000 ____D C:\Users\purpl\AppData\Local\Logitech
2017-08-09 01:55 - 2017-07-18 19:40 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438494.dll
2017-08-09 01:55 - 2017-07-18 19:40 - 001598072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438494.dll
2017-08-09 01:55 - 2017-07-18 19:40 - 000045976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-08-08 20:24 - 2017-04-21 16:53 - 000029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-08-08 20:24 - 2017-04-21 16:53 - 000018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-08-08 20:24 - 2017-04-21 16:50 - 000030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-08-08 20:24 - 2017-04-21 16:50 - 000018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-08-08 18:44 - 2017-08-01 13:58 - 000299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2017-08-08 18:44 - 2017-08-01 13:57 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2017-08-08 18:44 - 2017-08-01 13:26 - 001949696 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2017-08-08 18:44 - 2017-08-01 12:19 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-08 18:44 - 2017-08-01 11:59 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-08 18:44 - 2017-08-01 11:58 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-08-08 18:44 - 2017-08-01 11:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2017-08-08 18:44 - 2017-08-01 11:48 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-08 18:44 - 2017-08-01 11:45 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll
2017-08-08 18:44 - 2017-08-01 11:37 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll
2017-08-08 18:44 - 2017-08-01 09:15 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-08 18:44 - 2017-08-01 09:15 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-08 18:44 - 2017-08-01 09:15 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-08 18:44 - 2017-08-01 09:15 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-08 18:44 - 2017-08-01 09:15 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-08 18:44 - 2017-08-01 09:15 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-08 18:44 - 2017-08-01 09:15 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-08 18:44 - 2017-08-01 09:15 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-08 18:44 - 2017-08-01 09:15 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-08 18:44 - 2017-08-01 09:15 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-08 18:44 - 2017-08-01 09:15 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-08 18:44 - 2017-08-01 09:15 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-08 18:44 - 2017-07-12 01:17 - 000081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-08-08 18:44 - 2017-07-12 01:09 - 001181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-08-08 18:44 - 2017-07-12 01:01 - 000156000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2017-08-08 18:44 - 2017-07-12 01:00 - 000160608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2017-08-08 18:44 - 2017-07-12 01:00 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2017-08-08 18:44 - 2017-07-12 00:56 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-08 18:44 - 2017-07-12 00:52 - 004312760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-08-08 18:44 - 2017-07-12 00:35 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll
2017-08-08 18:44 - 2017-07-12 00:32 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2017-08-08 18:44 - 2017-07-12 00:32 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll
2017-08-08 18:44 - 2017-07-12 00:31 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-08 18:44 - 2017-07-12 00:31 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2017-08-08 18:44 - 2017-07-12 00:30 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2017-08-08 18:44 - 2017-07-12 00:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll
2017-08-08 18:44 - 2017-07-12 00:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-08-08 18:44 - 2017-07-12 00:24 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmdisk0101.sys
2017-08-08 18:44 - 2017-07-12 00:24 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2017-08-08 18:44 - 2017-07-12 00:23 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-08-08 18:44 - 2017-07-12 00:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-08-08 18:44 - 2017-07-12 00:21 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2017-08-08 18:44 - 2017-07-12 00:15 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-08 18:44 - 2017-07-12 00:15 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2017-08-08 18:44 - 2017-07-12 00:14 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-08 18:44 - 2017-07-12 00:13 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-08 18:44 - 2017-07-12 00:11 - 002154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-08-08 18:44 - 2017-07-12 00:10 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-08 18:44 - 2017-07-12 00:10 - 000546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-08-08 18:44 - 2017-07-12 00:07 - 001572352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-08-08 18:44 - 2017-07-12 00:05 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-08 18:44 - 2017-07-11 21:49 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-08-08 18:44 - 2017-03-04 01:05 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-08-08 18:43 - 2017-08-01 14:21 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-08 18:43 - 2017-08-01 13:54 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-08 18:43 - 2017-08-01 13:47 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-08-08 18:43 - 2017-08-01 13:41 - 002222080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll
2017-08-08 18:43 - 2017-08-01 13:39 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-08-08 18:43 - 2017-08-01 13:39 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-08 18:43 - 2017-08-01 13:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2017-08-08 18:43 - 2017-07-12 01:15 - 000101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2017-08-08 18:43 - 2017-07-12 00:55 - 004674872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-08-08 18:43 - 2017-07-12 00:25 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2017-08-08 18:43 - 2017-07-12 00:24 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2017-08-08 18:43 - 2017-07-12 00:23 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2017-08-08 18:43 - 2017-07-12 00:23 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\frprov.dll
2017-08-08 18:43 - 2017-07-12 00:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2017-08-08 18:43 - 2017-07-12 00:21 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-08-08 18:43 - 2017-07-12 00:21 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-08-08 18:43 - 2017-07-12 00:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll
2017-08-08 18:43 - 2017-07-12 00:19 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-08-08 18:43 - 2017-07-12 00:19 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-08 18:43 - 2017-07-12 00:17 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-08-08 18:43 - 2017-07-12 00:16 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-08 18:43 - 2017-07-12 00:13 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-08 18:43 - 2017-07-12 00:12 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-08 18:43 - 2017-07-12 00:12 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-08-08 18:43 - 2017-07-12 00:12 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2017-08-08 18:43 - 2017-07-12 00:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-08 18:43 - 2017-07-12 00:10 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-08 18:43 - 2017-07-12 00:08 - 002861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-08-08 18:43 - 2017-07-12 00:07 - 000954880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-08 18:43 - 2017-07-12 00:07 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-08-08 18:43 - 2017-07-11 23:59 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-08 18:43 - 2017-07-11 23:56 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-08-08 18:43 - 2017-03-04 01:14 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2017-08-08 18:36 - 2017-08-08 18:36 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-06 15:18 - 2017-08-06 15:18 - 000000000 ____D C:\ProgramData\LogiShrd
2017-08-06 15:17 - 2017-08-06 15:24 - 000000000 ____D C:\Users\Lucas\AppData\Local\Logitech
2017-08-06 15:16 - 2017-08-06 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-08-06 15:15 - 2017-08-06 15:16 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2017-08-06 15:15 - 2017-08-06 15:15 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Logitech
2017-08-06 15:15 - 2017-08-06 15:15 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Logishrd

