Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I really need some help here.


  • This topic is locked This topic is locked
26 replies to this topic

#1 IMDYINGHERE

IMDYINGHERE

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 07 May 2017 - 09:57 PM

I have this virus on my pc that says "the requested resource is in use" anytime i try to start any exe or application or anything program for that matter and rkill registry edit and everything i have tried hasn't been able to do anything and trust me i have tried everything im really scared my pc is going to to be infected forever please help and im so sorry if im posting this in the wrong place.

Edit: Moved topic from Windows 10 to the more appropriate forum. ~ Animal

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 AM

Posted 08 May 2017 - 07:33 AM

Hi IMDYINGHERE :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me the content of the "mbar-log-TODAY'S-date.txt" log after running the scan and deleting the threats it detected (the log will be located in the MBAR folder).

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you cannot run MBAR, please let me know.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 IMDYINGHERE

IMDYINGHERE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 08 May 2017 - 02:53 PM

Ok so it booted fine and everything then after a long time of scanning (i have a lot of files) it went into not responding if it crashes i will attempt to do it again. (i had to close it but am trying again will report back to what it does)



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 AM

Posted 08 May 2017 - 02:55 PM

When you launch a scan MBAR, leave it be. Do not touch your computer until the scan is complete, and make sure it is the only program running (so no web browsers, games, media players, etc. running at the same time).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 IMDYINGHERE

IMDYINGHERE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 08 May 2017 - 03:02 PM

oh i see thanks for telling me.



#6 IMDYINGHERE

IMDYINGHERE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 08 May 2017 - 03:44 PM

well Closed stuff tried again and it crashed again. it found like around 1000 viruses and quit on me.



#7 IMDYINGHERE

IMDYINGHERE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 08 May 2017 - 09:48 PM

Update: still crashing and i closed everything. this virus is stubborn.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 AM

Posted 09 May 2017 - 07:23 AM

Alright, follow the instructions below please. We'll see if we can give MBAR a little push to go through.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 IMDYINGHERE

IMDYINGHERE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 09 May 2017 - 02:05 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by wyatt adams (administrator) on DESKTOP-DAMFAU8 (09-05-2017 14:53:38)
Running from C:\Users\wyatt adams\Desktop
Loaded Profiles: wyatt adams &  (Available Profiles: wyatt adams)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Users\wyatt adams\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
() C:\Windows\jmesoft\Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Windows\System32\tprdpw64.exe
(ct Corp.) C:\Users\wyatt adams\AppData\Local\ogrqkr\ct.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Flux Software LLC) C:\Users\wyatt adams\AppData\Local\FluxSoftware\Flux\flux.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(© 2015 Microsoft Corporation) C:\Users\wyatt adams\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\wyatt adams\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(SweetLabs, Inc) C:\Users\wyatt adams\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Users\wyatt adams\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Users\wyatt adams\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
() C:\Users\wyatt adams\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
() C:\Users\wyatt adams\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\wyatt adams\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16152792 2015-07-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [jmekey] => C:\Windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5883912 2017-03-02] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [cpx] => "C:\Users\wyatt adams\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\wyatt adams\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] ()
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation)
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\Run: [f.lux] => C:\Users\wyatt adams\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\Run: [BingSvc] => C:\Users\wyatt adams\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\Run: [Discord] => C:\Users\wyatt adams\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation)
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\wyatt adams\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BingSvc] => C:\Users\wyatt adams\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Discord] => C:\Users\wyatt adams\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{24b18063-34f3-4ab9-a85d-798d034b1a93}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-2730634288-3858244792-1197852294-1002 -> DefaultScope {18B22392-4A4F-441F-BD31-CD9F801489EB} URL =
SearchScopes: HKU\S-1-5-21-2730634288-3858244792-1197852294-1002 -> {18B22392-4A4F-441F-BD31-CD9F801489EB} URL =
SearchScopes: HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {18B22392-4A4F-441F-BD31-CD9F801489EB} URL =
SearchScopes: HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {18B22392-4A4F-441F-BD31-CD9F801489EB} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-04-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-18] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-27] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-18] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-18] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-18] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-27] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 692o7e1x.default
FF ProfilePath: C:\Users\wyatt adams\AppData\Roaming\Mozilla\Firefox\Profiles\692o7e1x.default [2017-05-09]
FF NewTab: Mozilla\Firefox\Profiles\692o7e1x.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\692o7e1x.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\692o7e1x.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\692o7e1x.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\692o7e1x.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\692o7e1x.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF Extension: (Min Vid) - C:\Users\wyatt adams\AppData\Roaming\Mozilla\Firefox\Profiles\692o7e1x.default\Extensions\@min-vid.xpi [2017-04-17]
FF Extension: (Test Pilot) - C:\Users\wyatt adams\AppData\Roaming\Mozilla\Firefox\Profiles\692o7e1x.default\Extensions\@testpilot-addon.xpi [2017-04-17]
FF Extension: (Bing Search) - C:\Users\wyatt adams\AppData\Roaming\Mozilla\Firefox\Profiles\692o7e1x.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-11-11]
FF Extension: (Twitch Live) - C:\Users\wyatt adams\AppData\Roaming\Mozilla\Firefox\Profiles\692o7e1x.default\Extensions\jid1-SE3gVqeg20464w@jetpack.xpi [2017-05-06]
FF Extension: (Tab Center) - C:\Users\wyatt adams\AppData\Roaming\Mozilla\Firefox\Profiles\692o7e1x.default\Extensions\tabcentertest1@mozilla.com.xpi [2017-05-03]
FF Extension: (uBlock Origin) - C:\Users\wyatt adams\AppData\Roaming\Mozilla\Firefox\Profiles\692o7e1x.default\Extensions\uBlock0@raymondhill.net.xpi [2017-04-16]
FF Extension: (Adblock Plus) - C:\Users\wyatt adams\AppData\Roaming\Mozilla\Firefox\Profiles\692o7e1x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-19]
FF SearchPlugin: C:\Users\wyatt adams\AppData\Roaming\Mozilla\Firefox\Profiles\692o7e1x.default\searchplugins\bing-.xml [2016-11-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2730634288-3858244792-1197852294-1002: @nsroblox.roblox.com/launcher -> C:\Users\wyatt adams\AppData\Local\Roblox\Versions\version-29af4e59992d47ba\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2730634288-3858244792-1197852294-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\wyatt adams\AppData\Local\Roblox\Versions\version-29af4e59992d47ba\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2730634288-3858244792-1197852294-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\wyatt adams\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\wyatt adams\AppData\Local\Roblox\Versions\version-29af4e59992d47ba\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\wyatt adams\AppData\Local\Roblox\Versions\version-29af4e59992d47ba\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\wyatt adams\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1426727778&from=cmi&uid=ST2000DM001-1ER164_Z4Z1TD7D
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1426727778&from=cmi&uid=ST2000DM001-1ER164_Z4Z1TD7D","hxxps://www.google.com/"
CHR Profile: C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default [2017-05-07]
CHR Extension: (Google Slides) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-05]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2016-11-05]
CHR Extension: (Theme Creator) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2016-11-05]
CHR Extension: (Learn Japanese) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpfgfjfpijfeilgngmbejglmdcdlohd [2016-11-05]
CHR Extension: (Google Docs) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-05]
CHR Extension: (Google Drive) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-05]
CHR Extension: (Link All) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbplhdcnpcenkdciibplnkgmiffjfnni [2016-11-05]
CHR Extension: (Ghost Pokémon) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkgalfoibaipchlgkjnidihenihkklb [2016-11-05]
CHR Extension: (Pulsate) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjilkkfelgjefpjbjfnfdhmmoglpbhli [2016-11-05]
CHR Extension: (YouTube) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-05]
CHR Extension: (Honey) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-04-23]
CHR Extension: (TagPro Capture the Flag) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\bommelfnddjcbmbcfhmhjikpfphlebjh [2016-11-05]
CHR Extension: (usecubes) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpbhakojlbckohllnekbaoilljblfpbi [2017-02-14]
CHR Extension: (Animoto Video Maker) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\cambaldalpopjjmpfogbpikpbhembepl [2016-11-05]
CHR Extension: (Adblock Plus) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-31]
CHR Extension: (Cubic Snake) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfppfmnnodejjhlibdcpohpnhggjgkli [2016-11-05]
CHR Extension: (The Legend of Equip Pants) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\deapnbacjblgohibnbjjceoikngpepcp [2016-11-05]
CHR Extension: (Realm of the Mad God) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp [2016-11-05]
CHR Extension: (Scurry) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\djoifiholmpdceikfaajckcjepbjolof [2016-11-05]
CHR Extension: (Sumo Paint) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2016-11-05]
CHR Extension: (Google Sheets) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-05]
CHR Extension: (Emojis Twitter) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcilbaojimpjmkhnhhmelignafnhegmp [2016-11-05]
CHR Extension: (The QR Code Generator) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-05]
CHR Extension: (The Elementals) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhfehlnocjpbnbcabcjjnemkkkghaak [2016-11-05]
CHR Extension: (Pixlr Editor) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2016-11-05]
CHR Extension: (Color Piano!) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh [2016-11-05]
CHR Extension: (Contranoid) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineojkjjajpfglpmjnndfioncfjkmmdn [2016-11-05]
CHR Extension: (SWOOOP) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\jblimahfbhdcengjfbdpdngcfcghladf [2016-11-05]
CHR Extension: (Grammarly for Chrome) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-04-23]
CHR Extension: (Sketchpad 3.5) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkghjbajgkcialbbimbifdcjilhcgoim [2016-11-05]
CHR Extension: (Little Alchemy) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-11-05]
CHR Extension: (Build with Chrome) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2016-11-05]
CHR Extension: (Cube - A game about Google Maps) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcoijfpdfchaihokncghkbplhiiehko [2016-11-05]
CHR Extension: (AudioSauna) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2016-11-05]
CHR Extension: (Fairy Tail - o4games.com) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiapjiccanfjgcgmgonhhfabeofgjph [2016-11-05]
CHR Extension: (Spelunky HTML5) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof [2016-11-05]
CHR Extension: (The Legend Of Zelda - Dawn Of A New Day) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlnhhgpjhholicnfffejbjogbjjoipkf [2016-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-31]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-04-30]
CHR Extension: (Spring) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkomjncdcnkmipjjlhcihlcmmmkgbch [2016-11-05]
CHR Extension: (Bubble Shooter Exclusive) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfaogkfljpdfmodbmbogiiblppijleen [2016-11-05]
CHR Extension: (Gmail) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\wyatt adams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"drmkpro64" => service could not be unlocked. <===== ATTENTION