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-24 23:08 - 2016-09-29 08:29 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-24 23:07 - 2016-12-23 10:15 - 000026192 _____ (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2017-10-24 23:07 - 2016-09-29 08:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-24 23:07 - 2016-09-29 08:29 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-10-24 23:07 - 2016-07-16 01:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-10-24 23:06 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2017-10-24 23:04 - 2017-05-25 04:53 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 23:04 - 2016-12-22 20:44 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 23:04 - 2016-11-24 20:24 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 23:04 - 2016-11-24 20:23 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 23:04 - 2016-11-24 20:23 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 23:04 - 2016-11-24 20:23 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 23:04 - 2016-11-24 20:23 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 23:04 - 2016-11-24 20:23 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 23:04 - 2016-09-29 08:29 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-10-24 23:04 - 2016-09-29 08:29 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-10-24 23:03 - 2016-11-27 05:08 - 000770048 ___SH C:\Users\Lucas\Desktop\Thumbs.db
2017-10-24 23:01 - 2015-10-17 00:44 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-24 23:00 - 2016-05-12 22:20 - 000000000 ____D C:\ProgramData\spotflux
2017-10-24 23:00 - 2015-11-25 17:09 - 000000000 ____D C:\Users\Lucas\AppData\Local\CrashDumps
2017-10-24 22:59 - 2017-06-01 18:41 - 000000000 ____D C:\Users\Lucas\AppData\Local\Black_Tree_Gaming
2017-10-24 22:59 - 2016-05-12 22:20 - 000000000 ____D C:\Program Files (x86)\Spotflux
2017-10-24 22:52 - 2015-12-29 10:22 - 000000000 ____D C:\Program Files\CCleaner
2017-10-24 22:49 - 2016-02-28 01:14 - 000000000 ____D C:\Users\Lucas\AppData\Local\Battle.net
2017-10-24 22:49 - 2016-02-28 01:13 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-10-24 22:40 - 2016-09-29 08:30 - 004430876 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-24 22:34 - 2016-10-11 15:32 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-10-24 22:34 - 2016-09-29 08:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-10-24 22:33 - 2015-10-21 19:39 - 000000000 ____D C:\Users\Lucas\AppData\LocalLow\Temp
2017-10-24 22:32 - 2016-09-29 08:31 - 000000000 ____D C:\Users\Lucas
2017-10-24 22:32 - 2009-07-13 22:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-10-24 21:59 - 2016-09-29 08:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-24 20:20 - 2016-07-16 06:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-24 20:20 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-24 20:11 - 2016-05-21 11:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2017-10-24 20:11 - 2015-10-28 16:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-10-24 20:11 - 2015-10-28 15:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-10-23 06:49 - 2017-07-11 01:54 - 000000000 ___HD C:\$WINDOWS.~BT
2017-10-23 05:28 - 2017-07-18 04:34 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\.minecraft
2017-10-23 05:18 - 2017-06-15 05:51 - 000000000 ___HD C:\$SysReset
2017-10-23 05:16 - 2016-09-29 11:22 - 000000000 ____D C:\inetpub
2017-10-23 03:53 - 2017-01-07 00:52 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-22 18:13 - 2016-08-02 23:04 - 000000000 ____D C:\Users\Lucas\AppData\Local\Jagex
2017-10-22 18:13 - 2016-08-02 23:04 - 000000000 ____D C:\ProgramData\Jagex
2017-10-21 19:52 - 2016-05-07 20:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2017-10-21 19:52 - 2016-05-07 20:10 - 000000000 ____D C:\Program Files (x86)\Gyazo
2017-10-20 00:46 - 2017-02-03 01:17 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\vlc
2017-10-19 15:21 - 2016-06-04 14:26 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Google Play Music Desktop Player
2017-10-17 20:09 - 2016-10-07 15:16 - 000000000 ____D C:\Users\Lucas\AppData\Local\GPMDP_3
2017-10-17 20:09 - 2016-06-04 14:26 - 000000000 ____D C:\Users\Lucas\AppData\Local\SquirrelTemp
2017-10-17 20:02 - 2016-07-16 06:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-16 20:25 - 2017-02-16 22:31 - 000000000 ___RD C:\Users\purpl\OneDrive
2017-10-14 23:42 - 2015-09-10 00:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-13 21:44 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\rescache
2017-10-12 17:27 - 2016-07-16 06:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-12 17:27 - 2016-07-16 06:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-11 21:12 - 2016-09-29 08:29 - 000439312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-11 15:11 - 2016-07-16 06:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-10-11 15:11 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-10-11 15:11 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-11 08:48 - 2015-10-17 00:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 08:45 - 2015-10-17 00:54 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-10 20:05 - 2017-05-25 04:53 - 000186304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-10-10 20:05 - 2017-05-25 04:53 - 000152512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-10-10 20:05 - 2017-01-10 06:46 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-10-10 20:05 - 2016-10-12 11:46 - 001796032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-10-10 20:05 - 2016-10-12 11:46 - 001577920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-10-10 20:05 - 2016-10-12 11:46 - 000918976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-10-10 20:05 - 2016-05-27 03:32 - 000050624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-10-10 18:26 - 2016-12-22 20:44 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-10-10 14:26 - 2015-10-17 00:45 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Skype
2017-10-10 14:13 - 2015-10-17 00:44 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-10-10 14:13 - 2015-10-17 00:44 - 000000000 ____D C:\ProgramData\Skype
2017-10-02 23:19 - 2017-03-16 23:01 - 000000000 ____D C:\Users\purpl\AppData\Local\NVIDIA Corporation
2017-10-01 00:42 - 2017-02-16 22:31 - 000002405 _____ C:\Users\purpl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-01 00:42 - 2017-02-16 22:30 - 000000000 ____D C:\Users\purpl\AppData\Local\Packages
2017-09-28 23:22 - 2016-02-27 22:06 - 000000044 _____ C:\Users\Lucas\jagex_cl_oldschool_LIVE.dat
2017-09-28 18:18 - 2016-06-03 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-09-28 18:18 - 2016-06-03 18:49 - 000000000 ____D C:\Program Files\CPUID
2017-09-28 16:20 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-27 23:01 - 2016-02-27 21:54 - 000000024 ____R C:\Users\Lucas\random.dat
2017-09-27 23:00 - 2016-02-27 21:54 - 000000024 _____ C:\Users\Lucas\jagexappletviewer.preferences
2017-09-27 22:55 - 2016-02-27 21:54 - 000000000 ____D C:\Users\Lucas\jagexcache
2017-09-27 22:49 - 2016-08-02 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex

==================== Files in the root of some directories =======

2017-10-23 04:45 - 2016-07-16 06:42 - 000232960 _____ (Microsoft Corporation) C:\Program Files\cmd.exe
2017-08-16 18:09 - 2017-08-16 18:09 - 000000101 _____ () C:\Users\Lucas\AppData\Roaming\net.telestream.gameshow.app_user_guid.xml
2017-08-16 18:09 - 2017-08-16 18:28 - 000008756 _____ () C:\Users\Lucas\AppData\Roaming\net.telestream.gameshow.xml
2017-08-16 18:15 - 2017-08-16 18:24 - 000000364 _____ () C:\Users\Lucas\AppData\Roaming\pc-capture-log.txt
2017-08-23 21:25 - 2017-08-23 21:25 - 000001456 _____ () C:\Users\Lucas\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-12-23 10:06 - 2017-01-10 07:38 - 000000000 _____ () C:\Users\Lucas\AppData\Local\Driver_LOM_8171Present.flag
2017-10-23 03:59 - 2017-10-23 03:59 - 000000036 _____ () C:\Users\Lucas\AppData\Local\housecall.guid.cache
2016-02-19 02:49 - 2016-02-19 02:49 - 000000600 _____ () C:\Users\Lucas\AppData\Local\PUTTY.RND
2015-10-26 17:03 - 2015-10-26 17:03 - 000004607 _____ () C:\Users\Lucas\AppData\Local\recently-used.xbel
2016-01-18 22:24 - 2017-06-13 19:51 - 000007602 _____ () C:\Users\Lucas\AppData\Local\Resmon.ResmonCfg
2015-10-19 16:51 - 2015-10-19 16:51 - 000000003 _____ () C:\Users\Lucas\AppData\Local\updater.log
2015-10-19 16:51 - 2017-02-01 04:31 - 000000059 _____ () C:\Users\Lucas\AppData\Local\UserProducts.xml
2016-12-22 20:44 - 2017-01-10 06:46 - 000005307 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-22 20:44 - 2017-01-09 06:47 - 000006686 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-21 15:26

==================== End of FRST.txt ============================
OrangeRanger
Regular Member
 
Posts: 19
Joined: October 23rd, 2017, 5:06 am

Re: Possibly infected[2]

Unread postby OrangeRanger » October 25th, 2017, 12:14 am

Additional
Code: Select all
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2017 01
Ran by Lucas (24-10-2017 23:08:56)
Running from C:\Users\Lucas\Desktop
Windows 10 Pro Version 1607 14393.1770 (X64) (2016-09-29 13:41:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3154826165-2591789761-3766887662-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3154826165-2591789761-3766887662-503 - Limited - Disabled)
Guest (S-1-5-21-3154826165-2591789761-3766887662-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3154826165-2591789761-3766887662-1004 - Limited - Enabled)
Lucas (S-1-5-21-3154826165-2591789761-3766887662-1001 - Administrator - Enabled) => C:\Users\Lucas
Luucas (S-1-5-21-3154826165-2591789761-3766887662-1020 - Limited - Enabled) => C:\Users\purpl

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS B16.0307.1 (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE) Hidden
@BIOS B16.0307.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
64 Bit HP CIO Components Installer (HKLM\...\{3138F992-045B-4F55-825C-53B231E647CA}) (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
Ambient LED (HKLM-x32\...\{BEF97B38-D1B8-45B4-A60A-AF5C1556CC72}) (Version: 1.00.1605.1801 - GIGABYTE) Hidden
Ambient LED (HKLM-x32\...\InstallShield_{BEF97B38-D1B8-45B4-A60A-AF5C1556CC72}) (Version: 1.00.1605.1801 - GIGABYTE)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 1.00.1701.0301 - GIGABYTE) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 1.00.1701.0301 - GIGABYTE)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{9F429DF7-F8DD-4980-9673-E6DACA012F6C}) (Version: 3.3 - Microsoft Corporation) Hidden
AutoHotkey 1.1.23.05 (HKLM\...\AutoHotkey) (Version: 1.1.23.05 - Lexikos)
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.49.52296 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.)
BIOS Setup (HKLM-x32\...\{9D48202D-C767-40E7-8A4E-C14BD7328168}) (Version: 1.00.0000 - GIGABYTE) Hidden
BIOS Setup (HKLM-x32\...\InstallShield_{9D48202D-C767-40E7-8A4E-C14BD7328168}) (Version: 1.00.0000 - GIGABYTE)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{88D5D9A4-48C4-4D0A-88B9-3E18661CF0D9}) (Version: 57.0.2987.37 - Google Inc.)
Click Install if prompted (HKLM-x32\...\{92A9572E-834E-477B-A100-C9AD3EE4B4B9}) (Version: 1.0.0.0 - ExpressVpn) Hidden
CloudStation (HKLM-x32\...\{6D8DA122-A40A-421B-9D95-FE4C806BCDBE}) (Version: 1.00.0021 - GIGABYTE) Hidden
CloudStation (HKLM-x32\...\InstallShield_{6D8DA122-A40A-421B-9D95-FE4C806BCDBE}) (Version: 1.00.0021 - GIGABYTE)
CPUID CPU-Z 1.81 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.81 - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CPUID HWMonitor Pro 1.28 (HKLM\...\CPUID HWMonitorPro_is1) (Version:  - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dotfuscator and Analytics Community Edition 5.18.1 (HKLM-x32\...\{9890DF1A-10E9-4236-94B1-1EFAA4099F13}) (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
EasyTune (HKLM-x32\...\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.16.1117 - GIGABYTE) Hidden
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.16.1117 - GIGABYTE)
EasyTuneEngineService (HKLM-x32\...\{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.16.0614 - GIGABYTE) Hidden
EasyTuneEngineService (HKLM-x32\...\InstallShield_{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.16.0614 - GIGABYTE)
Electrum (HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\...\Electrum) (Version: 2.6.4 - Electrum Technologies GmbH)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVGA Precision XOC (HKLM-x32\...\{D705C0CA-D900-45AB-85A7-AD651F7055A6}) (Version: 6.0.9 - EVGA Corporation)
ExpressVPN (HKLM-x32\...\{10EB2DEF-3C7F-40DD-8C58-438906E20D08}) (Version: 6.2.3.2578 - ExpressVPN) Hidden
ExpressVPN (HKLM-x32\...\{a219f179-a66a-48db-934c-aca0746714e5}) (Version: 6.2.3.2578 - ExpressVPN)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Geeks3D FurMark 1.18.2.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GigabyteFirmwareUpdateUtility (HKLM-x32\...\{1CBA99CE-1AB3-4366-AFB4-7F7B75EBBE35}) (Version: 1.00.0000 - GIGABYTE) Hidden
GigabyteFirmwareUpdateUtility (HKLM-x32\...\InstallShield_{1CBA99CE-1AB3-4366-AFB4-7F7B75EBBE35}) (Version: 1.00.0000 - GIGABYTE)
glogg (HKLM-x32\...\glogg) (Version: 1.1.1-x86_64 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Cloud SDK (HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\...\Google Cloud SDK) (Version:  - Google Inc.)
Google Play Music Desktop Player (HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\...\GPMDP_3) (Version: 4.4.1 - Samuel Attard)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
Gyazo 3.3.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)
Killer Bandwidth Control Filter Driver (HKLM\...\{89A9DA12-B6F1-4966-95B3-574EEB6DF07E}) (Version: 1.1.65.1357 - Rivet Networks) Hidden
Killer E240x Drivers (HKLM\...\{C2AAF672-E3A2-403A-942F-7B9C9B4E592E}) (Version: 1.1.65.1357 - Rivet Networks) Hidden
Killer Network Manager (HKLM\...\{F2BE14C9-4659-4335-B964-0E76AE0D2EE7}) (Version: 1.1.65.1357 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{75269D5A-2CE7-48D1-8169-5744C83C574F}) (Version: 1.1.65.1357 - Rivet Networks)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 8.94 (HKLM\...\Logitech Gaming Software) (Version: 8.94.108 - Logitech Inc.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Build Tools 2015 (HKLM-x32\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual FoxPro 9.0 Professional - English (HKLM-x32\...\Visual FoxPro 9.0 Professional - English) (Version:  - Microsoft)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.14.21968 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.107.254.0 - Overwolf Ltd.)
PNY Drive Utility (HKLM-x32\...\{F7F0273F-68B7-44EA-AD7B-1C9F9C29C562}) (Version: 1.0.8 - PNY Technologies)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Python 3.4.0 (64-bit) (HKLM\...\{863162a8-ecc2-35ea-bdf7-e09ac456e164}) (Version: 3.4.150 - Python Software Foundation)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.3.6 - Razer Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.6.8.66 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7765 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.0 - Rockstar Games)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Sandboxie 5.18 (64-bit) (HKLM\...\Sandboxie) (Version: 5.18 - Sandboxie Holdings, LLC)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{791295AE-3B0A-3222-9E69-26C8C106E8D1}) (Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.2 - TrueCrypt Foundation)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
TypeScript Power Tool (HKLM-x32\...\{E51EAA08-F838-4CCE-B011-A82469BE6CC5}) (Version: 1.6.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{F0AF1E33-1CB9-4377-ABEE-4E4550A3F9BA}) (Version: 1.6.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.6.3.0 (HKLM-x32\...\{da31aa25-410a-4c1b-9ec0-114dd8dff786}) (Version: 1.6.23313.0 - Microsoft Corporation)
Universal CRT Extension SDK (HKLM-x32\...\{284FA9A0-CEDD-81D3-5A19-5858E95FD0C4}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{ABD37F71-FC3F-F525-C7B3-BDD95F684C51}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{74E0F5DD-514A-4F85-0EE0-1E2EBB8BFC8C}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{4C8DCEB6-5D3C-90BD-6E31-A8342B9185FF}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{DE0B03D4-5A26-DEEC-F62E-278EF28BA58E}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Virtual Audio Cable 4.15 (HKLM\...\Virtual Audio Cable 4.15) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.30 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.5 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit Broadcaster (HKLM-x32\...\{5B006BC4-6763-4BC4-9FEE-77E305E1C3F9}) (Version: 2.9.1611.1627 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3154826165-2591789761-3766887662-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F9A1E5447705}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3154826165-2591789761-3766887662-1001_Classes\CLSID\{9b2ddd1a-b426-4883-b8f8-cf11ff961155}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3154826165-2591789761-3766887662-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-08-21] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08820560-9441-44F1-BDA3-BE16695AB2D2} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe
Task: {0B74F626-E98B-41D3-8BD4-D09F2C93807B} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-10-03] ()
Task: {0D0E65D1-6B30-4B49-9F70-D48E775E6F56} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-10-17] (Overwolf LTD)
Task: {242AAFBF-3F47-412B-8598-E6E805420AFB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {257436E5-4A00-4B37-BA15-1DE7D23B4A3A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {2E3281A4-1159-47D7-8833-9F5C34B9C762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {315FC891-ABE7-4465-B9C1-B5015F1B48AA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3AE31897-E114-4A18-88FB-19F82125498D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4F846DEB-9C8B-49D6-A8F4-1620A09EB120} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {52E39460-CE1D-4677-B515-A5AF24EEC82D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {54285F0C-A22F-4A6A-A813-A3239F9219DD} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {55A3F461-9545-4AE2-8AE4-BDF36A1540B3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {561411E0-495F-4ACD-BE3B-C043BE1BD9A5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {649139EA-A1C5-4200-B835-2C8B773E8A33} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3154826165-2591789761-3766887662-1020 => C:\Users\Lucas\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {6D46F1C7-2AA3-4B7D-831C-BDC4B1E9ECAB} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {6E2C860E-493F-44C6-A0D8-E494AF7555AD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {72D29BD6-96FB-4297-8D5F-A8F19B56AB49} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {79E771B2-09CD-48EB-99F5-DE241BF489B8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {7D74CB73-7BBE-4D0A-B5B7-DA2B44ABA78B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-11] (Microsoft Corporation)