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-04-19] (Microsoft Corporation)
R2 Dataup; C:\Users\wyatt adams\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [400656 2017-02-15] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3416584 2017-03-02] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-10] (Hi-Rez Studios) [File not signed]
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-04-25] (Lenovo Group Limited)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2017-02-27] (LogMeIn, Inc.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5660512 2016-08-16] (INCA Internet Co., Ltd.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69744 2016-10-18] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [241408 2016-08-26] (Realtek Semiconductor Corp.)
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-03] (Razer Inc)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [31176 2016-01-14] (SHAREit Technologies Co.Ltd)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\wyatt adams\AppData\Local\ogrqkr\ct.exe [651776 2017-05-04] (ct Corp.) [File not signed] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-07-24] (Advanced Micro Devices)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2017-05-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [194776 2017-05-09] (Malwarebytes)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-22] (Realtek                                            )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [736872 2016-08-26] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-18] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6382080 2016-11-11] (Realtek Semiconductor Corporation                           )
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-10-26] (Razer Inc)
R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [47312 2015-10-26] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 TTDrv; C:\KOPLAYER\vbox\TTDrv.sys [261104 2015-12-22] (Oracle Corporation)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-03-15] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2017-03-15] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R5 drmkpro64;  <===== ATTENTION: Locked Service