Task: {7EF05A0D-B29A-410A-974E-F3ED5118EFD4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {845E989A-5F76-451C-86D2-03B0D20678C6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {90D17722-B1AD-4857-8480-7673491C0848} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe
Task: {9D5A4352-B4F7-43F5-B1FF-4A4B7D0BA213} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {9E804A72-8815-4DCA-B0B9-4A75CD286A7B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A5F46391-C50B-46B4-B155-D5CA07302DB7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AA2B0A0D-B42F-4F95-BBFF-A8B77DE744ED} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {AFE59B8A-D39E-4BE5-AC51-1F9273D33A70} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {B49617F1-2F51-4EA0-B432-C7AC8F9C8A85} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BA017E49-6162-42DB-8CD1-5F5CE79BC412} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BA281154-C29E-49C3-92AD-B9443B03BA20} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {BA8E25D7-7816-4EE0-8EF4-05D6FA92627B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BC46F310-DEA8-485C-9AB1-DD68272DB48D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BE38801C-4D81-4A50-9ED8-CEAE09A6E0F9} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-10-03] ()
Task: {C56DB30E-5B21-434D-97EB-822041FDEAB1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {CB87050A-A878-4FF3-B98F-DBD27B9B71C9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {D0C233DE-573D-4DFD-824A-8A72FC4BCF9E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D6236414-0F93-4F12-8525-68DFF7B15A4F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {DC9B2451-2C91-434B-A170-C4C474F53BE7} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {DEA1C216-3829-4241-8CAC-A55A8FC15CEE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA488CCF-6C12-4F42-BDFC-E271DA196991} - System32\Tasks\EVGAPrecisionX => F:\Games\Steam Games\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe [2017-09-06] (EVGA Corp.)
Task: {F5986750-FA2B-40A8-B345-7F8FD1A55AB4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F78D36C5-18B8-4F57-B337-5CEBC262292C} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Cloud SDK\Google Cloud SDK Shell.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Lucas\AppData\Local\Google\Cloud SDK\cloud_env.bat""
ShortcutWithArgument: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ad,Block Plus.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gojdigjopnhgodnciccmjddabckjanko
ShortcutWithArgument: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome RDP for Google Cloud Platform.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mpbbnannobiobpnfblimoapbephgifkm
ShortcutWithArgument: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome RDP.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=cbkkbcmdlboombapidmoeolnmdacpkch
ShortcutWithArgument: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-12 20:22 - 2017-09-07 01:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-02 12:15 - 2016-12-15 05:37 - 000020208 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2017-10-23 03:53 - 2017-10-04 13:15 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-10-23 03:53 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-10-12 11:46 - 2017-10-10 20:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-09-11 19:02 - 2015-09-11 19:02 - 000803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-10-31 20:08 - 2016-10-31 20:08 - 001864384 _____ () C:\Users\Lucas\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-07-14 23:44 - 2010-07-14 23:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-09-29 11:26 - 2016-09-29 11:26 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 22:54 - 2017-03-04 01:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 22:54 - 2017-03-04 01:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 22:54 - 2017-03-04 01:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 22:54 - 2017-03-04 01:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-10-11 08:44 - 2017-09-17 21:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-10-11 08:44 - 2017-09-17 21:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-07-10 17:35 - 2017-07-10 17:35 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-07-10 17:35 - 2017-07-10 17:35 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-10-09 07:22 - 2017-10-09 07:22 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
2016-10-17 22:53 - 2017-04-23 01:29 - 002493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-10-12 11:46 - 2017-10-10 20:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-22 14:01 - 2016-12-08 02:29 - 001829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-22 14:01 - 2016-12-08 02:29 - 000085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-05-22 05:13 - 2017-05-22 05:13 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-10-12 11:46 - 2017-10-10 20:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-10-23 04:40 - 000000031 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lucas\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{308f93af-eea4-455f-be4b-5609f37a4533}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 3
MSCONFIG\Services: BstHdUpdaterSvc => 3
MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
MSCONFIG\Services: DirMngr => 2
MSCONFIG\Services: EasyTuneEngineService => 2
MSCONFIG\Services: ExpressVpnService => 2
MSCONFIG\Services: gadjservice => 2
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: Killer Service V2 => 2
MSCONFIG\Services: LolScreenSaverService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: OcButtonService => 2
MSCONFIG\Services: OracleOraDB12Home1MTSRecoveryService => 2
MSCONFIG\Services: OracleOraDB12Home1TNSListener => 2
MSCONFIG\Services: OracleServiceORCL => 2
MSCONFIG\Services: OracleVssWriterORCL => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RipsawUSBPortChecker => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpotfluxConnectionManager => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMnetDHCP => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMware NAT Service => 2
MSCONFIG\Services: VMwareHostd => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "UpdReg"
HKLM\...\StartupApproved\Run32: => "Sound Blaster X-Fi MB 3"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\...\StartupApproved\Run: => "GoToMeeting"
HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\...\StartupApproved\Run: => "MurGee.com Auto Clicker"
HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\...\StartupApproved\Run: => "Uninstall C:\Users\Lucas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509"
HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\...\StartupApproved\Run: => "Uninstall C:\Users\Lucas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F8127A34-C034-4EEA-9022-3A51EF36EC69}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3071D213-57F6-4811-A64A-1D1B28722196}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4B8A083E-C3D5-4A0B-A44A-97496E41B672}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9A6528FD-C5EB-45DC-9335-0D862B57D586}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{822C10C8-00B6-431C-ACBF-B3FFC4DBF12F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{80AFB9C8-F19B-4D44-BC87-244E7F3BB0CE}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{4197D857-B053-4447-B821-5E75C98CA6BC}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{CCFADD27-36F3-4EDD-BA79-BD2B2D5B620E}] => (Allow) LPort=3306
FirewallRules: [{F18535AA-D7E5-41A5-B724-9ABC7773E38F}] => (Allow) LPort=3306
FirewallRules: [{F2CB370D-0DCB-41FF-AA51-1CF91FC0BF26}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{730FE8AC-BEB2-40E3-9E99-1064AEE99F94}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3B62B3A8-BDC3-49FB-8D2A-91BD30D68BEF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1DD1EE81-63AD-4E17-820E-EE754C8F7930}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5CFE1FCE-F37D-43E5-8E16-D3C5ADCB4F91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F25FED34-818F-48B8-AAA3-12E71DB3C824}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{8D3628AB-89AD-4BF3-892A-C41E5F435E28}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7886B49C-8B56-4586-BE33-E80E7C2A7F13}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{58E079CD-8D44-42ED-923F-990A91BAB712}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DE7ECC06-9B64-42DE-90AA-4F2FF76B30BC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6C3CC19C-B65E-4C80-9055-6C4821998C36}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8D4CC75F-D984-48AB-8837-6C11C2154A79}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EF4A3A8C-457A-4922-8675-7E0DA2F7AE6D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{28970353-6612-4AF8-869D-C7292C82519B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{0206AF29-9394-4ABD-8DEF-2430D0797E81}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
FirewallRules: [UDP Query User{6EF22BE2-FEB2-4B8C-97A2-69E101EC7800}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
FirewallRules: [TCP Query User{296932C2-B69E-40A5-8FA8-B3B7AF1C3FE6}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{B2A3A37C-7128-429F-BBFC-AC6FF9E57CED}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{3ACA33C1-6C25-4154-B4A1-579E61925E30}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{0D4E4F50-4F0C-4D1C-9A94-FAC9770E3B0E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{B0DF1250-D70B-44EE-82FB-2B23279B117E}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
FirewallRules: [{391E2549-7CDC-4BAF-9F9F-FEE4A5556B93}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe
FirewallRules: [TCP Query User{28A0C1CD-159A-472A-A033-7A3DC4D9F1CE}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [UDP Query User{04C102A4-6394-4936-9F4C-CED6A74B8E05}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [{5DF66017-43E5-4BAD-A358-7E8B87E8C1B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E0890153-350F-4A63-824E-429EF0DD2EE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F99D5F5A-C097-424B-8EC3-1DF6318B60F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{46D00B16-E227-48BD-99C4-F9B8D1758340}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0CD56545-53DA-44D7-B554-05CBA1F24177}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{625D647E-0949-4E1E-B21A-314CC02A5EDB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FA774675-2D6E-4D75-B86A-5CEA40F94AC0}] => (Allow) F:\Games\Steam Games\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{4C3DC9C6-E53C-4B59-A4D1-FBA2FDA7B0D1}] => (Allow) F:\Games\Steam Games\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{61326436-B540-4E5F-862E-C8878B14B5C9}] => (Allow) F:\Games\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{F0DE280C-9768-47CC-B20E-0B80608B9FB1}] => (Allow) F:\Games\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{4BA6BEF7-0E7B-4846-9D94-266310E4D104}] => (Allow) F:\Games\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{C0A4BBF5-120A-4D9D-8EDE-83B70BA8CE38}] => (Allow) F:\Games\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [TCP Query User{A48BD95F-A60A-4CC1-B4E7-E35DFD69C428}F:\games\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) F:\games\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{1109D7AC-98B7-4EB5-BA61-10DD1123C679}F:\games\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) F:\games\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{07A998A5-855A-4ADC-98C3-1F337BAF4A26}] => (Allow) F:\Games\Steam Games\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{80224FE2-F8BB-4517-9EA3-DCD119B1A399}] => (Allow) F:\Games\Steam Games\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{5A882591-6943-4296-9054-F5A99FA8342A}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
FirewallRules: [{F1183C00-FCD9-4F24-8B8F-848F67FEC1E2}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.cam.exe
FirewallRules: [{20216630-0E7F-4A7F-960A-440757D81106}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
FirewallRules: [{8B9CFAA5-C209-4425-B6D2-4757C8CECF3B}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.cam.exe
FirewallRules: [{2145F215-ACBF-4BE0-817F-B9A3C9A20054}] => (Allow) F:\Games\Steam Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{54ECF899-680C-4B87-B79F-D3065424EB52}] => (Allow) F:\Games\Steam Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{648D9CB7-4AE2-4C61-92F6-1DF2024D6C28}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{0542E0F6-503D-4227-BAA7-0A98D6D40742}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{C098C0A7-3D5E-4309-A875-B3858A3B1E5C}F:\games\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) F:\games\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{A4A6E199-B03C-4EA4-AC96-A542FC1325CF}F:\games\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) F:\games\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{0BECA25D-FD5A-4C9A-BBE2-D9ACE609F0E3}F:\games\steam games\steamapps\common\grand theft auto v\gta5.exe] => (Allow) F:\games\steam games\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{175A30D1-A5C2-4B9E-AF1D-F82780891B55}F:\games\steam games\steamapps\common\grand theft auto v\gta5.exe] => (Allow) F:\games\steam games\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{F2AF137B-1CFE-438C-A4BC-F0C3CB7BC5CC}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
FirewallRules: [{DB8739B5-73E6-4C73-8461-2490F6D6D9A4}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe
FirewallRules: [{F349D6C5-7008-43C2-9D64-30FDA4D6249E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{CD906893-E889-421A-ADD1-A5583C8C9B89}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [UDP Query User{239D9D79-7A42-4FBE-9ECF-714C521964E0}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [{0E71694A-8860-4AB3-A75A-755573F8E1D3}] => (Allow) F:\Games\Steam Games\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{8AEBC952-C1EF-4B25-8769-91BBC953792C}] => (Allow) F:\Games\Steam Games\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [TCP Query User{48C31DFC-E39C-4563-BBD0-8B406309225A}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
FirewallRules: [UDP Query User{B40FB3EF-AC50-456A-BCDC-ED9ADF4FDED1}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
FirewallRules: [{5C28360D-C1E7-4D7F-B8C9-AABF6C9E7C53}] => (Allow) F:\Games\Steam Games\steamapps\common\CodeSpells\codespells.exe
FirewallRules: [{754305BA-B09B-4D89-B90D-9369CA488B0F}] => (Allow) F:\Games\Steam Games\steamapps\common\CodeSpells\codespells.exe
FirewallRules: [{3C027D62-17BB-4B37-A0EB-4B3229BE7970}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2BDB0891-57FB-4822-8615-B115568EF835}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{958C05BB-59CF-4234-9B7B-64DC97205B66}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3539BAF5-14E7-4B34-9FBD-DDDAD90E14C9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{51D83418-FFF7-47D0-AC70-AAB590B62F36}F:\games\steam games\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\games\steam games\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{4D27EAD7-8A4B-4025-BFD2-9D52547A10A7}F:\games\steam games\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\games\steam games\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{6F4301BD-7CF8-4550-9A6E-90E816BCC632}] => (Allow) F:\Games\Steam Games\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{9B1C20F0-BA13-43FF-8ED1-2FD636FA8663}] => (Allow) F:\Games\Steam Games\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{DAAC4A82-655B-4E56-84B3-ECF0F3BDBA02}] => (Allow) F:\Games\Steam Games\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{589E68A8-F198-4941-B446-AAE9D0077057}] => (Allow) F:\Games\Steam Games\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{023D224B-BFAF-49E5-B0A2-0C407A32C6A9}] => (Allow) F:\Games\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{1AA7D12B-5972-43F5-A010-5BCCAEF77C82}] => (Allow) F:\Games\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{248B3DC4-93E8-4464-B08D-20136D03CE40}] => (Allow) F:\Games\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{B6F2827A-A612-40EE-87AD-08CEBFD6786D}] => (Allow) F:\Games\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{88AC7F92-D4D2-4AD7-A862-A1F8A523A9F6}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe
FirewallRules: [{6D6F6C02-CBAA-4072-8AFC-B83E38593ECD}] => (Allow) F:\Games\Steam Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{B9A4E790-D1F9-4495-AEAF-740184693960}] => (Allow) F:\Games\Steam Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{96D925D7-F4CA-44AD-A535-C195514586E8}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{667E6896-51E0-4DFE-B45E-3FA9FC4B0687}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{73659037-A19E-4738-8B7D-0E1F233C8621}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5E973A5A-9C2A-49BD-86EC-9E41D60DAC2F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A2DD0B73-23F2-42D6-9327-EC9DFBE68DF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{641DCE8D-6687-4E7D-ADFD-F3D06E7599E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{FAF3E68A-6406-482B-8780-FCD2B47425AD}C:\program files\telestream\gameshow\gameshow.exe] => (Allow) C:\program files\telestream\gameshow\gameshow.exe
FirewallRules: [UDP Query User{9F14FB61-527A-4E02-8F83-9FD3D1A1331A}C:\program files\telestream\gameshow\gameshow.exe] => (Allow) C:\program files\telestream\gameshow\gameshow.exe
FirewallRules: [TCP Query User{AA751268-2F2C-476C-A984-686F73238305}F:\games\destiny 2\destiny2.exe] => (Allow) F:\games\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{9B2905A1-6C27-4FF7-8A50-734F293A5717}F:\games\destiny 2\destiny2.exe] => (Allow) F:\games\destiny 2\destiny2.exe
FirewallRules: [{9E68D931-C9AC-4912-ADDB-8EF6BE1AA19B}] => (Allow) F:\Games\Steam Games\steamapps\common\Deceit\bin\win_x64\Deceit.exe
FirewallRules: [{6C45B1B3-A50E-4982-8279-69089CE2EE01}] => (Allow) F:\Games\Steam Games\steamapps\common\Deceit\bin\win_x64\Deceit.exe
FirewallRules: [{2EB49E0E-DD3F-4400-87B1-9E1D175FF8C1}] => (Allow) F:\Games\Steam Games\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{1637C8E0-651E-4D23-9CC6-D4155A8E65ED}] => (Allow) F:\Games\Steam Games\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{6788A9D9-BB2F-45EF-A2CE-2710F61245A6}C:\users\lucas\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe] => (Allow) C:\users\lucas\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe
FirewallRules: [UDP Query User{CEE19149-5FD9-43F3-87A3-C6EEFD37B4CD}C:\users\lucas\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe] => (Allow) C:\users\lucas\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe
FirewallRules: [TCP Query User{C38CB05A-9839-458F-AF4F-5EE03A8D3156}F:\games\overwatch\overwatch.exe] => (Allow) F:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{A7137689-83DF-4403-8C2F-8396BE387ED2}F:\games\overwatch\overwatch.exe] => (Allow) F:\games\overwatch\overwatch.exe
FirewallRules: [{58904BE9-ADBA-41FF-BB99-C3D80BB3D192}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