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-09 14:53 - 2017-05-09 14:56 - 00030722 _____ C:\Users\wyatt adams\Desktop\FRST.txt
2017-05-09 14:53 - 2017-05-09 14:53 - 00000000 ____D C:\FRST
2017-05-09 14:52 - 2017-05-09 14:52 - 02429440 _____ (Farbar) C:\Users\wyatt adams\Desktop\FRST64.exe
2017-05-08 22:52 - 2017-05-08 22:52 - 00000000 ____D C:\Users\wyatt adams\Downloads\mbar
2017-05-08 15:54 - 2017-05-08 15:54 - 16564750 _____ (Malwarebytes Corp.) C:\Users\wyatt adams\Downloads\mbar-1.09.4.1001.exe
2017-05-07 22:47 - 2017-05-07 22:47 - 00001205 _____ C:\Users\wyatt adams\Documents\FixNCR.reg
2017-05-07 21:20 - 2017-05-07 21:20 - 00000000 ____D C:\Users\wyatt adams\Documents\produkey
2017-05-07 18:14 - 2017-05-08 22:51 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-05-07 18:12 - 2017-05-07 18:12 - 00000000 ____D C:\WINDOWS\pss
2017-05-07 17:37 - 2017-05-07 17:38 - 01769984 _____ (Farbar) C:\Users\wyatt adams\Downloads\FRST.exe
2017-05-07 17:04 - 2017-05-07 17:04 - 60107896 _____ (Malwarebytes ) C:\Users\wyatt adams\Downloads\PLZbleep.exe
2017-05-07 16:07 - 2017-05-07 16:07 - 00000938 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2017-05-07 16:07 - 2017-05-07 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2017-05-07 16:05 - 2017-05-07 16:05 - 06441096 _____ (Black Tree Gaming ) C:\Users\wyatt adams\Downloads\Nexus Mod Manager-0.63.14.exe
2017-05-07 15:02 - 2017-05-07 15:02 - 00000222 _____ C:\Users\wyatt adams\Desktop\Skyrim Script Extender (SKSE).url
2017-05-07 14:50 - 2017-05-07 14:50 - 00000221 _____ C:\Users\wyatt adams\Desktop\The Elder Scrolls V Skyrim.url
2017-05-07 11:39 - 2017-05-07 15:49 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\llssoft
2017-05-07 11:39 - 2017-05-07 13:29 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\ntuserlitelist
2017-05-07 11:39 - 2017-05-07 11:39 - 00006610 _____ C:\WINDOWS\TEMPcoral.vbs
2017-05-07 11:31 - 2017-05-07 11:32 - 00508636 _____ C:\WINDOWS\Minidump\050717-28375-01.dmp
2017-05-07 11:31 - 2017-05-07 11:31 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-07 11:30 - 2017-05-09 14:56 - 00001053 _____ C:\WINDOWS\SysWOW64\splsrv.exe
2017-05-07 11:30 - 2017-05-07 11:30 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\ogrqkr
2017-05-07 11:29 - 2017-05-07 18:37 - 00000000 ____D C:\Program Files (x86)\s5
2017-05-07 11:29 - 2017-05-07 11:29 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\c
2017-05-07 11:29 - 2017-05-07 11:29 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\nzjmk
2017-05-07 11:29 - 2017-05-07 11:29 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\CrashRpt
2017-05-07 11:29 - 2017-05-07 11:29 - 00000000 ____D C:\Program Files (x86)\PCAccelerateP
2017-05-07 11:29 - 2017-05-07 11:29 - 00000000 ____D C:\Program Files (x86)\InstantSupp
2017-05-07 11:28 - 2017-05-07 11:29 - 00000000 ____D C:\Program Files (x86)\Installer_P.C.A.P
2017-05-07 11:28 - 2017-05-07 11:28 - 00594944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\libeay32.dll
2017-05-07 11:28 - 2017-05-07 11:28 - 00152576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\ssleay32.dll
2017-05-07 00:47 - 2017-05-07 00:47 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\AnonymizerLauncher
2017-05-07 00:47 - 2017-05-07 00:47 - 00000000 ____D C:\Users\wyatt adams\.proxycheck
2017-05-07 00:47 - 2017-05-07 00:47 - 00000000 ____D C:\Users\wyatt adams\.AnonymizerLauncher
2017-05-07 00:46 - 2017-05-07 18:36 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\AGData
2017-05-07 00:46 - 2017-05-07 18:36 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-05-07 00:46 - 2017-05-07 00:46 - 00003438 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck
2017-05-07 00:46 - 2017-05-07 00:46 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N C:\WINDOWS\system32\tprdpw64.exe
2017-05-02 19:05 - 2017-05-02 19:05 - 00000000 ____D C:\Windows.old
2017-05-02 19:04 - 2017-05-02 19:04 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 20506112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 08321440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 08246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 06761048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-02 19:04 - 2017-05-02 19:04 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-02 19:04 - 2017-05-02 19:04 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-02 19:04 - 2017-05-02 19:04 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-02 19:04 - 2017-05-02 19:04 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-02 19:04 - 2017-05-02 19:04 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-02 19:04 - 2017-05-02 19:04 - 01885696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-05-02 19:04 - 2017-05-02 19:04 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-02 19:04 - 2017-05-02 19:04 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-02 19:04 - 2017-05-02 19:04 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-02 19:04 - 2017-05-02 19:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-02 19:04 - 2017-05-02 19:04 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00387416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-02 19:04 - 2017-05-02 19:04 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00206232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-02 19:04 - 2017-05-02 19:04 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-02 19:04 - 2017-05-02 19:04 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-02 19:04 - 2017-05-02 19:04 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-02 19:04 - 2017-05-02 19:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-02 19:00 - 2017-05-02 19:00 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-02 19:00 - 2017-05-02 19:00 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-02 19:00 - 2017-05-02 19:00 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-02 19:00 - 2017-05-02 15:09 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-02 18:58 - 2017-05-02 18:58 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-05-02 18:58 - 2017-05-02 18:58 - 00000000 ____D C:\Program Files\MSBuild
2017-05-02 18:58 - 2017-05-02 18:58 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-05-02 18:58 - 2017-05-02 18:58 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-02 18:57 - 2017-02-10 15:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-05-02 18:57 - 2017-02-10 15:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-05-02 18:57 - 2017-02-10 15:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-05-02 18:57 - 2017-02-10 15:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-05-02 18:57 - 2017-02-10 15:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-05-02 18:57 - 2017-02-10 15:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-05-02 15:40 - 2017-05-02 15:40 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-05-02 15:39 - 2017-05-02 15:39 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\DBG
2017-05-02 15:37 - 2017-05-02 15:37 - 00000020 ___SH C:\Users\wyatt adams\ntuser.ini
2017-05-02 15:36 - 2017-05-02 15:36 - 00000000 _SHDL C:\Users\Default\My Documents
2017-05-02 15:33 - 2017-05-02 15:35 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-02 15:33 - 2017-05-02 15:35 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-02 15:29 - 2017-05-08 23:00 - 01121180 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-02 15:29 - 2017-05-08 22:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-02 15:29 - 2017-05-08 18:59 - 00004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C731B6DB-D525-4BA3-A057-F320CFDC2B19}
2017-05-02 15:29 - 2017-05-02 15:29 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-02 15:29 - 2017-05-02 15:29 - 00003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-02 15:29 - 2017-05-02 15:29 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-02 15:29 - 2017-05-02 15:29 - 00002408 _____ C:\WINDOWS\System32\Tasks\App Explorer
2017-05-02 15:29 - 2017-05-02 15:29 - 00002376 _____ C:\WINDOWS\System32\Tasks\{F8A429B1-6A80-4875-91B7-0A0A6E0790E2}
2017-05-02 15:29 - 2017-05-02 15:29 - 00002376 _____ C:\WINDOWS\System32\Tasks\{928CA012-A358-4869-A3B5-40BE6A581DB4}
2017-05-02 15:29 - 2017-05-02 15:29 - 00002376 _____ C:\WINDOWS\System32\Tasks\{89C8725A-00FF-43F3-9FAC-C624BB6A1F58}
2017-05-02 15:29 - 2017-05-02 15:29 - 00002288 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-05-02 15:29 - 2017-05-02 15:29 - 00002212 _____ C:\WINDOWS\System32\Tasks\PDVDServ12 Task
2017-05-02 15:29 - 2017-05-02 15:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2017-05-02 15:20 - 2017-05-07 15:51 - 00001564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-02 15:19 - 2017-05-02 15:19 - 00000000 ____D C:\ProgramData\USOShared
2017-05-02 15:15 - 2017-05-02 15:21 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-02 15:13 - 2017-05-09 01:50 - 00000000 ____D C:\Users\wyatt adams
2017-05-02 15:13 - 2017-05-02 15:13 - 00000000 _SHDL C:\Users\wyatt adams\My Documents
2017-05-02 15:13 - 2017-05-02 15:13 - 00000000 _SHDL C:\Users\wyatt adams\Documents\My Videos
2017-05-02 15:13 - 2017-05-02 15:13 - 00000000 _SHDL C:\Users\wyatt adams\Documents\My Pictures
2017-05-02 15:13 - 2017-05-02 15:13 - 00000000 _SHDL C:\Users\wyatt adams\Documents\My Music
2017-05-02 15:12 - 2017-05-02 15:16 - 00000000 ____D C:\ProgramData\Razer
2017-05-02 15:12 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-02 15:11 - 2017-05-08 22:50 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-05-02 15:11 - 2017-05-07 15:48 - 00000000 ____D C:\Program Files (x86)\Razer
2017-05-02 15:11 - 2017-05-02 15:21 - 00000000 ____D C:\Program Files\AMD
2017-05-02 15:11 - 2017-05-02 15:11 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-05-02 15:11 - 2017-05-02 15:11 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-05-02 15:11 - 2017-05-02 15:11 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-05-02 15:11 - 2017-05-02 15:11 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-05-02 15:11 - 2017-05-02 15:11 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-05-02 15:11 - 2017-05-02 15:11 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2017-05-02 15:10 - 2017-05-02 15:21 - 00000000 ____D C:\ProgramData\Realtek
2017-05-02 15:10 - 2017-05-02 15:10 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-05-02 15:10 - 2017-05-02 15:10 - 00000000 ____D C:\Program Files\Realtek
2017-05-02 15:09 - 2017-05-08 22:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-02 15:08 - 2017-05-07 11:32 - 00389896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-01 22:11 - 2017-05-07 15:49 - 00001446 _____ C:\Users\wyatt adams\Desktop\ROBLOX Player.lnk
2017-05-01 21:20 - 2017-05-01 21:23 - 110780348 _____ C:\Users\wyatt adams\Downloads\5585 - Pokemon - Black Version (DSi Enhanced)(USA) (E).zip
2017-05-01 21:02 - 2017-05-02 15:37 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-01 20:28 - 2017-05-02 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-05-01 20:28 - 2017-05-01 20:28 - 00000000 ____D C:\Program Files (x86)\WinPcap
2017-05-01 00:32 - 2017-05-01 00:32 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\UNP
2017-04-30 23:45 - 2017-05-02 15:21 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-04-30 23:45 - 2017-04-30 23:46 - 00000000 ____D C:\Program Files\UNP
2017-04-30 01:01 - 2017-04-30 01:01 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\Google
2017-04-25 16:54 - 2017-04-25 16:54 - 00257856 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2017-04-22 11:35 - 2017-04-22 11:35 - 00000000 ____D C:\Users\wyatt adams\Downloads\Bendy-Chapter Two(win_64)
2017-04-22 11:31 - 2017-04-22 11:32 - 126826704 _____ C:\Users\wyatt adams\Downloads\Bendy-Chapter Two(win_64).zip
2017-04-22 10:56 - 2017-04-22 10:56 - 00000000 ____D C:\Users\wyatt adams\Downloads\Bendy-Chapter One(win_64)
2017-04-22 10:50 - 2017-04-22 10:53 - 116008077 _____ C:\Users\wyatt adams\Downloads\Bendy-Chapter One(win_64).zip
2017-04-18 18:33 - 2017-05-07 15:49 - 00001182 _____ C:\Users\wyatt adams\Desktop\Malwarebytes Anti-Malware.lnk
2017-04-18 16:39 - 2017-04-18 16:39 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2017-04-18 01:25 - 2017-04-18 16:30 - 00089436 _____ C:\Users\wyatt adams\Desktop\yes.rbxl
2017-04-16 19:23 - 2017-04-16 19:23 - 00000000 ____D C:\Users\wyatt adams\Documents\M64ROMExtender1.3b
2017-04-16 18:56 - 2017-04-16 18:56 - 00000000 ____D C:\Users\wyatt adams\AppData\LocalLow\Adobe
2017-04-15 17:35 - 2017-04-15 17:53 - 00000000 ____D C:\Users\wyatt adams\Desktop\0004000000033500
2017-04-15 13:25 - 2017-04-15 13:25 - 00000000 ____D C:\Users\wyatt adams\Documents\vJoyConfig_x64
2017-04-14 23:02 - 2017-05-07 15:49 - 00001978 _____ C:\Users\wyatt adams\Desktop\FileZilla Client.lnk
2017-04-14 23:02 - 2017-05-02 15:21 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-04-14 23:02 - 2017-04-29 23:19 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\FileZilla
2017-04-14 23:02 - 2017-04-15 17:35 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\FileZilla
2017-04-14 23:02 - 2017-04-14 23:02 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2017-04-14 19:26 - 2017-05-07 15:51 - 00001131 _____ C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1964.lnk
2017-04-14 19:26 - 2017-04-14 19:26 - 00000000 ____D C:\Program Files (x86)\1964
2017-04-14 19:25 - 2017-04-14 19:25 - 00000000 ____D C:\Users\wyatt adams\Desktop\xD
2017-04-14 19:08 - 2017-05-07 15:51 - 00001883 _____ C:\Users\Public\Desktop\Spek.lnk
2017-04-14 19:08 - 2017-05-02 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spek
2017-04-14 19:08 - 2017-04-14 19:08 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\spek
2017-04-14 19:08 - 2017-04-14 19:08 - 00000000 ____D C:\Program Files (x86)\Spek
2017-04-12 22:07 - 2017-04-12 22:07 - 00000000 ____D C:\Users\wyatt adams\AppData\LocalLow\TheMeatly Games
2017-04-12 16:38 - 2017-05-07 15:50 - 00001176 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-04-12 16:38 - 2017-05-07 11:35 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-04-12 16:38 - 2017-05-02 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-04-12 16:38 - 2017-04-12 16:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-04-12 16:38 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-04-12 16:38 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-04-12 16:37 - 2017-04-12 16:37 - 00000000 ____D C:\Users\wyatt adams\Desktop\mbam-chameleon-3.1.33.0
2017-04-12 01:26 - 2016-08-26 17:47 - 00736872 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtkBtfilter.sys
2017-04-12 01:26 - 2016-08-26 17:47 - 00241408 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtkBtManServ.exe
2017-04-12 01:26 - 2016-08-26 17:42 - 00073996 _____ C:\WINDOWS\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192ee_new.dll
2017-04-12 01:26 - 2016-08-26 17:42 - 00066368 _____ C:\WINDOWS\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192eu_new.dll
2017-04-12 01:26 - 2016-08-26 17:42 - 00064604 _____ C:\WINDOWS\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_new.dll
2017-04-12 01:26 - 2016-08-26 17:42 - 00053548 _____ C:\WINDOWS\rtl8723d_mp_chip_bt40_fw_asic_rom_patch_new.dll
2017-04-12 01:26 - 2016-08-26 17:42 - 00050752 _____ C:\WINDOWS\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new.dll
2017-04-12 01:26 - 2016-08-26 17:42 - 00050712 _____ C:\WINDOWS\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8812ae_new.dll
2017-04-12 01:26 - 2016-08-26 17:42 - 00050700 _____ C:\WINDOWS\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new_s1.dll
2017-04-12 01:26 - 2016-08-26 17:42 - 00045100 _____ C:\WINDOWS\rtl8822b_mp_chip_bt40_fw_asic_rom_patch_new.dll
2017-04-12 01:26 - 2016-08-26 17:42 - 00038356 _____ C:\WINDOWS\rtl8821a_mp_chip_bt40_fw_asic_rom_patch_new.dll
2017-04-12 01:26 - 2016-08-26 17:42 - 00037244 _____ C:\WINDOWS\rlt8723a_chip_bt40_fw_asic_rom_patch.dll
2017-04-12 01:26 - 2016-08-26 17:42 - 00016916 _____ C:\WINDOWS\rtl8821c_mp_chip_bt40_fw_asic_rom_patch_new.dll
2017-04-12 01:26 - 2016-08-26 17:42 - 00000952 _____ C:\WINDOWS\PidVid_List.dll
2017-04-12 01:25 - 2015-07-21 19:34 - 04589784 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-04-12 01:25 - 2015-07-21 18:37 - 36778882 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-04-12 01:25 - 2015-07-21 15:13 - 01310936 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-04-12 01:25 - 2015-07-20 19:11 - 01750232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-04-12 01:25 - 2015-07-17 17:04 - 02930904 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-04-12 01:25 - 2015-07-17 17:04 - 02585816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2017-04-12 01:25 - 2015-07-15 16:16 - 05717952 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2017-04-12 01:25 - 2015-07-14 17:13 - 01579096 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-04-12 01:25 - 2015-07-14 16:13 - 00803656 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2017-04-12 01:25 - 2015-07-13 15:32 - 02919128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-04-12 01:25 - 2015-07-01 00:07 - 12864432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2017-04-12 01:25 - 2015-06-30 16:04 - 00184688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-04-12 01:25 - 2015-06-25 19:06 - 03091915 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat
2017-04-12 01:25 - 2015-06-25 17:43 - 02461528 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2017-04-12 01:25 - 2015-06-25 17:43 - 02393432 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2017-04-12 01:25 - 2015-06-24 23:41 - 00944984 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2017-04-12 01:25 - 2015-06-24 23:41 - 00349528 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2017-04-12 01:25 - 2015-06-24 06:01 - 06306120 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2017-04-12 01:25 - 2015-06-22 16:20 - 12997552 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2017-04-12 01:25 - 2015-06-22 16:20 - 01374640 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2017-04-12 01:25 - 2015-06-22 14:43 - 02702552 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-04-12 01:25 - 2015-06-17 14:45 - 03234520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-04-12 01:25 - 2015-06-08 16:13 - 02825944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2017-04-12 01:25 - 2015-05-25 15:18 - 03195416 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2017-04-12 01:25 - 2015-05-11 13:08 - 01192368 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2017-04-12 01:25 - 2015-05-11 13:08 - 01145264 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2017-04-12 01:25 - 2015-05-11 13:08 - 00980400 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2017-04-12 01:25 - 2015-04-27 16:09 - 00328816 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2017-04-12 01:25 - 2015-04-24 05:42 - 00858256 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-04-12 01:25 - 2015-04-24 05:42 - 00684176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-04-12 01:25 - 2015-04-24 05:42 - 00435856 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-04-12 01:25 - 2015-04-24 05:41 - 00555664 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.DLL
2017-04-12 01:25 - 2015-04-13 16:25 - 03262184 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2017-04-12 01:25 - 2015-02-05 17:48 - 02789808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2017-04-12 01:25 - 2015-02-04 00:38 - 01413776 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-04-12 01:25 - 2015-02-04 00:38 - 00454288 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-04-12 01:25 - 2015-02-04 00:38 - 00369296 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-04-12 01:25 - 2015-02-04 00:38 - 00329360 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-04-12 01:25 - 2015-02-04 00:38 - 00329360 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-04-12 01:25 - 2015-01-23 18:16 - 00213432 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaemaxapo64.dll
2017-04-12 01:25 - 2015-01-19 18:10 - 72113152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-04-12 01:25 - 2014-12-11 08:10 - 01104040 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-04-12 01:25 - 2014-12-11 08:10 - 00943784 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-04-12 01:25 - 2014-12-11 08:10 - 00734376 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-04-12 01:25 - 2014-12-11 08:10 - 00250536 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-04-12 01:25 - 2014-12-09 07:42 - 06255888 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2017-04-12 01:25 - 2014-12-09 07:42 - 01933584 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2017-04-12 01:25 - 2014-12-09 07:42 - 00349968 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2017-04-12 01:25 - 2014-12-09 07:42 - 00298768 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2017-04-12 01:25 - 2014-11-11 13:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-04-12 01:25 - 2014-10-24 10:12 - 05234952 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2017-04-12 01:25 - 2014-10-24 10:12 - 00995120 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2017-04-12 01:25 - 2014-09-24 11:31 - 07087448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-04-12 01:25 - 2014-09-24 11:31 - 01939800 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-04-12 01:25 - 2014-09-24 11:31 - 00315736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-04-12 01:25 - 2014-09-24 11:31 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-04-12 01:25 - 2014-08-14 19:16 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2017-04-12 01:25 - 2014-06-17 19:17 - 00856992 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2017-04-12 01:25 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-04-12 01:25 - 2014-05-22 16:24 - 00096568 _____ C:\WINDOWS\system32\audioLibVc.dll
2017-04-12 01:25 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2017-04-12 01:25 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2017-04-12 01:25 - 2014-02-27 20:02 - 02162992 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2017-04-12 01:25 - 2014-01-31 17:27 - 01313904 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2017-04-12 01:25 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-04-12 01:25 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2017-04-12 01:25 - 2013-10-07 00:26 - 00501184 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2017-04-12 01:25 - 2013-10-07 00:26 - 00487360 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2017-04-12 01:25 - 2013-10-07 00:26 - 00415680 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2017-04-12 01:25 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2017-04-12 01:25 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2017-04-12 01:25 - 2013-07-23 15:39 - 14048512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2017-04-12 01:25 - 2013-07-23 15:39 - 00922880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2017-04-12 01:25 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
2017-04-12 01:25 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
2017-04-12 01:25 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
2017-04-12 01:25 - 2013-06-21 11:01 - 00109848 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2017-04-12 01:25 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2017-04-12 01:25 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-04-12 01:25 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-04-12 01:25 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-04-12 01:25 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-04-12 01:25 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-04-12 01:25 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-04-12 01:25 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2017-04-12 01:25 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-04-12 01:25 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-04-12 01:25 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2017-04-12 01:25 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2017-04-12 01:25 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2017-04-12 01:25 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2017-04-12 01:25 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-04-12 01:25 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-04-12 01:25 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-04-12 01:25 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-04-12 01:25 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-04-12 01:25 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-04-12 01:25 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-04-12 01:25 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-04-12 01:25 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-04-12 01:25 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-04-12 01:25 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-04-12 01:25 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-04-12 01:25 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2017-04-12 01:25 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2017-04-12 01:25 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-04-12 01:25 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-04-12 01:25 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-04-12 01:25 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-04-12 01:25 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-04-12 01:25 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-04-12 01:25 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2017-04-12 01:25 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2017-04-12 01:25 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-04-12 01:25 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-04-12 01:25 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-04-12 01:25 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-04-11 16:31 - 2017-03-28 01:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-11 16:30 - 2017-03-28 01:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-09 14:55 - 2016-11-16 00:24 - 00200987 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-05-09 14:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-09 14:53 - 2016-12-25 13:02 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2017-05-09 14:53 - 2016-11-05 16:37 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\Host App Service
2017-05-09 14:52 - 2016-11-20 22:02 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\LogMeIn Hamachi
2017-05-09 14:51 - 2016-11-07 20:56 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\Skype
2017-05-09 14:51 - 2016-11-05 17:41 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-09 14:50 - 2016-12-08 02:50 - 00000000 ____D C:\Users\wyatt adams\AppData\LocalLow\Mozilla
2017-05-09 01:05 - 2017-03-25 22:32 - 00194776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-09 01:05 - 2017-03-25 22:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-05-08 23:40 - 2017-03-25 22:29 - 00000000 ____D C:\Users\wyatt adams\Desktop\mbar
2017-05-08 22:54 - 2017-02-15 22:46 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-05-08 22:53 - 2017-03-18 07:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-05-08 19:31 - 2016-11-05 18:52 - 00000000 ____D C:\Users\wyatt adams\Documents\real
2017-05-08 15:03 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-08 01:39 - 2016-12-31 01:22 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-05-07 16:07 - 2016-11-26 23:52 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\Black_Tree_Gaming
2017-05-07 16:07 - 2016-11-26 23:52 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2017-05-07 15:51 - 2017-04-07 15:13 - 00001150 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2017-05-07 15:51 - 2017-03-30 12:44 - 00001442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-05-07 15:51 - 2017-03-30 12:44 - 00001373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-05-07 15:51 - 2017-03-30 12:44 - 00000998 _____ C:\Users\Public\Desktop\Video Win Movie Maker.lnk
2017-05-07 15:51 - 2017-03-18 16:59 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2017-05-07 15:51 - 2017-03-18 16:58 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2017-05-07 15:51 - 2017-03-18 16:57 - 00002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2017-05-07 15:51 - 2017-02-20 20:48 - 00001195 _____ C:\Users\Public\Desktop\Tyberis Music Database Free.lnk
2017-05-07 15:51 - 2017-01-28 06:25 - 00001786 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2017-05-07 15:51 - 2016-12-11 13:01 - 00001034 _____ C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2017-05-07 15:51 - 2016-11-22 23:04 - 00001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-05-07 15:51 - 2016-11-20 22:22 - 00001172 _____ C:\Users\Public\Desktop\Zelda Randomizer.lnk
2017-05-07 15:51 - 2016-11-19 23:58 - 00001034 _____ C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-05-07 15:51 - 2016-11-13 12:34 - 00003276 _____ C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo App Explorer.lnk
2017-05-07 15:51 - 2016-11-11 22:04 - 00002634 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-07 15:51 - 2016-11-05 17:41 - 00001037 _____ C:\Users\Public\Desktop\Steam.lnk
2017-05-07 15:51 - 2016-11-05 16:41 - 00002390 _____ C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-07 15:51 - 2016-08-19 20:16 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2017-05-07 15:51 - 2016-08-19 20:08 - 00002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-05-07 15:51 - 2016-08-19 20:08 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-05-07 15:51 - 2016-08-19 20:08 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-05-07 15:51 - 2016-08-19 20:08 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-05-07 15:51 - 2016-08-19 20:08 - 00002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-05-07 15:51 - 2016-08-19 20:08 - 00002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-05-07 15:51 - 2016-08-19 20:08 - 00002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-05-07 15:50 - 2017-02-11 22:50 - 00001868 _____ C:\Users\Public\Desktop\Krita.lnk
2017-05-07 15:50 - 2017-01-21 00:28 - 00002222 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-05-07 15:50 - 2016-12-30 20:49 - 00002484 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2017-05-07 15:50 - 2016-11-22 23:04 - 00001081 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-05-07 15:50 - 2016-11-20 22:02 - 00000996 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2017-05-07 15:50 - 2016-11-20 17:57 - 00001031 _____ C:\Users\Public\Desktop\Minecraft.lnk
2017-05-07 15:50 - 2016-11-06 22:35 - 00000763 _____ C:\Users\Public\Desktop\Elsword.lnk
2017-05-07 15:50 - 2016-11-06 13:05 - 00001280 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-05-07 15:50 - 2016-11-05 16:49 - 00002159 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2017-05-07 15:49 - 2017-04-03 00:31 - 00001261 _____ C:\Users\wyatt adams\Desktop\ROBLOX Studio.lnk
2017-05-07 15:49 - 2017-02-10 21:02 - 00001507 _____ C:\Users\wyatt adams\Desktop\KOPLAYER Multi Manager.lnk
2017-05-07 15:49 - 2017-02-10 21:02 - 00000643 _____ C:\Users\wyatt adams\Desktop\KOPLAYER.lnk
2017-05-07 15:49 - 2017-01-16 15:28 - 00002274 _____ C:\Users\wyatt adams\Desktop\Discord.lnk
2017-05-07 15:49 - 2016-12-28 22:06 - 00001965 _____ C:\Users\wyatt adams\Desktop\ShadowExplorer.lnk
2017-05-07 15:49 - 2016-12-16 00:07 - 00001181 _____ C:\Users\wyatt adams\Desktop\Core Temp.lnk
2017-05-07 15:49 - 2016-12-11 13:01 - 00001028 _____ C:\Users\wyatt adams\Desktop\osu!.lnk
2017-05-07 15:49 - 2016-11-20 00:07 - 00000146 _____ C:\Users\wyatt adams\Desktop\Sound - Shortcut.lnk
2017-05-07 15:49 - 2016-11-05 21:45 - 00001632 _____ C:\Users\wyatt adams\Desktop\Pokémon Trading Card Game Online.lnk
2017-05-07 15:02 - 2016-11-05 17:46 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-07 11:34 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-07 11:31 - 2016-12-07 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-07 11:31 - 2016-11-06 10:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-07 11:31 - 2016-11-05 21:46 - 1071846091 _____ C:\WINDOWS\MEMORY.DMP
2017-05-07 11:27 - 2017-03-27 18:40 - 00002063 ____R C:\Users\Public\Desktop\Тооntоwn Rеwrittеn.lnk
2017-05-07 11:27 - 2017-03-27 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toontown Rewritten
2017-05-07 11:27 - 2017-03-27 18:40 - 00000000 ____D C:\Program Files (x86)\Toontown Rewritten
2017-05-07 11:27 - 2016-11-06 10:42 - 00002039 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2017-05-07 11:27 - 2016-11-06 10:42 - 00002027 ____R C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2017-05-07 11:27 - 2016-11-05 17:01 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-05-07 11:27 - 2016-11-05 16:59 - 00002302 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2017-05-07 11:27 - 2016-11-05 16:59 - 00002290 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2017-05-06 21:50 - 2017-02-14 23:01 - 00000000 ____D C:\Users\wyatt adams\Desktop\New folder
2017-05-06 18:03 - 2017-02-10 21:02 - 00000000 ____D C:\Users\wyatt adams\.TianTianVM
2017-05-05 23:00 - 2016-11-05 21:11 - 00000000 ____D C:\Users\wyatt adams\Documents\r34
2017-05-04 23:04 - 2017-04-03 00:31 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-05-03 21:20 - 2016-11-06 13:06 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\obs-studio
2017-05-03 17:05 - 2016-11-08 20:04 - 00000000 ____D C:\Program Files\Common Files\logishrd
2017-05-03 14:56 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-03 14:51 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-02 19:07 - 2017-03-18 17:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-02 19:05 - 2017-03-18 17:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-02 19:04 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-02 19:04 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-02 19:04 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-02 19:04 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-02 19:04 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-02 19:04 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-02 19:04 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-02 19:04 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-02 19:04 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-02 19:04 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-02 18:57 - 2017-03-18 16:56 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2017-05-02 18:57 - 2017-03-18 16:56 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2017-05-02 18:57 - 2017-03-18 16:56 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2017-05-02 18:57 - 2017-03-18 16:56 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2017-05-02 18:57 - 2017-03-18 16:56 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2017-05-02 18:57 - 2017-03-18 16:56 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2017-05-02 18:57 - 2017-03-18 16:56 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2017-05-02 18:57 - 2017-03-18 16:56 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2017-05-02 18:57 - 2017-03-18 16:56 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2017-05-02 18:57 - 2017-03-18 16:56 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2017-05-02 18:57 - 2017-03-18 16:56 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2017-05-02 18:57 - 2017-03-18 16:56 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2017-05-02 18:57 - 2017-03-18 16:56 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2017-05-02 18:57 - 2017-03-18 16:56 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2017-05-02 18:57 - 2017-03-18 16:56 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2017-05-02 18:57 - 2017-03-18 16:56 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2017-05-02 18:57 - 2017-03-18 16:56 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2017-05-02 18:57 - 2017-03-18 16:56 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2017-05-02 16:13 - 2016-11-05 16:38 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\Packages
2017-05-02 15:45 - 2016-11-05 16:41 - 00000000 ___RD C:\Users\wyatt adams\OneDrive
2017-05-02 15:38 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-02 15:37 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-02 15:37 - 2015-11-03 15:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-02 15:35 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-02 15:35 - 2017-03-18 07:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-05-02 15:33 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-02 15:33 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-02 15:29 - 2017-03-18 22:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-02 15:29 - 2016-11-08 20:20 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-02 15:28 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-02 15:22 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-05-02 15:21 - 2017-04-07 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2017-05-02 15:21 - 2017-03-31 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-02 15:21 - 2017-03-30 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Win Movie Maker
2017-05-02 15:21 - 2017-03-29 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2017-05-02 15:21 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-02 15:21 - 2017-03-06 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2017-05-02 15:21 - 2017-02-20 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tyberis Music Database Free
2017-05-02 15:21 - 2017-02-15 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2017-05-02 15:21 - 2017-02-13 23:09 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-05-02 15:21 - 2017-02-11 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Krita
2017-05-02 15:21 - 2017-02-10 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KOPLAYER
2017-05-02 15:21 - 2017-01-29 04:05 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\U T A U
2017-05-02 15:21 - 2017-01-21 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-05-02 15:21 - 2016-12-28 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2017-05-02 15:21 - 2016-12-27 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS
2017-05-02 15:21 - 2016-12-16 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2017-05-02 15:21 - 2016-12-09 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-05-02 15:21 - 2016-12-09 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2017-05-02 15:21 - 2016-11-25 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2017-05-02 15:21 - 2016-11-20 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zelda Randomizer
2017-05-02 15:21 - 2016-11-20 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-05-02 15:21 - 2016-11-12 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2017-05-02 15:21 - 2016-11-06 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elsword
2017-05-02 15:21 - 2016-11-06 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-05-02 15:21 - 2016-11-05 23:04 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2017-05-02 15:21 - 2016-11-05 21:44 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2017-05-02 15:21 - 2016-11-05 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-05-02 15:21 - 2016-11-05 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-02 15:21 - 2016-11-05 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-02 15:21 - 2016-08-19 20:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-05-02 15:21 - 2016-08-19 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-05-02 15:20 - 2015-10-30 02:28 - 00000000 ____D C:\Users\Default.migrated
2017-05-02 15:19 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-05-02 15:17 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-02 15:17 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-02 15:17 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-05-02 15:17 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-02 15:17 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-02 15:16 - 2017-03-28 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-02 15:16 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-02 15:16 - 2016-12-30 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
2017-05-02 15:16 - 2016-12-25 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-05-02 15:16 - 2016-08-19 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit
2017-05-02 15:15 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-02 15:14 - 2017-01-16 15:28 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-05-02 15:12 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-02 01:14 - 2017-03-18 23:20 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-01 22:11 - 2016-11-06 18:01 - 00000250 _____ C:\Users\wyatt adams\AppData\LocalLow\rbxcsettings.rbx
2017-04-27 15:28 - 2016-08-19 20:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-21 23:05 - 2016-12-11 13:00 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\osu!
2017-04-21 20:57 - 2016-11-22 23:04 - 00000000 ____D C:\Users\wyatt adams\AppData\Roaming\Audacity
2017-04-18 16:53 - 2016-08-28 20:46 - 00000000 ____D C:\Program Files\ATI
2017-04-18 16:47 - 2016-11-05 20:02 - 00000000 ____D C:\ProgramData\Oracle
2017-04-18 16:40 - 2016-11-05 20:02 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-18 16:39 - 2016-11-20 17:52 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-04-18 16:39 - 2016-11-20 17:52 - 00000000 ____D C:\Program Files\Java
2017-04-18 16:38 - 2016-11-05 20:02 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-04-18 16:30 - 2016-12-25 13:29 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\Roblox
2017-04-16 19:08 - 2017-04-07 15:13 - 00000000 ____D C:\Users\wyatt adams\.VirtualBox
2017-04-16 16:41 - 2016-11-12 15:14 - 00000000 ____D C:\Users\wyatt adams\Desktop\shimeji
2017-04-12 16:38 - 2017-03-25 22:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-12 01:26 - 2016-08-28 20:48 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-04-12 01:25 - 2016-08-28 20:48 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-04-12 01:25 - 2016-08-19 20:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-12 01:24 - 2016-11-19 12:33 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-04-12 01:24 - 2016-08-19 20:18 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-11 22:58 - 2016-11-05 16:41 - 00000000 ____D C:\Users\wyatt adams\AppData\Local\ElevatedDiagnostics
2017-04-11 21:29 - 2017-03-31 03:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-11 21:29 - 2017-03-31 03:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-11 16:56 - 2016-11-05 20:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 16:53 - 2016-11-05 20:23 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2017-02-12 16:28 - 2017-02-12 16:28 - 0000063 _____ () C:\Users\wyatt adams\AppData\Local\emaildefaults
2017-02-12 16:29 - 2017-02-12 16:29 - 0000420 _____ () C:\Users\wyatt adams\AppData\Local\karboncalligraphyrc
2017-02-12 16:28 - 2017-02-16 22:21 - 0015354 _____ () C:\Users\wyatt adams\AppData\Local\kritarc
2017-03-29 18:09 - 2017-03-29 18:09 - 0000218 _____ () C:\Users\wyatt adams\AppData\Local\recently-used.xbel
2017-05-02 15:11 - 2017-05-02 15:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-06 14:36 - 2016-11-06 14:36 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-05-05 10:33 - 2017-05-05 10:33 - 3190104 _____ (Lead IT) C:\Users\wyatt adams\AppData\Local\Temp\RT1gy4tN-prog.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-02 15:08

==================== End of FRST.txt ============================                                                                                                                                                    



#10 IMDYINGHERE

IMDYINGHERE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 09 May 2017 - 02:06 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by wyatt adams (09-05-2017 14:57:37)
Running from C:\Users\wyatt adams\Desktop
Windows 10 Home Version 1703 (X64) (2017-05-02 19:37:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2730634288-3858244792-1197852294-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2730634288-3858244792-1197852294-503 - Limited - Disabled)
Guest (S-1-5-21-2730634288-3858244792-1197852294-501 - Limited - Disabled)
wyatt adams (S-1-5-21-2730634288-3858244792-1197852294-1002 - Administrator - Enabled) => C:\Users\wyatt adams

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Action Replay PowerSaves 3DS version 1.45 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.45 - Datel Design & Development)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Age of Conquest IV (HKLM\...\Steam App 314970) (Version:  - Noble Master LLC)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Catalyst Control Center Next Localization BR (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cities: Skylines (HKLM\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Core Temp 1.5.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.5.1 - ALCPU)
Cosmochoria (HKLM\...\Steam App 293240) (Version:  - Nate Schmold)
Crypt of the NecroDancer (HKLM\...\Steam App 247080) (Version:  - Brace Yourself Games)
Cubic Castles (HKLM\...\Steam App 317470) (Version:  - Cosmic Cow LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deluge 1.3.14 (HKLM-x32\...\Deluge) (Version:  - )
Digimon Masters Online (HKLM\...\Steam App 537180) (Version:  - Move Games Co., Ltd.)
Discord (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Don't Starve (HKLM\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
Driver and Application Installation (HKLM-x32\...\{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.12.0219 - Lenovo)
Dungeon Defenders II (HKLM\...\Steam App 236110) (Version:  - Trendy Entertainment)
Elsword version v6.1026.3.1 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v6.1026.3.1 - KOGGAMES)
f.lux (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Flux) (Version:  - )
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
FileZilla Client 3.25.1 (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse)
FileZilla Client 3.25.1 (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse)
FINAL FANTASY VIII (HKLM\...\Steam App 39150) (Version:  - SQUARE ENIX)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Game Dev Tycoon (HKLM\...\Steam App 239820) (Version:  - Greenheart Games)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Gridworld (HKLM\...\Steam App 396890) (Version:  - DopplerFrog)
Happy Wars (HKLM\...\Steam App 246280) (Version:  - Toylogic inc.)
Hell Yeah! (HKLM\...\Steam App 205230) (Version:  - Arkedo)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.9.6 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
InterStat (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\InterStat) (Version: 1.0 - InterStat) <==== ATTENTION
InterStat (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\InterStat) (Version: 1.0 - InterStat) <==== ATTENTION
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
KOPLAYER Pro version: 1.4.1055 (HKLM\...\KOPLAYER_is1) (Version:  - KOPLAYER Team)
Krita (x64) 3.1.2.1 (HKLM\...\Krita_x64) (Version: 3.1.2.1 - Krita Foundation)
Lenovo App Explorer (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\Host App Service) (Version: 0.272.1.559 - SweetLabs for Lenovo)
Lenovo App Explorer (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Host App Service) (Version: 0.272.1.559 - SweetLabs for Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.8231 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.)
Lenovo PowerDVD12 (x32 Version: 12.0.5320.55 - CyberLink Corp.) Hidden
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.022.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.076.00 - Lenovo)
Life Is Strange™ (HKLM\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.558 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.558 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manual (HKLM-x32\...\{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701 - Lenovo)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 en-US)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.5 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.18 (HKLM\...\{833806DB-0F3D-466E-8353-07283FFBC957}) (Version: 5.1.18 - Oracle Corporation)
Ori and the Blind Forest (HKLM\...\Steam App 261570) (Version:  - Moon Studios GmbH)
osu! (HKLM-x32\...\{60a3bad4-02a8-40e7-b8e6-f36c3ef79f89}) (Version: latest - ppy Pty Ltd)
Oxenfree (HKLM\...\Steam App 388880) (Version:  - Night School Studio)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
PCAcceleratePro & Instant support (HKLM-x32\...\PCAcceleratePro & Instant support) (Version: 1.0.30.5 - Installer Technology) <==== ATTENTION
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Pokémon Trading Card Game Online (HKLM-x32\...\{650E27A7-B3BE-4900-BE00-53719933E18C}) (Version: 2.40.0 - The Pokémon Company International)
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
Portal Stories: Mel (HKLM\...\Steam App 317400) (Version:  - Prism Studios)
Prison Architect (HKLM\...\Steam App 233450) (Version:  - Introversion Software)
Python 3.6.1 (32-bit) (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\{1babc3bc-6a32-44f7-bf4d-60eec36c9ad1}) (Version: 3.6.1150.0 - Python Software Foundation)
Python 3.6.1 (32-bit) (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{1babc3bc-6a32-44f7-bf4d-60eec36c9ad1}) (Version: 3.6.1150.0 - Python Software Foundation)
Python 3.6.1 Core Interpreter (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Development Libraries (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Documentation (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 pip Bootstrap (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Utility Scripts (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{323AC113-C6CE-4F99-842F-4936332D055A}) (Version: 3.6.5923.0 - Python Software Foundation)
Quantum Conundrum (HKLM\...\Steam App 200010) (Version:  - Airtight Games)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.10.6 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.26 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1104 - Razer Inc.)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.868.060315 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0269 - REALTEK Semiconductor Corp.)
Riders of Icarus (HKLM\...\Steam App 442080) (Version:  - WeMade)
ROBLOX Player for wyatt adams (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for wyatt adams (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for wyatt adams (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for wyatt adams (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
RollerCoaster Tycoon 3: Platinum! (HKLM\...\Steam App 2700) (Version:  - Frontier)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.526 - Lenovo)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version:  - The SKSE Team)
Spek (HKLM-x32\...\{7CDF6754-F5A0-4F34-B589-197530FEF862}) (Version: 0.8.2 - Spek Project)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TERA (HKLM\...\Steam App 323370) (Version:  - Bluehole Inc.)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Toontown Rewritten (HKLM-x32\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Team)
Tyberis Music Database Free 3.2.2 (HKLM-x32\...\{8EEA93FC-72EB-465B-B17C-BC07A0B54EE2}_is1) (Version:  - )
Undertale (HKLM\...\Steam App 391540) (Version:  - tobyfox)
Unity Web Player (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
UTAU 歌声合成ツール (HKLM-x32\...\{616A6B38-329A-4DD1-865A-24A89A1C95F0}) (Version: 1.1.1801 - 飴屋プロジェクト)
Vanguards (HKLM\...\Steam App 546600) (Version:  - BYU Games)
Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0-3) (Version: 1.0.21.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.21.0 (Version: 1.0.21.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-3) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
World of Goo (HKLM\...\Steam App 22000) (Version:  - 2D BOY)
Zelda Randomizer version 2.5.1 (HKLM-x32\...\{EF6E3EAB-ADF6-4D70-A868-6631B14F2B9B}_is1) (Version: 2.5.1 - Fcoughlin)
Zen Bound® 2 (HKLM\...\Steam App 61600) (Version:  - Secret Exit Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\wyatt adams\AppData\Local\Roblox\Versions\version-29af4e59992d47ba\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2730634288-3858244792-1197852294-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\wyatt adams\AppData\Local\Roblox\Versions\version-29af4e59992d47ba\RobloxProxy64.dll (ROBLOX Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D067C9D-BF96-49AD-B782-D1A99E979C1D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2016-12-04] (Advanced Micro Devices, Inc.)
Task: {1C27022B-5FAA-4CBB-A7A7-EE7BE5D62239} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {3B3FD8F8-C9F7-40BF-BEB6-83B9FA944EEB} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {3F25EA1F-02B7-46CF-AB6A-82B741118F99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-05] (Google Inc.)
Task: {40CB3A1E-588E-4A1C-9F95-6C6E8A7D064A} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {5AAE77DF-29CA-420D-84F9-AE50E76662DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-05] (Google Inc.)
Task: {6802C5F5-EC82-4192-B095-32532517CDDD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\36bb325e-e86f-477b-9926-5ec18d106b0d => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-04-25] (Lenovo Group Limited)
Task: {70C7D41C-7BF8-4EE2-AE90-AC0601F40325} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => %ProgramFiles(x86)%\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {7D85FFFD-A039-4C06-989F-F1170EA4982B} - System32\Tasks\App Explorer => C:\Users\wyatt adams\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2016-11-07] (SweetLabs, Inc)
Task: {81057B32-8075-483B-95BC-7D51510DBDEA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {8209ED35-465F-4245-A4A2-65A94629039F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {A76CAE68-515D-496D-B08F-608B80F4D3EA} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
Task: {A9A416BA-7E59-47E4-8126-BB42CD7CB691} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9ba348f1-225f-4df3-8aa5-fe5fa44168f7 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-04-25] (Lenovo Group Limited)
Task: {B2604751-AB30-43FC-B3A7-313BED7B02B7} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\SHAREit\SHAREit\ShareitPrompt.exe
Task: {B2BAB314-4E8E-415C-94D2-9E5B00196635} - System32\Tasks\{89C8725A-00FF-43F3-9FAC-C624BB6A1F58} => pcalua.exe -a "C:\Users\wyatt adams\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\RobloxPlayerLauncher.exe" -c -uninstall
Task: {BF757AA0-6EF9-412B-A4B2-26288B855DA1} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {C35C8DA3-62C2-4C38-96D4-28859ED7EB0F} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\SHAREit\SHAREit\ShareitUpdater.exe
Task: {C87DB0EF-53BE-4B3E-85C5-CE23359E93C1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {C885003C-0972-4A41-859B-407BD6DFBF0F} - System32\Tasks\{F8A429B1-6A80-4875-91B7-0A0A6E0790E2} => pcalua.exe -a "C:\Users\wyatt adams\AppData\Local\Roblox\Versions\version-9c356ccaa67446b6\RobloxPlayerLauncher.exe" -c -uninstall
Task: {CE7D74A6-457C-4B21-B68C-C66BCBFD2F8C} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {D29BF0AB-E5BF-44E3-8B50-1CA46FD668E3} - System32\Tasks\{928CA012-A358-4869-A3B5-40BE6A581DB4} => pcalua.exe -a "C:\Users\wyatt adams\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\RobloxPlayerLauncher.exe" -c -uninstall
Task: {E8BB84FE-2FB1-488C-9194-84694D8F46E4} - System32\Tasks\AGProxyCheck => C:\Program
Task: {F8A29EED-303B-480C-AE30-49775222D1E7} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-05-20] (CyberLink Corp.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\wyatt adams\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\wyatt adams\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\Users\Public\Desktop\Тооntоwn Rеwrittеn.lnk -> C:\Program Files (x86)\Toontown Rewritten\Launcher.bat ()

ShortcutWithArgument: C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Link Аll.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () ->  --profile-directory=Default --app-id=bbplhdcnpcenkdciibplnkgmiffjfnni
ShortcutWithArgument: C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Skеtсhpаd 3.5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () ->  --profile-directory=Default --app-id=kkghjbajgkcialbbimbifdcjilhcgoim
ShortcutWithArgument: C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spеlunky НТМL5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () ->  --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
ShortcutWithArgument: C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\SWОООP.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () ->  --profile-directory=Default --app-id=jblimahfbhdcengjfbdpdngcfcghladf
ShortcutWithArgument: C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sсurry.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () ->  --profile-directory=Default --app-id=djoifiholmpdceikfaajckcjepbjolof
ShortcutWithArgument: C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\usесubеs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () ->  --profile-directory=Default --app-id=bpbhakojlbckohllnekbaoilljblfpbi
ShortcutWithArgument: C:\Users\wyatt adams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Соntrаnоid.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () ->  --profile-directory=Default --app-id=ineojkjjajpfglpmjnndfioncfjkmmdn
ShortcutWithArgument: C:\Users\wyatt adams\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\263edd4c8f530820\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 16:57 - 2017-03-18 16:57 - 00377344 _____ () c:\windows\system32\SSDM.dll
2015-08-19 16:06 - 2015-08-19 16:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\Users\wyatt adams\AppData\Local\ntuserlitelist\dataup\dataup.exe
2016-08-28 20:48 - 2011-08-16 23:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2016-09-24 19:20 - 2016-09-24 19:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N () C:\windows\system32\tprdpw64.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-08-19 20:08 - 2017-04-27 15:27 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 03826176 _____ () C:\Windows\System32\Windows.UI.Input.Inking.Analysis.dll
2017-04-07 14:59 - 2017-04-07 14:59 - 00381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-02 19:04 - 2017-05-02 19:04 - 04124576 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 02487712 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2017-04-21 15:37 - 2017-04-21 15:37 - 00884224 _____ () C:\Users\wyatt adams\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-05-01 14:58 - 2017-05-01 14:59 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-01 14:58 - 2017-05-01 14:59 - 00190464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-04-21 16:28 - 2017-04-21 16:28 - 01080832 _____ () C:\Users\wyatt adams\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2017-05-04 11:13 - 2017-05-04 11:13 - 00235520 _____ () C:\Users\wyatt adams\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2016-11-05 17:42 - 2017-03-09 20:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-11-05 17:42 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-11-05 17:42 - 2017-04-25 19:55 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2016-11-05 17:42 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-11-05 17:42 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-11-05 17:42 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-11-05 17:42 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-11-05 17:42 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-11-05 17:42 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-11-05 17:42 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-11-05 17:42 - 2017-04-25 19:55 - 00848672 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-11-05 17:42 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-01-30 12:52 - 2017-01-30 12:52 - 01926632 ____R () C:\Program Files (x86)\Skype\Phone\roottools.dll
2009-12-04 19:59 - 2009-12-04 19:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 20:04 - 2009-12-04 20:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2017-01-14 19:40 - 2017-01-14 19:40 - 53460992 _____ () C:\Users\wyatt adams\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-12-12 20:24 - 2017-01-30 17:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-11-05 17:42 - 2017-04-25 19:55 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 01976832 _____ () C:\Users\wyatt adams\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 00075264 _____ () C:\Users\wyatt adams\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 17599640 _____ () C:\Users\wyatt adams\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2017-05-07 20:50 - 00000766 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\wyatt adams\Pictures\zelda.png
HKU\S-1-5-21-2730634288-3858244792-1197852294-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\wyatt adams\Pictures\zelda.png
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "jmesoft"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{59425127-CBEA-46B1-A0B5-A658815F7C45}] => (Block) C:\users\wyatt adams\desktop\desmume v.0.9.7 x86-x32 wifi capability winpcap v.4.1.2\desmume_vs2008.exe
FirewallRules: [{F3531789-0F28-4BBF-B0E7-FD26AD8CBA3D}] => (Block) C:\users\wyatt adams\desktop\desmume v.0.9.7 x86-x32 wifi capability winpcap v.4.1.2\desmume_vs2008.exe
FirewallRules: [UDP Query User{E923FADE-0691-48EC-B865-877E6ED0C009}C:\users\wyatt adams\desktop\desmume v.0.9.7 x86-x32 wifi capability winpcap v.4.1.2\desmume_vs2008.exe] => (Allow) C:\users\wyatt adams\desktop\desmume v.0.9.7 x86-x32 wifi capability winpcap v.4.1.2\desmume_vs2008.exe
FirewallRules: [TCP Query User{82D7F657-6EA2-4AE3-958A-7AFEEEEF7141}C:\users\wyatt adams\desktop\desmume v.0.9.7 x86-x32 wifi capability winpcap v.4.1.2\desmume_vs2008.exe] => (Allow) C:\users\wyatt adams\desktop\desmume v.0.9.7 x86-x32 wifi capability winpcap v.4.1.2\desmume_vs2008.exe
FirewallRules: [{B1BBD545-94A9-43A4-89C2-0464D8199FD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{E103CCF5-FED5-4788-84D3-CC5C0F4CD3AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{D4BD3686-4D3A-4918-A85D-A852C6F9AB95}] => (Block) C:\users\wyatt adams\appdata\local\temp\3dscontroller0.6-1\pc\3dscontroller.exe
FirewallRules: [{117C7A99-DEAA-4989-BD1A-D274D5F85B1B}] => (Block) C:\users\wyatt adams\appdata\local\temp\3dscontroller0.6-1\pc\3dscontroller.exe
FirewallRules: [UDP Query User{CC17ED35-889F-4DB3-B2EF-144D40DFB39E}C:\users\wyatt adams\appdata\local\temp\3dscontroller0.6-1\pc\3dscontroller.exe] => (Allow) C:\users\wyatt adams\appdata\local\temp\3dscontroller0.6-1\pc\3dscontroller.exe
FirewallRules: [TCP Query User{99870F18-102E-4E7E-A57B-D2F554436008}C:\users\wyatt adams\appdata\local\temp\3dscontroller0.6-1\pc\3dscontroller.exe] => (Allow) C:\users\wyatt adams\appdata\local\temp\3dscontroller0.6-1\pc\3dscontroller.exe
FirewallRules: [{6F15E621-5858-4FF2-BCC3-BC6CD98255F3}] => (Block) C:\users\wyatt adams\appdata\local\temp\ntrviewer.exe
FirewallRules: [{419D240C-881D-4E79-8B1E-1B53E04A81C1}] => (Block) C:\users\wyatt adams\appdata\local\temp\ntrviewer.exe
FirewallRules: [UDP Query User{4319A0FC-6633-474A-B057-32C6C438278A}C:\users\wyatt adams\appdata\local\temp\ntrviewer.exe] => (Allow) C:\users\wyatt adams\appdata\local\temp\ntrviewer.exe
FirewallRules: [TCP Query User{E56EF6CC-06F3-46CF-B8E1-5AF3E09B778C}C:\users\wyatt adams\appdata\local\temp\ntrviewer.exe] => (Allow) C:\users\wyatt adams\appdata\local\temp\ntrviewer.exe
FirewallRules: [UDP Query User{96EBF006-2AED-4999-B567-E67AFD1C0736}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{00A1CB68-A204-4B12-86A3-AB9C30873288}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{4C4C57FD-E28D-4188-8FEC-60EB0DCD5A50}C:\koplayer\vbox\vboxheadless.exe] => (Block) C:\koplayer\vbox\vboxheadless.exe
FirewallRules: [TCP Query User{0AC6FDAE-09F2-40FD-B860-CBAB02F033D8}C:\koplayer\vbox\vboxheadless.exe] => (Block) C:\koplayer\vbox\vboxheadless.exe
FirewallRules: [UDP Query User{B4871712-456F-46B9-B332-45BA9A8D7A93}C:\program files (x86)\steam\steamapps\common\life is strange\binaries\win32\lifeisstrange.exe] => (Block) C:\program files (x86)\steam\steamapps\common\life is strange\binaries\win32\lifeisstrange.exe
FirewallRules: [TCP Query User{0453E702-69D5-4085-977E-B53D926DE5ED}C:\program files (x86)\steam\steamapps\common\life is strange\binaries\win32\lifeisstrange.exe] => (Block) C:\program files (x86)\steam\steamapps\common\life is strange\binaries\win32\lifeisstrange.exe
FirewallRules: [{22379690-4206-4B75-949E-48A2CEDEE7F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{7CC9441C-EC77-475A-AAC0-0B3DD986B5AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [UDP Query User{B979A461-2AED-41FC-8335-F398124377C5}C:\program files (x86)\tyberis music database free\tymdb.exe] => (Block) C:\program files (x86)\tyberis music database free\tymdb.exe
FirewallRules: [TCP Query User{92A600E5-7246-4332-A154-868946955294}C:\program files (x86)\tyberis music database free\tymdb.exe] => (Block) C:\program files (x86)\tyberis music database free\tymdb.exe
FirewallRules: [{F1E7CC72-DC13-42B1-A16C-4B212CDDF68D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cubic Castles\Cubic.exe
FirewallRules: [{6B58445B-F0FF-4C00-B139-A2E3B49398A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cubic Castles\Cubic.exe
FirewallRules: [UDP Query User{FBBC48B8-8F1B-46F0-914B-9D4231AA9552}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{A26CEF2E-B1AF-4873-8139-43486ED23DDA}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{B1A1BBB4-1BE3-40A8-9F71-E53899427E45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{9BD5CF1E-488B-493D-B2F1-78C3E57E569B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{38F4E6B6-9CEA-4168-9070-14E87073D415}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{368E9C28-BCAF-43C0-AE88-192F629D6AB8}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{A2E403F2-5FB2-4A74-AA44-C3B35F972D3C}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{D42FE53F-88F8-447E-8FF4-8E638AB93445}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{240FEEF6-5F59-41A7-8DE3-CAF679A8C6F1}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{66C045D4-8A97-4555-ACAD-53EE9B018175}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{C21EE8C2-0764-4AEE-B127-482EB5B82CE7}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{28850209-E2B4-45D5-A01E-5E7DDBB07F59}] => (Allow) C:\KOPLAYER\download\MiniThunderPlatform.exe
FirewallRules: [{93851EF0-0985-4E7C-B967-46974807F599}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{02CDE7D3-963B-46A1-9B1E-7AED46C7AC41}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{EA5EC6F5-5416-40AA-BA21-4167C6D59E4B}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{B06DB437-A3BA-4FC9-BB72-AAE09FEED1EB}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{BD13B1CA-AD95-4BFF-A079-A3DBA8A95224}] => (Allow) C:\KOPLAYER\download\MiniThunderPlatform.exe
FirewallRules: [{CAA55B56-88EF-4C86-A411-C51002A3CB43}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{B498D4E8-E6AC-48D9-A0E5-A6AD768FE533}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{6C7CD88C-2527-4917-960A-243F8F4CB91F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{29DD7EF8-2DFA-4D25-9488-4BF77FDF50DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{C45DF27D-8E2B-42BC-AE18-72FDDC95FA71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{C0C77B88-F937-4370-9901-AA9B808D19C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oxenfree\Oxenfree.exe
FirewallRules: [{F61068D8-5636-435F-AF70-1A2F9B4A1D05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oxenfree\Oxenfree.exe
FirewallRules: [UDP Query User{B1270E15-742B-4B64-961A-D5D545A09230}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4F448157-10A8-4ADA-9505-F12136E6F403}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{6250F99E-B534-4B4D-8366-467F69546BEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Digimon Masters Online - Steam\DMLauncher.exe
FirewallRules: [{0300678E-05C7-4812-975A-4B8658126144}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Digimon Masters Online - Steam\DMLauncher.exe
FirewallRules: [{C2A27D62-83BA-4DBE-AA16-260D42A93A8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{866AC382-1D6E-41AA-98A1-775226994B55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{E91C99EB-FE72-428C-AE8A-901F96BFB6A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{8FADE40A-AFF1-48D7-918D-339F954A8486}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{50376B98-ADBC-4A64-9779-EA25E5BEF7A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{667C68DB-BD18-43E5-A789-504F17F8EC32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{EF5A7CDF-A2EE-4EAF-AA53-41FA805F23C5}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{9DBB6562-9536-4210-80B7-2698D6F75776}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{2FC3ED30-9A76-4848-86F6-D05D4B478D3F}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{8AD6C12C-9F10-4ECD-9064-626561B324FD}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{3FE3F478-7745-4293-9AFC-544F670D3705}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{EF8FC08B-4D92-45D1-900A-1E3471B1EC53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{B88A32D9-752C-4BFB-A17A-9781CFB09500}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9A92C783-F1E9-4EEB-9739-00AD742E90ED}] => (Block) C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [{6F7375F0-52F0-4908-80A5-5DB4861B5C42}] => (Block) C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [UDP Query User{666B665E-7F8D-460F-8F3E-A996DB871374}C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [TCP Query User{17A4C7DB-7E10-4B9C-A481-2D5CE5D2899C}C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [{20A11833-A6D8-4963-A221-E80A8D4F02AC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{36B272C9-4FE4-43F0-A4E0-F07825A78C6D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9F5151C2-8D28-4BCE-92C4-1977287FB38B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gridworld\Gridworld_64b.exe
FirewallRules: [{E7DD5895-BC22-4FCB-94F4-2E2E0A3637A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gridworld\Gridworld_64b.exe
FirewallRules: [{43758ABF-F0F5-4D19-8826-B25E0DA205AF}] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{0B672669-DD56-4731-AD7C-9E4DA30FDD6A}] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{42592499-C78E-4823-96BD-2FAFB6F90683}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{2EAA88F4-E1A6-443E-80C8-5EC8375817A3}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{4964CAF7-4872-42F9-9C24-D9E0B12F71D6}C:\program files\java\jre1.8.0_92\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_92\bin\javaw.exe
FirewallRules: [TCP Query User{2AEB62A8-5F14-4B7D-9CF4-3B4BFA8035E9}C:\program files\java\jre1.8.0_92\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_92\bin\javaw.exe
FirewallRules: [{46C3374C-8EEF-4DDD-818F-F5EFDA6C98C4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{FE9C6C9F-EDA5-485B-8ABE-688EE961A8C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{C86822AC-87AA-4D93-A9DD-5C6908B25F89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{1C5E0977-F8E7-4030-A727-D92A825E2434}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vanguards\Vanguards.exe
FirewallRules: [{26A2CA22-4980-4800-BA00-395FC86A531A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vanguards\Vanguards.exe
FirewallRules: [{C04D5566-40DF-45B6-9A33-AD6A7866D338}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Conquest IV\app_main.exe
FirewallRules: [{14B2458C-87EA-452E-B05C-B92F9463F62F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Conquest IV\app_main.exe
FirewallRules: [{A2FDAC53-3611-4A91-A0ED-4941D3A4488F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{AF23A0C5-F05D-4779-B6E9-C04B53B4E809}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{8A50201F-B3A0-456A-A023-2576CA4E2816}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{708AA6A4-A871-489F-8E9A-3FD5BB9CDC3E}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{26E10245-8E9A-466B-B667-A36E5E59D2B7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B43CC061-34B7-469B-95E0-572BCC577C90}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{32404D4E-F1AB-4C8B-BE9F-F9BEC3965966}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zen Bound 2\ZenBound2.exe
FirewallRules: [{C457244E-CDBC-4A23-A3AB-D116F371A20E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zen Bound 2\ZenBound2.exe
FirewallRules: [{42406B2A-5F2E-466D-8539-BCFB34C57C7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{EC854025-49D0-45C8-B6F0-B7CF9C30B0F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{2DB382AF-35CA-440D-ACB2-52622A091376}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{304CAC89-D3A3-461C-969D-50CA5D653A9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{BC13F999-4BAF-4F25-8AE2-E62C9C7617FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{3DCF0C09-C3D1-4D2F-8644-1CC0F34136C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{18985475-A5EE-43E2-92B0-8812377040C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{0E4CDBDC-05AF-4CEE-96C5-23DD9CEC6446}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{CB96C171-08A4-4633-AE77-CE43F7E42E00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{F0C684E8-DD36-4A31-8649-CF76EF2E71C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{16F167A4-1FE2-45C0-89EC-2D0986432779}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe
FirewallRules: [{4851DB4B-E75D-4C54-B47B-CE7D5D95C975}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe
FirewallRules: [{4200814F-4702-4712-852F-63DC0EFC857A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{12B30005-B7A1-4B96-B805-1771B7FF5DC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{C6B81746-D31D-4EA9-ACFB-D3B67C289C3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{1A88FAC5-01BE-40F5-83A8-E1E018B840DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{93BA7C5B-5114-44CD-A85D-D0E9344299EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{B0E5D964-8148-4847-88F0-C717431B5F6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{2AFAA2CA-6620-4B28-BB25-63E26ED23419}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{3DACC12F-DF89-4C03-AC44-47B3768A390B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{CD1B7D5C-DAF8-435A-BB5B-B31E0140F097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{20256D12-3C94-4585-954C-8B29D0CFF2F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A97E055A-C1DA-4682-9F80-52697657F075}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori\ori.exe
FirewallRules: [{5D3763BE-EA7D-4D8C-A997-76F9C80896F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori\ori.exe
FirewallRules: [{41E194E8-74F1-4FD2-AAE5-2BA36BC84220}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cosmochoria\nw.exe
FirewallRules: [{7A41C593-D608-4DC9-A17E-953918400ADD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cosmochoria\nw.exe
FirewallRules: [{08FB53A0-9C54-4350-BC1E-0AFD23C21B32}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5212655B-0C1F-4DF4-B3E0-265CA0154D3F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A9A199FF-D597-4335-9AEB-DD055C9B9CB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{02AD38FF-51E1-4C15-B4E5-87980E5C99E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{38A99CBA-7D77-4DEE-B66F-DBB335D6467A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{4D1E77D9-72E6-4BCF-B9B3-26C454B853C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{95FA2B77-C47C-455D-8853-132C650017F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quantum Conundrum\Binaries\Win32\TryGame-Win32-Shipping.exe
FirewallRules: [{E1EB3CD6-4DA3-4EBF-9337-53002FB82377}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quantum Conundrum\Binaries\Win32\TryGame-Win32-Shipping.exe
FirewallRules: [{F0803BE4-126B-4B31-8070-5FAC8B4A7088}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riders of Icarus\Bin32\nxsteam.exe
FirewallRules: [{E8D4FAAA-597D-47B0-9F69-6CC3085F7C23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riders of Icarus\Bin32\nxsteam.exe
FirewallRules: [{A8D818A1-FF59-472D-9B3A-4BEF7BEFD17B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{57E5CE08-A920-4897-AEDC-9A7E3E30B8A5}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶作獯数浲杯敲楮作獯数浲杯敲楮攮數
FirewallRules: [{9970AAC3-5AD9-4C97-8C3B-C5D3856EA551}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶作獯数浲杯敲楮作獯数浲杯敲楮⹟硥e
FirewallRules: [{96AA7A72-C4A2-433F-8759-63BCE40BD4A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{CCFB600B-AE99-4074-B6F6-28EC7C84D510}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{797FADAF-12EB-4D97-AC7B-7BA8EF86EF50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{2C4C5C98-8A40-4A18-8BFA-42EA4A962276}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe

==================== Restore Points =========================

03-05-2017 14:55:12 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/09/2017 02:58:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RadeonSettings.exe, version: 10.1.1.1666, time stamp: 0x5844457b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x2fe4
Faulting application start time: 0x01d2c8f553554bdd
Faulting application path: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Faulting module path: unknown
Report Id: f697771e-08ef-4dd6-b3a0-63a2fd71c0a9
Faulting package full name:
Faulting package-relative application ID:

Error: (05/09/2017 01:50:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DAMFAU8)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/09/2017 01:04:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 10.0.15063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1140

Start Time: 01d2c876008035c4

Termination Time: 7

Application Path: C:\Windows\SysWOW64\rundll32.exe

Report Id: 83c6106a-4de6-4b03-8317-960b485a0605

Faulting package full name:

Faulting package-relative application ID:

Error: (05/08/2017 11:01:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RadeonSettings.exe, version: 10.1.1.1666, time stamp: 0x5844457b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x21a4
Faulting application start time: 0x01d2c86f983a78a7
Faulting application path: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Faulting module path: unknown
Report Id: 9b8971f9-2ce1-4368-9dc9-ce0cdcefeade
Faulting package full name:
Faulting package-relative application ID:

Error: (05/08/2017 10:56:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DAMFAU8)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/08/2017 10:51:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DAMFAU8)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/08/2017 10:46:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 10.0.15063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2890

Start Time: 01d2c868f0654f45

Termination Time: 4

Application Path: C:\Windows\SysWOW64\rundll32.exe

Report Id: 12985d74-f93c-4872-8102-1ecd8c8938c9

Faulting package full name:

Faulting package-relative application ID:

Error: (05/08/2017 10:10:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RadeonSettings.exe, version: 10.1.1.1666, time stamp: 0x5844457b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1c50
Faulting application start time: 0x01d2c868543db82a
Faulting application path: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Faulting module path: unknown
Report Id: af64f0f1-8cb9-4423-ba6d-7b0ba69a974e
Faulting package full name:
Faulting package-relative application ID:

Error: (05/08/2017 08:50:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 10.0.15063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3560

Start Time: 01d2c85341f215c2

Termination Time: 11

Application Path: C:\Windows\SysWOW64\rundll32.exe

Report Id: 93d7c39f-0b9e-40cc-b466-266daa822dbf

Faulting package full name:

Faulting package-relative application ID:

Error: (05/08/2017 07:15:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 10.0.15063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 234c

Start Time: 01d2c846cf5d9448

Termination Time: 11

Application Path: C:\Windows\SysWOW64\rundll32.exe

Report Id: 080162b4-1b51-4dce-9fdc-36a41ce6309c

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (05/09/2017 02:49:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/09/2017 02:49:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/09/2017 01:50:04 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DAMFAU8)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.

Error: (05/08/2017 10:56:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The requested resource is in use.

Error: (05/08/2017 10:56:09 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DAMFAU8)
Description: The server Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c!App.AppX8nrbv53bn39r31x29ht05thp7rde7ecc.mca did not register with DCOM within the required timeout.

Error: (05/08/2017 10:54:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/08/2017 10:54:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/08/2017 10:53:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (05/08/2017 10:53:17 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-DAMFAU8)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/08/2017 10:53:06 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-DAMFAU8)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}


==================== Memory info ===========================

Processor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G
Percentage of memory in use: 36%
Total physical RAM: 11211.61 MB
Available physical RAM: 7174.36 MB
Total Virtual: 12939.61 MB
Available Virtual: 8566.52 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1831.17 GB) (Free:1464.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 19892C41)

Partition: GPT.

==================== End of Addition.txt ============================



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 AM

Posted 09 May 2017 - 02:21 PM

Are you able to delete these two folders?
C:\Users\wyatt adams\AppData\Local\llssoft
C:\Users\wyatt adams\AppData\Local\ntuserlitelist
If it tells you that the folder is in use or else, just go inside it and delete everything you can. Once done, run MBAR and launch a scan. This time, it should go through.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 IMDYINGHERE

IMDYINGHERE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 09 May 2017 - 04:00 PM

here is the log for mbar https://pastebin.com/vWJJsJCy (could not post here because the post was to long)



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 AM

Posted 09 May 2017 - 04:15 PM

Awesome. Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 IMDYINGHERE

IMDYINGHERE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 09 May 2017 - 05:08 PM

https://pastebin.com/EVjpb14x



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 AM

Posted 09 May 2017 - 06:09 PM

Good :) Now a sweep with JRT and AdwCleaner.

iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users