==================== Restore Points =========================

24-10-2017 22:29:04 Malware Removal Backup
24-10-2017 22:58:02 Removed Gameshow
24-10-2017 22:58:22 Removed Python 3.4.0 (64-bit)
24-10-2017 22:58:40 Removed Python 2.7.11

==================== Faulty Device Manager Devices =============

Name: ExpressVPN Tap Adapter
Description: ExpressVPN Tap Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/24/2017 11:06:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/24/2017 11:05:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.

Error: (10/24/2017 11:05:37 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest".Error in manifest or policy file "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest" on line 2.
The value "F:\joju\projects\XSplitCSDemo\RazerLauncher\Components\StreamingServicesAPI.dll" of attribute "name" in element "urn:schemas-microsoft-com:asm.v1^file" is invalid.

Error: (10/24/2017 11:04:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcontainer.exe, version: 1.6.2264.7232, time stamp: 0x598d715b
Faulting module name: poco.dll, version: 1.7.6.0, time stamp: 0x58efb2c7
Exception code: 0xc0000005
Fault offset: 0x000000000000dc10
Faulting process id: 0xac8
Faulting application start time: 0x01d34d421cec180c
Faulting application path: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
Faulting module path: C:\Program Files\NVIDIA Corporation\NvContainer\poco.dll
Report Id: 878703e3-4b62-4c07-80e9-dfe73c2b185a
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (10/24/2017 11:07:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/24/2017 11:07:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BstHdDrv service failed to start due to the following error: 
The system cannot find the file specified.

Error: (10/24/2017 11:07:27 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'.  The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it.  The data field contains the error number.

Error: (10/24/2017 11:06:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/24/2017 11:06:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 8000 milliseconds: Restart the service.

Error: (10/24/2017 11:06:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (10/24/2017 11:06:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RzKLService service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/24/2017 11:06:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/24/2017 11:06:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (10/24/2017 11:06:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Chroma SDK Server service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-10-24 21:30:54.829
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-23 11:18:38.640
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-19 02:44:56.718
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-15 22:07:15.589
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-13 21:26:52.739
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-12 08:41:56.778
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-11 03:53:16.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-03 20:16:50.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-30 22:10:18.994
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-24 22:01:42.834
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 19%
Total physical RAM: 16336.38 MB
Available physical RAM: 13217.51 MB
Total Virtual: 19017.38 MB
Available Virtual: 15859.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.13 GB) (Free:112.43 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Garbage) (Fixed) (Total:149.05 GB) (Free:46.73 GB) NTFS
Drive e: (Back Up) (Fixed) (Total:745.21 GB) (Free:27.48 GB) NTFS
Drive f: (Games) (Fixed) (Total:894.25 GB) (Free:587.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 306FFBC1)
Partition 1: (Active) - (Size=223.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C964157A)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 894.3 GB) (Disk ID: 6B4F1066)
Partition 1: (Not Active) - (Size=894.3 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 745.2 GB) (Disk ID: 828A7BD1)
Partition 1: (Not Active) - (Size=745.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
OrangeRanger
Regular Member
 
Posts: 19
Joined: October 23rd, 2017, 5:06 am

Re: Possibly infected[2]

Unread postby pgmigg » October 25th, 2017, 11:19 am

Hello OrangeRanger,

Good job! Let's continue... :D

Step 1.
Remove Programs
  1. Please press the Windows Key + R.
  2. Enter appwiz.cpl into the text box and click OK.
  3. Locate the following program:
    Java 8 Update 91
  4. Press the Uninstall or Uninstall/Change button and carefully follow any prompts to uninstall the program.
    • Take care to read through any prompts completely! Some uninstallers may attempt to trick you into keeping the program.
    • Don't worry if you can't find the program. Just be sure to let me know in your reply.
  5. When the listed program has been uninstalled, please close Control Panel
  6. Once finished reboot (restart) your computer.

Step 2.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Please press the Windows Key + R.
  4. Type notepad.exe into the text box and click OK.
  5. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    DisableService: SWDUMon
    
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-31] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-31] (Oracle Corporation)
    F Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
    FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-31] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-31] (Oracle Corporation)
    S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]
    FirewallRules: [TCP Query User{0206AF29-9394-4ABD-8DEF-2430D0797E81}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
    FirewallRules: [UDP Query User{6EF22BE2-FEB2-4B8C-97A2-69E101EC7800}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
    FirewallRules: [TCP Query User{296932C2-B69E-40A5-8FA8-B3B7AF1C3FE6}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
    FirewallRules: [UDP Query User{B2A3A37C-7128-429F-BBFC-AC6FF9E57CED}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
    FirewallRules: [{CCFADD27-36F3-4EDD-BA79-BD2B2D5B620E}] => (Allow) LPort=3306
    FirewallRules: [{F18535AA-D7E5-41A5-B724-9ABC7773E38F}] => (Allow) LPort=3306
    FirewallRules: [TCP Query User{648D9CB7-4AE2-4C61-92F6-1DF2024D6C28}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
    FirewallRules: [UDP Query User{0542E0F6-503D-4227-BAA7-0A98D6D40742}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
    FirewallRules: [TCP Query User{48C31DFC-E39C-4563-BBD0-8B406309225A}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
    FirewallRules: [UDP Query User{B40FB3EF-AC50-456A-BCDC-ED9ADF4FDED1}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
    
    C:\Windows\system32\DRIVERS\SWDUMon.sys
    
    EmptyTemp:
    CMD: ipconfig /flushdns
  6. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  7. Right click on FRST64.exe and select Run as administrator.
  8. Press the Fix button one time only and wait.
  9. When FRST finishes you will be prompted to reboot your computer. Click OK.
  10. Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step 3.
ESET Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  1. Please close all open programs and windows.
  2. Please go HERE then click on Scan now and save esetonlinescanner_enu.exe on your Desktop.
  3. Double-click on esetsmartinstaller_enu.exe to run it.
  4. Select the option Accept for the Terms of Use and then follow the prompt.
  5. On the next screen please check Enable detection of potentially unwanted applications.
  6. Then click on Advanced Settings and select the following:
    • Enable detection of potentially unsafe applications
    • Enabled detection of suspicion applications
    • Scan archives
    • Enable Anti-Stealth technology
  7. Make sure that the option Clean threats automatically is NOT checked, as well as Use custom proxy settings.
  8. Now click on Scan button.
  9. The Downloading virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  10. Do not touch either the Mouse or Êeyboard during the scan otherwise it may stall.
  11. When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  12. Exit out of ESET Online Scanner.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the fixlog.txt log file
  3. Contents of the ESET.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Possibly infected[2]

Unread postby OrangeRanger » October 26th, 2017, 1:47 pm

Do you have any problems executing the instructions?No
Do you see any changes in computer behavior? No

Forewarning, Elobuddy is a hack for League of Legends, the company was taken down and sued by Riot, so therefore the program no longer works, I just never deleted it. Also I thought I completely removed KMS, but apparently not, good news is ESET wants to get rid of it completely for me, which is good. And obviously anything in E:\FileHistory\... is just automatically backed up even after I delete anything on my live version of Windows.

Code: Select all
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by Lucas (25-10-2017 20:06:12) Run:2
Running from C:\Users\Lucas\Desktop
Loaded Profiles: Lucas (Available Profiles: Lucas & Luucas & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

DisableService: SWDUMon

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-31] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-31] (Oracle Corporation)
F Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-31] (Oracle Corporation)
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]
FirewallRules: [TCP Query User{0206AF29-9394-4ABD-8DEF-2430D0797E81}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
FirewallRules: [UDP Query User{6EF22BE2-FEB2-4B8C-97A2-69E101EC7800}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
FirewallRules: [TCP Query User{296932C2-B69E-40A5-8FA8-B3B7AF1C3FE6}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{B2A3A37C-7128-429F-BBFC-AC6FF9E57CED}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{CCFADD27-36F3-4EDD-BA79-BD2B2D5B620E}] => (Allow) LPort=3306
FirewallRules: [{F18535AA-D7E5-41A5-B724-9ABC7773E38F}] => (Allow) LPort=3306
FirewallRules: [TCP Query User{648D9CB7-4AE2-4C61-92F6-1DF2024D6C28}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{0542E0F6-503D-4227-BAA7-0A98D6D40742}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{48C31DFC-E39C-4563-BBD0-8B406309225A}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
FirewallRules: [UDP Query User{B40FB3EF-AC50-456A-BCDC-ED9ADF4FDED1}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe

C:\Windows\system32\DRIVERS\SWDUMon.sys

EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
SWDUMon => service was disabled
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
F Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2 => key not found. 
C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2 => key not found. 
C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll => not found.
HKLM\System\CurrentControlSet\Services\SWDUMon => key removed successfully
SWDUMon => service removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0206AF29-9394-4ABD-8DEF-2430D0797E81}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6EF22BE2-FEB2-4B8C-97A2-69E101EC7800}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{296932C2-B69E-40A5-8FA8-B3B7AF1C3FE6}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B2A3A37C-7128-429F-BBFC-AC6FF9E57CED}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CCFADD27-36F3-4EDD-BA79-BD2B2D5B620E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F18535AA-D7E5-41A5-B724-9ABC7773E38F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{648D9CB7-4AE2-4C61-92F6-1DF2024D6C28}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0542E0F6-503D-4227-BAA7-0A98D6D40742}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{48C31DFC-E39C-4563-BBD0-8B406309225A}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B40FB3EF-AC50-456A-BCDC-ED9ADF4FDED1}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe => value removed successfully
"C:\Windows\system32\DRIVERS\SWDUMon.sys" => not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14060833 B
Java, Flash, Steam htmlcache => 14002831 B
Windows/system/drivers => 12480 B
Edge => 0 B
Chrome => 438029221 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2744 B
Lucas => 194137635 B
purpl => 0 B
DefaultAppPool => 0 B

RecycleBin => 1611 B
EmptyTemp: => 629.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:06:22 ====
OrangeRanger
Regular Member
 
Posts: 19
Joined: October 23rd, 2017, 5:06 am

Re: Possibly infected[2]

Unread postby OrangeRanger » October 26th, 2017, 1:49 pm

This scan took 10hrs due to how large my E drive is, will I have to rescan in order to clean what it found?

Code: Select all
C:\Program Files (x86)\EloBuddy\System\EloBuddy.Sandbox.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Program Files (x86)\EloBuddy\System\EloBuddy.SDK.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Addons\EvadeSharp_35114121.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Addons\KappaUtility_D9CAF188.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Addons\LeeSin_C195AD62.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Addons\Marksman Master_DB2B1B3C.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Addons\OKTW2_AB51309E.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Addons\RecallTracker_A1FDA879.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Addons\UnsignedYasuo_3AA7276D.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Addons\Libraries\EloBuddy.Sandbox.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Addons\Libraries\EloBuddy.SDK.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Addons\Libraries\PortAIO.Common.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\1A92CA72\RecallTracker\RecallTracker\bin\Release\EloBuddy.Sandbox.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\1A92CA72\RecallTracker\RecallTracker\bin\Release\EloBuddy.SDK.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\1A92CA72\RecallTracker\RecallTracker\bin\Release\RecallTracker.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\1A92CA72\RecallTracker\RecallTracker\obj\Release\RecallTracker.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\677D25E8\UnsignedYasuo\bin\Release\EloBuddy.Sandbox.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\677D25E8\UnsignedYasuo\bin\Release\EloBuddy.SDK.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\677D25E8\UnsignedYasuo\bin\Release\UnsignedYasuo.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\677D25E8\UnsignedYasuo\obj\Release\UnsignedYasuo.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\787265EE\Marksman Master\Marksman Master\bin\Release\EloBuddy.Sandbox.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\787265EE\Marksman Master\Marksman Master\bin\Release\EloBuddy.SDK.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\787265EE\Marksman Master\Marksman Master\bin\Release\Marksman Master.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\787265EE\Marksman Master\Marksman Master\obj\Release\Marksman Master.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\86477A79\KappaUtility\KappaUtility\bin\Release\EloBuddy.Sandbox.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\86477A79\KappaUtility\KappaUtility\bin\Release\EloBuddy.SDK.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\86477A79\KappaUtility\KappaUtility\bin\Release\KappaUtility.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\86477A79\KappaUtility\KappaUtility\obj\Release\KappaUtility.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A92B34E6\LeeSin\LeeSin\bin\Release\EloBuddy.Sandbox.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A92B34E6\LeeSin\LeeSin\bin\Release\EloBuddy.SDK.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A92B34E6\LeeSin\LeeSin\bin\Release\LeeSin.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A92B34E6\LeeSin\LeeSin\obj\Release\LeeSin.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\AE3B2D0E\EvadeSharp\bin\Release\EloBuddy.Sandbox.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\AE3B2D0E\EvadeSharp\bin\Release\EloBuddy.SDK.dll	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\AE3B2D0E\EvadeSharp\bin\Release\Evade.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\AE3B2D0E\EvadeSharp\obj\Release\Evade.exe	a variant of MSIL/GameHack.QL potentially unsafe application	
C:\Users\Lucas\Desktop\7 Script\7 Script.exe	a variant of MSIL/Packed.Confuser.J suspicious application	
C:\Windows\SECOH-QAD.dll	Win64/HackKMS.D potentially unsafe application	
C:\Windows\SECOH-QAD.exe	Win64/HackKMS.C potentially unsafe application	
C:\Windows\System32\drivers\netfilter2.sys	a variant of Win64/NetFilter.A potentially unsafe application	
D:\Users\Lucas\Downloads\ccsetup536pro.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	
D:\Users\Lucas\Downloads\Unlocker1.9.2.exe	Win32/WebDevAZ.C potentially unwanted application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\driver\amd64\netfilter2 (2016_06_06 04_30_21 UTC).sys	a variant of Win64/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\driver\amd64\netfilter2 (2017_01_13 12_41_25 UTC).sys	a variant of Win64/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\driver\i386\netfilter2 (2016_06_06 04_30_21 UTC).sys	a variant of Win32/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\driver\i386\netfilter2 (2017_01_13 12_41_25 UTC).sys	a variant of Win32/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\driver-win7\amd64\netfilter2 (2016_06_06 04_30_21 UTC).sys	a variant of Win64/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\driver-win7\amd64\netfilter2 (2017_01_13 12_41_25 UTC).sys	a variant of Win64/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\driver-win7\i386\netfilter2 (2016_06_06 04_30_21 UTC).sys	a variant of Win32/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\driver-win7\i386\netfilter2 (2017_01_13 12_41_25 UTC).sys	a variant of Win32/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\driver-win8\amd64\netfilter2 (2016_06_06 04_30_21 UTC).sys	a variant of Win64/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\driver-win8\amd64\netfilter2 (2017_01_13 12_41_25 UTC).sys	a variant of Win64/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\driver-win8\i386\netfilter2 (2016_06_06 04_30_21 UTC).sys	a variant of Win32/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\driver-win8\i386\netfilter2 (2017_01_13 12_41_25 UTC).sys	a variant of Win32/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\release\win32\ProtocolFilters (2016_06_06 04_30_21 UTC).dll	a variant of Win32/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\release\win32\ProtocolFilters (2017_01_13 12_41_25 UTC).dll	a variant of Win32/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\release\x64\nfapi (2016_06_06 04_30_21 UTC).dll	a variant of Win64/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\netfilter\release\x64\nfapi (2017_01_13 12_41_25 UTC).dll	a variant of Win64/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\services\nfapi (2016_06_06 04_30_21 UTC).dll	a variant of Win32/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\services\nfapi (2017_01_13 12_41_25 UTC).dll	a variant of Win32/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\services\ProtocolFilters (2016_06_06 04_30_21 UTC).dll	a variant of Win32/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Program Files (x86)\Spotflux\services\ProtocolFilters (2017_01_13 12_41_25 UTC).dll	a variant of Win32/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\ActivatorBuddy_9E2DBBF3 (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\ActivatorBuddy_9E2DBBF3 (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\EvadeIC_CF036588 (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\EvadeIC_CF036588 (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\EvadePlus_C68EADE2 (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\EvadePlus_C68EADE2 (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\Evade_911D90F4 (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\Evade_911D90F4 (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\KA Lux_9F55B4B6 (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\KA Lux_9F55B4B6 (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\KoreanAIO_503CA55E (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\KoreanAIO_503CA55E (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\LeeSin_D619E052 (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\LeeSin_D619E052 (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\Lux_24B56424 (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\Lux_24B56424 (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\MasterMind_C9596279 (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\MasterMind_C9596279 (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\Ninja Maokai_1C9CDB9D (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\Ninja Maokai_1C9CDB9D (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\VodkaDrMundo_D07FC760 (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\VodkaDrMundo_D07FC760 (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\Libraries\EloBuddy.Sandbox (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\Libraries\EloBuddy.Sandbox (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\Libraries\EloBuddy.SDK (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Addons\Libraries\EloBuddy.SDK (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\1A92CA72\ActivatorBuddy\ActivatorBuddy\bin\Release\Activator (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\1A92CA72\ActivatorBuddy\ActivatorBuddy\bin\Release\Activator (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\1A92CA72\ActivatorBuddy\ActivatorBuddy\bin\Release\EloBuddy.Sandbox (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\1A92CA72\ActivatorBuddy\ActivatorBuddy\bin\Release\EloBuddy.Sandbox (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\1A92CA72\ActivatorBuddy\ActivatorBuddy\bin\Release\EloBuddy.SDK (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\1A92CA72\ActivatorBuddy\ActivatorBuddy\bin\Release\EloBuddy.SDK (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\1A92CA72\ActivatorBuddy\ActivatorBuddy\obj\Release\Activator (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\1A92CA72\ActivatorBuddy\ActivatorBuddy\obj\Release\Activator (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\4489549\Ninja Maokai\bin\Release\EloBuddy.Sandbox (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\4489549\Ninja Maokai\bin\Release\EloBuddy.Sandbox (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\4489549\Ninja Maokai\bin\Release\EloBuddy.SDK (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\4489549\Ninja Maokai\bin\Release\EloBuddy.SDK (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\4489549\Ninja Maokai\bin\Release\Ninja Maokai (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\4489549\Ninja Maokai\bin\Release\Ninja Maokai (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\4489549\Ninja Maokai\obj\Release\Ninja Maokai (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\4489549\Ninja Maokai\obj\Release\Ninja Maokai (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\897B5B06\EloBuddy\bin\Release\EloBuddy.Sandbox (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\897B5B06\EloBuddy\bin\Release\EloBuddy.Sandbox (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\897B5B06\EloBuddy\bin\Release\EloBuddy.SDK (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\897B5B06\EloBuddy\bin\Release\EloBuddy.SDK (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\897B5B06\EloBuddy\bin\Release\Lux (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\897B5B06\EloBuddy\bin\Release\Lux (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\897B5B06\EloBuddy\obj\Release\Lux (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\897B5B06\EloBuddy\obj\Release\Lux (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\9806E2B1\VodkaDrMundo\bin\Release\EloBuddy.Sandbox (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\9806E2B1\VodkaDrMundo\bin\Release\EloBuddy.Sandbox (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\9806E2B1\VodkaDrMundo\bin\Release\EloBuddy.SDK (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\9806E2B1\VodkaDrMundo\bin\Release\EloBuddy.SDK (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\9806E2B1\VodkaDrMundo\bin\Release\VodkaDrMundo (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\9806E2B1\VodkaDrMundo\bin\Release\VodkaDrMundo (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\9806E2B1\VodkaDrMundo\obj\Release\VodkaDrMundo (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\9806E2B1\VodkaDrMundo\obj\Release\VodkaDrMundo (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\bin\Debug\EloBuddy.Sandbox (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\bin\Debug\EloBuddy.Sandbox (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\bin\Debug\EloBuddy.SDK (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\bin\Debug\EloBuddy.SDK (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\bin\Debug\KA Lux (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\bin\Debug\KA Lux (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\bin\Release\EloBuddy.Sandbox (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\bin\Release\EloBuddy.Sandbox (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\bin\Release\EloBuddy.SDK (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\bin\Release\EloBuddy.SDK (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\bin\Release\KA Lux (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\bin\Release\KA Lux (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\obj\Debug\KA Lux (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\obj\Debug\KA Lux (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\obj\Release\KA Lux (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A5B0A8CE\KA Lux\KA Lux\obj\Release\KA Lux (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\Dependencies\EloBuddy.SDK (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\Dependencies\EloBuddy.SDK (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\EvadePlus\bin\Release\EloBuddy.Sandbox (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\EvadePlus\bin\Release\EloBuddy.Sandbox (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\EvadePlus\bin\Release\EloBuddy.SDK (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\EvadePlus\bin\Release\EloBuddy.SDK (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\EvadePlus\bin\Release\EvadePlus (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\EvadePlus\bin\Release\EvadePlus (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\EvadePlus\obj\Release\EvadePlus (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\EvadePlus\obj\Release\EvadePlus (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\DF24EA50\Evade\bin\Release\EloBuddy.Sandbox (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\DF24EA50\Evade\bin\Release\EloBuddy.Sandbox (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\DF24EA50\Evade\bin\Release\EloBuddy.SDK (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\DF24EA50\Evade\bin\Release\EloBuddy.SDK (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\DF24EA50\Evade\bin\Release\Evade (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\DF24EA50\Evade\bin\Release\Evade (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\DF24EA50\Evade\obj\Release\Evade (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\DF24EA50\Evade\obj\Release\Evade (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\KoreanAIO\KoreanAIO\bin\Release\EloBuddy.Sandbox (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\KoreanAIO\KoreanAIO\bin\Release\EloBuddy.Sandbox (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\KoreanAIO\KoreanAIO\bin\Release\EloBuddy.SDK (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\KoreanAIO\KoreanAIO\bin\Release\EloBuddy.SDK (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\KoreanAIO\KoreanAIO\bin\Release\KoreanAIO (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\KoreanAIO\KoreanAIO\bin\Release\KoreanAIO (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\KoreanAIO\KoreanAIO\obj\Release\KoreanAIO (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\KoreanAIO\KoreanAIO\obj\Release\KoreanAIO (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\LeeSin\LeeSin\bin\Release\EloBuddy.Sandbox (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\LeeSin\LeeSin\bin\Release\EloBuddy.Sandbox (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\LeeSin\LeeSin\bin\Release\EloBuddy.SDK (2016_06_06 04_30_21 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\LeeSin\LeeSin\bin\Release\EloBuddy.SDK (2017_01_13 12_41_25 UTC).dll	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\LeeSin\LeeSin\bin\Release\LeeSin (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\LeeSin\LeeSin\bin\Release\LeeSin (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\LeeSin\LeeSin\obj\Release\LeeSin (2016_06_06 04_30_21 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Users\Lucas\AppData\Roaming\EloBuddy\Repositories\FCCDB4F0\LeeSin\LeeSin\obj\Release\LeeSin (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/GameHack.QL potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Windows\SECOH-QAD (2017_01_13 12_41_25 UTC).dll	Win64/HackKMS.D potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Windows\SECOH-QAD (2017_01_13 12_41_25 UTC).exe	Win64/HackKMS.C potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Windows\AutoKMS\AutoKMS (2017_01_13 12_41_25 UTC).exe	a variant of MSIL/HackKMS.H potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Windows\System32\drivers\netfilter2 (2016_06_06 04_30_21 UTC).sys	a variant of Win64/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Windows\System32\drivers\netfilter2 (2016_09_29 16_47_09 UTC).sys	a variant of Win64/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Windows\System32\drivers\netfilter2 (2017_01_13 12_41_25 UTC).sys	a variant of Win64/NetFilter.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Windows\Temp\SppExtComObjHook (2017_01_13 10_14_35 UTC).dll	Win64/HackKMS.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\C\Windows\Temp\SppExtComObjHook (2017_01_22 22_26_14 UTC).dll	Win64/HackKMS.A potentially unsafe application	
E:\FileHistory\Lucas\LUCAS-PC\Data\D\Users\Lucas\Downloads\[darkteam.net] LoaderInstaller (2016_09_28 22_35_00 UTC).zip	Win32/TrojanDownloader.Agent.CQW trojan	
E:\FileHistory\Lucas\LUCAS-PC\Data\D\Users\Lucas\Downloads\[darkteam.net] LoaderInstaller (2016_09_29 00_21_39 UTC).zip	Win32/TrojanDownloader.Agent.CQW trojan	
E:\FileHistory\Lucas\LUCAS-PC\Data\D\Users\Lucas\Downloads\[darkteam.net] LoaderInstaller (2016_09_29 01_17_00 UTC).zip	Win32/TrojanDownloader.Agent.CQW trojan	
E:\FileHistory\Lucas\LUCAS-PC\Data\D\Users\Lucas\Downloads\[darkteam.net] LoaderInstaller (2016_09_29 03_55_52 UTC).zip	Win32/TrojanDownloader.Agent.CQW trojan	
E:\FileHistory\Lucas\LUCAS-PC\Data\D\Users\Lucas\Downloads\[darkteam.net] LoaderInstaller (2016_09_29 12_53_42 UTC).zip	Win32/TrojanDownloader.Agent.CQW trojan	
Autostart locations	a variant of MSIL/Packed.Confuser.J suspicious application	
OrangeRanger
Regular Member
 
Posts: 19
Joined: October 23rd, 2017, 5:06 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 133 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware