Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaded something and got a "svcvmx client" virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 sethlee

sethlee

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 13 May 2017 - 08:27 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by seth (administrator) on SETHS-PC (13-05-2017 21:03:16)
Running from C:\Users\seth\Downloads
Loaded Profiles: seth (Available Profiles: seth)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Users\seth\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe
() C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
() C:\Windows\System32\tprdpw64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(© 2015 Microsoft Corporation) C:\Users\seth\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Hammer & Chisel, Inc.) C:\Users\seth\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\seth\AppData\Local\Discord\app-0.0.297\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
(Splice) C:\Users\seth\AppData\Local\Splice\Splice.WinClient\Splice.WinClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hammer & Chisel, Inc.) C:\Users\seth\AppData\Local\Discord\app-0.0.297\Discord.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
() C:\Users\seth\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Google Inc.) C:\Users\seth\AppData\Roaming\mine.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\FPSRunner32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\FPSRunner64.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzFpsApplet\RzFpsApplet.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\seth\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\seth\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\seth\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\seth\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\seth\AppData\Local\Splice\Splice.WinClient\SpliceUtility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112512 2015-06-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-09-28] (Razer Inc.)
HKLM-x32\...\Run: [WindowsDefender] => -
HKLM-x32\...\Run: [GoogleChromeService] => C:\WINDOWS\GoogleChrome.exe [3506290 2017-05-07] ()
HKLM-x32\...\Run: [cpx] => "C:\Users\seth\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\seth\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Momamonuha] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\seth\AppData\Roaming\Mihohakenera"
HKU\S-1-5-21-3974007708-559372529-1078681355-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3974007708-559372529-1078681355-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-3974007708-559372529-1078681355-1000\...\Run: [BingSvc] => C:\Users\seth\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3974007708-559372529-1078681355-1000\...\Run: [Chromium] => "c:\users\seth\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session --restore-last-session
HKU\S-1-5-21-3974007708-559372529-1078681355-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3974007708-559372529-1078681355-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3974007708-559372529-1078681355-1000\...\Run: [BitTorrent] => "C:\Users\seth\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-3974007708-559372529-1078681355-1000\...\Run: [Windows Defender] => -
HKU\S-1-5-21-3974007708-559372529-1078681355-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3974007708-559372529-1078681355-1000\...\Run: [Discord] => C:\Users\seth\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3974007708-559372529-1078681355-1000\...\Run: [GoogleChromeAutoLaunch_07E7CE32A4C8962D753A1D9F9D359305] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1111896 2017-03-29] (Google Inc.)
HKU\S-1-5-21-3974007708-559372529-1078681355-1000\...\Run: [uTorrent] => C:\Users\seth\AppData\Roaming\uTorrent\uTorrent.exe [2240192 2017-05-13] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2017-05-07]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Splice for Windows.lnk [2017-03-31]
ShortcutTarget: Splice for Windows.lnk -> C:\Users\seth\AppData\Local\Splice\Splice.WinClient\Splice.WinClient.exe (Splice)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7107b202-677f-4d14-bd66-d2e0edb336a4}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-e0a1e7fd
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-e0a1e7fd
HKU\S-1-5-21-3974007708-559372529-1078681355-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-e0a1e7fd
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e0a1e7fd&q={searchTerms}
SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = 
SearchScopes: HKLM -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e0a1e7fd&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e0a1e7fd&q={searchTerms}
SearchScopes: HKLM-x32 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_2e2dedca88f5190e14&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8wVNdJ6IWNVQ9IWYVvFNdJGYXNVFdJGYXNVE3vGYTNVE9GqYVNUI3wGYGwVM3vCIXvmk9GqUNNos3wCIYwVA9Jmk3wVA4ICITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IYvFRdJGYUNVRdJ6IXNVQ9I6IWvmk4JaYXwVxdISIYNVI4J6ISvFM9JGYVvFI9I6IWNVNdJaYTvFE9ISk3vmo9J6IXwVM9JqQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGNVQ4IGYVvFQ9Jmk4NVA3vmISNVU9JqYXvmo9I6oUNVNdImIWwVw3vCIXvFNdICISNVVdIGYXwVJdJGYYwVRdIqYYvmo4J6IWNoU9GqYYNVc3wCoUQGR7B6RoN9JaNGZaLGF4MaJoNqAsQGMVvDIlC6MuNGwuNGEuyDorQGR7y6MuwnEbQGMVMr5cQGR7y6NoN9ICzD4py6waQGQXMbFbJoYby7Aox6Mky74syZ%3D%3D&param2=NGZ6LGN7MaBcMd%3D%3D&p={searchTerms}
SearchScopes: HKLM-x32 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_17_18_wcg_chtengin_17_02_cg12725&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutC0CtC0BtD0DyC0A0B0E0A0B0Ezy0F0EtN0D0Tzu0StCzyyEzytN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AyCtA0FzyzztGyEyBzyyCtG0D0CzzzztGtA0D0D0EtGtCtAyCyBtCtBzyzztDtCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByE0DyBtBzy0FzztG0AtB0BzytGyE0C0FtCtGzytByC0EtG0A0E0BtD0A0AtB0F0AzyyCtC2QtN0A0LzuyE%26cr%3D777904091%26a%3Dhdr_s_17_18_wcg_chtengin_17_02_cg12725%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3974007708-559372529-1078681355-1000 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e0a1e7fd&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3974007708-559372529-1078681355-1000 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = 
SearchScopes: HKU\S-1-5-21-3974007708-559372529-1078681355-1000 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-05-12] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFPlgn => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3974007708-559372529-1078681355-1000: @nsroblox.roblox.com/launcher -> C:\Users\seth\AppData\Local\Roblox\Versions\version-832e7c1e64f340cc\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3974007708-559372529-1078681355-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\seth\AppData\Local\Roblox\Versions\version-832e7c1e64f340cc\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR NewTab: Default ->  Not-active:"chrome-extension://fcfenmboojpjinhpgggodefccipikbpd/newTab.html"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default [2017-05-13]
CHR Extension: (Google Slides) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-29]
CHR Extension: (Google Docs) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-29]
CHR Extension: (Google Drive) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-29]
CHR Extension: (YouTube) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-29]
CHR Extension: (Adblock Plus) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
CHR Extension: (Ratings Preview for YouTube™) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank [2017-01-08]
CHR Extension: (Bing) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-01-12]
CHR Extension: (Google Sheets) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-29]
CHR Extension: (Google Docs Offline) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-29]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-05-07]
CHR Extension: (Auto HD For YouTube™) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2017-01-08]
CHR Extension: (Steam Trader Helper) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhoahihokddepjlegpenefeaahdkojog [2017-05-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Gmail) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-29]
CHR Extension: (Chrome Media Router) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-26]
CHR Extension: (That's Pretty Good (iDubbbzTV)) - C:\Users\seth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnidecdngnainebcfbmebgpkmnmljdng [2016-12-29]
CHR HKLM\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2017-05-13]
CHR HKLM\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3974007708-559372529-1078681355-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3974007708-559372529-1078681355-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3974007708-559372529-1078681355-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2017-05-13]
CHR HKLM-x32\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <===== ATTENTION
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-03-31] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-05-04] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-12-29] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-12-29] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 Dataup; C:\Users\seth\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [45008 2016-09-29] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-05-16] (Micro-Star INT'L CO., LTD.)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2017-03-25] (Microsoft Corporation) [File not signed]
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [457432 2016-11-01] (Rivet Networks)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [78776 2016-11-09] (Micro-Star INT'L CO., LTD.)
S2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe [282016 2015-09-24] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-04-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-04-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-04-26] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-30] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-30] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-09-28] (Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2016-12-29] (Realtek Semiconductor.) [File not signed]
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [324224 2016-09-20] () [File not signed]
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1830088 2016-01-18] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S2 641420de21b8c0543aa9a0cedab125f9; "C:\Program Files\641420de21b8c0543aa9a0cedab125f9\099d238579837f99986e433463248798.exe" [X]
S2 windowsmanagementservice; C:\Users\seth\AppData\Local\uekkbz\ct.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 5e711147cd3a4e2f738049e5960994d6; C:\WINDOWS\system32\drivers\5e711147cd3a4e2f738049e5960994d6.sys [66408 2017-05-05] (QRDXPX) <==== ATTENTION
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bflwfx64.sys [138872 2016-05-05] (Rivet Networks, LLC.)
S3 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20150921.003\BHDrvx64.sys [1650936 2015-09-23] (Symantec Corporation)
S3 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\1605040.018\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-13] (Symantec Corporation)
R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
S3 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20150930.101\IDSVia64.sys [767224 2015-09-23] (Symantec Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-03-18] (Qualcomm Atheros, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2016-12-29] (Malwarebytes)
S3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20150923.001\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20150923.001\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R3 NTIOLib_ACTIVE_X; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NTIOLib_X64.sys [13776 2016-04-12] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_e619501ce2023445\nvlddmkm.sys [14569520 2017-03-23] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-04-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47552 2017-03-27] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-04-26] (NVIDIA Corporation)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NSx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R3 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\1605040.018\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
S3 SymEFASI; C:\WINDOWS\system32\drivers\NSx64\1605040.018\SYMEFASI64.SYS [1620720 2015-09-23] (Symantec Corporation)
S3 SymELAM; C:\WINDOWS\system32\drivers\NSx64\1605040.018\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
S3 SymIRON; C:\WINDOWS\system32\drivers\NSx64\1605040.018\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
S3 SymNetS; C:\WINDOWS\system32\drivers\NSx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-07] (Zemana Ltd.)
R5 drmkpro64;  <===== ATTENTION: Locked Service
U3 idsvc; no ImagePath
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 vetathuh; \??\C:\WINDOWS\system32\drivers\vetathuh.sys [X]
U3 wpcsvc; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-13 21:03 - 2017-05-13 21:03 - 02429440 _____ (Farbar) C:\Users\seth\Downloads\FRST64.exe
2017-05-13 21:02 - 2017-05-13 21:02 - 01769984 _____ (Farbar) C:\Users\seth\Downloads\FRST.exe
2017-05-13 21:01 - 2017-05-13 21:01 - 18704462 _____ C:\Users\seth\Downloads\unhackmeb.zip
2017-05-13 20:47 - 2017-05-13 20:47 - 00000000 ____D C:\Users\seth\Downloads\ARK Survival Evolved PC game Beta ^^nosTEAM^^
2017-05-13 20:46 - 2017-05-13 21:00 - 00000000 ____D C:\Users\seth\AppData\LocalLow\uTorrent
2017-05-13 20:46 - 2017-05-13 20:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-05-13 20:46 - 2017-05-13 20:46 - 00002717 _____ C:\Users\seth\Desktop\µTorrent.lnk
2017-05-13 20:46 - 2017-05-13 20:46 - 00002717 _____ C:\Users\seth\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-05-13 20:46 - 2017-05-13 20:46 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2017-05-13 20:46 - 2017-05-13 20:46 - 00000000 ____D C:\Program Files (x86)\Norton Security
2017-05-13 20:45 - 2017-05-13 20:45 - 02240192 _____ (BitTorrent Inc.) C:\Users\seth\Downloads\uTorrent.exe
2017-05-13 20:39 - 2017-05-13 20:39 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\seth\Downloads\iExplore (3).exe
2017-05-13 20:32 - 2017-05-13 20:32 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\seth\Downloads\iExplore (2).exe
2017-05-13 17:35 - 2017-05-13 20:48 - 00003656 _____ C:\appverifier.txt
2017-05-13 17:35 - 2017-05-13 20:30 - 00000000 ____D C:\ProgramData\BSD
2017-05-13 17:35 - 2017-05-13 17:35 - 00000002 _____ C:\WINDOWS\SysWOW64\acc.txt
2017-05-13 17:35 - 2017-05-13 17:35 - 00000000 ____D C:\ProgramData\PCVARK
2017-05-13 17:30 - 2017-05-13 17:30 - 74458472 _____ (Hi-Rez Studios) C:\Users\seth\Downloads\InstallSmite.exe
2017-05-13 17:16 - 2017-05-13 17:16 - 00852024 _____ (ROBLOX Corporation) C:\Users\seth\Downloads\RobloxPlayerLauncher (1).exe
2017-05-13 17:08 - 2017-05-13 20:31 - 00000000 ____D C:\ProgramData\SSCValidator for SETHS-PC
2017-05-13 17:08 - 2017-05-13 17:08 - 06103192 _____ ( ) C:\Users\seth\Downloads\sscsetupcatus300.exe
2017-05-13 17:08 - 2017-05-13 17:08 - 00000000 ____D C:\Users\seth\AppData\Roaming\FileOpenerWindows for SETHS-PC
2017-05-13 17:07 - 2017-05-13 17:07 - 03468792 _____ (Google) C:\Users\seth\Downloads\chrome_cleanup_tool.exe
2017-05-13 16:57 - 2017-05-13 16:57 - 00000000 ____D C:\Users\seth\AppData\Roaming\MSI
2017-05-13 16:46 - 2017-05-13 16:46 - 04102600 _____ C:\Users\seth\Downloads\AdwCleaner.exe
2017-05-13 16:44 - 2017-05-13 16:44 - 01663672 _____ (Malwarebytes) C:\Users\seth\Downloads\JRT.exe
2017-05-13 16:44 - 2017-05-13 16:44 - 01027360 _____ (Symantec Corporation) C:\Users\seth\Downloads\NSDeluxeDownloader.exe
2017-05-13 16:43 - 2017-05-13 16:43 - 05660182 _____ (Swearware) C:\Users\seth\Downloads\ComboFix.exe
2017-05-13 16:43 - 2017-05-13 16:43 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\seth\Downloads\iExplore (1).exe
2017-05-13 16:42 - 2017-05-13 16:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\seth\Downloads\iExplore.exe
2017-05-13 16:41 - 2017-05-13 16:41 - 05103792 _____ (Enigma Software Group USA, LLC.) C:\Users\seth\Downloads\SpyHunter-Installer (1).exe
2017-05-13 16:30 - 2017-05-13 16:30 - 18357776 _____ (Microsoft Corporation) C:\Users\seth\Downloads\MediaCreationTool (1).exe
2017-05-13 16:30 - 2017-05-13 16:30 - 00000000 ___HD C:\$Windows.~WS
2017-05-13 15:59 - 2017-05-13 15:59 - 05103792 _____ (Enigma Software Group USA, LLC.) C:\Users\seth\Downloads\SpyHunter-Installer.exe
2017-05-13 15:57 - 2017-05-13 15:57 - 04759456 _____ (LionSea Software co., ltd ) C:\Users\seth\Downloads\setup (1).exe
2017-05-13 15:57 - 2017-05-13 15:57 - 01290704 _____ (GridinSoft LLC) C:\Users\seth\Downloads\anti-malware.exe
2017-05-13 15:57 - 2017-05-13 15:57 - 01290704 _____ (GridinSoft LLC) C:\Users\seth\Downloads\anti-malware (1).exe
2017-05-13 15:37 - 2017-05-13 15:37 - 16563352 _____ (Malwarebytes Corp.) C:\Users\seth\Downloads\mbar-1.09.3.1001.exe
2017-05-13 15:37 - 2017-05-13 15:37 - 16563352 _____ (Malwarebytes Corp.) C:\Users\seth\Downloads\mbar-1.09.3.1001 (1).exe
2017-05-13 15:35 - 2017-05-13 15:35 - 00892944 _____ (Microsoft Corporation) C:\Users\seth\Downloads\mssstool64.exe
2017-05-13 15:30 - 2017-05-13 15:30 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\seth\Downloads\rkill.exe
2017-05-13 14:49 - 2017-05-13 14:50 - 00048749 _____ C:\Users\seth\Downloads\Addition.txt
2017-05-13 14:48 - 2017-05-13 21:03 - 00035826 _____ C:\Users\seth\Downloads\FRST.txt
2017-05-13 14:48 - 2017-05-13 21:03 - 00000000 ____D C:\FRST
2017-05-13 14:32 - 2017-05-13 14:32 - 63035592 _____ (Malwarebytes ) C:\Users\seth\Downloads\mb3-setup-consumer-3.1.2.1733 (1).exe
2017-05-13 14:31 - 2017-05-13 14:31 - 63035592 _____ (Malwarebytes ) C:\Users\seth\Downloads\mb3-setup-consumer-3.1.2.1733.exe
2017-05-13 14:26 - 2017-05-13 14:26 - 52553728 _____ (Hammer & Chisel, Inc.) C:\Users\seth\Downloads\DiscordSetup (1).exe
2017-05-13 14:23 - 2017-05-13 14:23 - 00000000 ____D C:\ProgramData\seth
2017-05-13 14:13 - 2017-05-13 14:13 - 00002367 _____ C:\Users\seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-05-13 14:13 - 2017-05-13 14:13 - 00002359 _____ C:\Users\seth\Desktop\Chromium.lnk
2017-05-13 14:13 - 2017-05-13 14:13 - 00000000 ____D C:\Users\seth\AppData\Local\chromium
2017-05-13 12:43 - 2017-05-13 14:35 - 00000000 ____D C:\Users\seth\AppData\LocalLow\BitTorrent
2017-05-10 15:21 - 2017-05-12 20:03 - 00000000 ____D C:\Users\seth\AppData\Local\llssoft
2017-05-09 19:55 - 2017-05-09 19:55 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-05-09 15:06 - 2017-05-09 15:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-09 15:06 - 2017-05-09 15:06 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-09 15:05 - 2017-04-27 21:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-09 15:05 - 2017-04-27 21:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-09 15:05 - 2017-04-27 21:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-09 15:05 - 2017-04-27 21:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-09 15:05 - 2017-04-27 21:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-09 15:05 - 2017-04-27 21:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-09 15:05 - 2017-04-27 21:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-09 15:05 - 2017-04-27 21:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-09 15:05 - 2017-04-27 21:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-09 15:05 - 2017-04-27 21:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-09 15:05 - 2017-04-27 21:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-09 15:05 - 2017-04-27 21:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-09 15:05 - 2017-04-27 21:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-09 15:05 - 2017-04-27 21:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-09 15:05 - 2017-04-27 21:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-09 15:05 - 2017-04-27 21:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-09 15:05 - 2017-04-27 21:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-09 15:05 - 2017-04-27 21:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-09 15:05 - 2017-04-27 21:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-09 15:05 - 2017-04-27 21:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-09 15:05 - 2017-04-27 21:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-09 15:05 - 2017-04-27 20:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-09 15:05 - 2017-04-27 20:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-09 15:05 - 2017-04-27 20:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-09 15:05 - 2017-04-27 20:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-09 15:05 - 2017-04-27 20:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-09 15:05 - 2017-04-27 20:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-09 15:05 - 2017-04-27 20:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-09 15:05 - 2017-04-27 20:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-09 15:05 - 2017-04-27 20:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-09 15:05 - 2017-04-27 20:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-09 15:05 - 2017-04-27 20:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-09 15:05 - 2017-04-27 20:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-09 15:05 - 2017-04-27 20:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-09 15:05 - 2017-04-27 20:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-09 15:05 - 2017-04-27 20:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-09 15:05 - 2017-04-27 20:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-09 15:05 - 2017-04-27 20:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-09 15:05 - 2017-04-27 20:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-09 15:05 - 2017-04-27 20:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-09 15:05 - 2017-04-27 20:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-09 15:05 - 2017-04-27 20:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-09 15:05 - 2017-04-27 20:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-09 15:05 - 2017-04-27 20:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-09 15:05 - 2017-04-27 20:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-09 15:05 - 2017-04-27 20:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-09 15:05 - 2017-04-27 20:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-09 15:05 - 2017-04-27 20:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-09 15:05 - 2017-04-27 20:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-09 15:05 - 2017-04-27 20:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-09 15:05 - 2017-04-27 20:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-09 15:05 - 2017-04-27 20:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-09 15:05 - 2017-04-27 20:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-09 15:05 - 2017-04-27 20:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-09 15:05 - 2017-04-27 20:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-09 15:05 - 2017-04-27 20:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-09 15:05 - 2017-04-27 20:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-09 15:05 - 2017-04-27 20:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-09 15:05 - 2017-04-27 20:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-09 15:05 - 2017-04-27 20:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-09 15:05 - 2017-04-27 20:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-09 15:05 - 2017-04-27 20:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-09 15:05 - 2017-04-27 20:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-09 15:05 - 2017-04-27 20:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-09 15:05 - 2017-04-27 20:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-09 15:05 - 2017-04-27 20:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-09 15:05 - 2017-04-27 20:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-09 15:05 - 2017-04-27 20:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-09 15:05 - 2017-04-27 20:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-09 15:05 - 2017-04-27 20:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-09 15:05 - 2017-04-27 20:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-09 15:05 - 2017-04-27 20:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-09 15:05 - 2017-04-27 20:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-09 15:05 - 2017-04-27 20:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-09 15:05 - 2017-04-27 20:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-09 15:05 - 2017-04-27 20:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-09 15:05 - 2017-04-27 20:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-09 15:05 - 2017-04-27 20:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-09 15:05 - 2017-04-27 20:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-09 15:05 - 2017-04-27 20:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-09 15:05 - 2017-04-27 20:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-09 15:05 - 2017-04-27 20:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-09 15:05 - 2017-04-27 20:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-09 15:05 - 2017-04-27 20:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-09 15:05 - 2017-04-27 20:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-09 15:05 - 2017-04-27 20:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-09 15:05 - 2017-04-27 20:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-09 15:05 - 2017-04-27 20:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-09 15:05 - 2017-04-27 20:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-09 15:05 - 2017-04-27 20:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-09 15:05 - 2017-04-27 20:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-09 15:05 - 2017-04-27 20:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-09 15:05 - 2017-04-27 20:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-09 15:05 - 2017-04-27 20:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-09 15:05 - 2017-04-27 20:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-09 15:05 - 2017-04-27 20:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-09 15:05 - 2017-04-27 20:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-09 15:05 - 2017-04-27 19:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-09 15:05 - 2017-04-27 19:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-09 15:05 - 2017-04-27 19:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-09 15:05 - 2017-04-27 19:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-09 15:05 - 2017-04-27 19:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-09 15:05 - 2017-04-27 19:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-09 15:05 - 2017-04-27 19:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-09 15:05 - 2017-04-27 19:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-09 15:05 - 2017-04-27 19:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-09 15:05 - 2017-04-27 19:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-09 15:05 - 2017-04-27 19:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-09 15:05 - 2017-04-27 19:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-09 15:05 - 2017-04-27 19:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-09 15:05 - 2017-04-27 19:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-09 15:05 - 2017-04-27 19:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-09 15:05 - 2017-04-27 19:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-09 15:05 - 2017-04-19 03:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-09 15:05 - 2017-04-19 03:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-09 15:05 - 2017-04-19 03:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-09 15:05 - 2017-04-19 03:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-09 15:05 - 2017-04-19 02:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-09 15:05 - 2017-04-19 02:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-09 15:05 - 2017-04-19 02:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-09 15:05 - 2017-04-19 02:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-09 15:05 - 2017-04-19 02:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-09 15:05 - 2017-04-19 02:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-09 15:05 - 2017-04-19 02:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-09 15:05 - 2017-04-19 02:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-09 15:05 - 2017-04-19 02:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-09 15:05 - 2017-04-19 02:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-09 15:05 - 2017-04-19 02:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-09 15:05 - 2017-04-19 02:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-09 15:05 - 2017-04-19 02:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-09 15:05 - 2017-04-19 02:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-09 15:05 - 2017-04-19 02:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-09 15:05 - 2017-04-19 02:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-09 15:05 - 2017-04-19 02:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-09 15:05 - 2017-04-19 02:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-09 15:05 - 2017-04-19 02:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-09 15:05 - 2017-04-19 02:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-09 15:05 - 2017-04-19 02:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-09 15:05 - 2017-04-19 02:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-09 15:05 - 2017-04-19 02:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-09 15:05 - 2017-04-19 02:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-09 15:05 - 2017-04-19 01:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-09 15:05 - 2017-04-19 01:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-09 15:05 - 2017-04-19 01:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-09 15:05 - 2017-04-19 01:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-09 15:05 - 2017-04-19 01:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-09 15:05 - 2017-04-19 01:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-09 15:05 - 2017-04-19 01:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-09 15:05 - 2017-04-19 01:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-09 15:05 - 2017-04-19 01:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-09 15:05 - 2017-04-19 01:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-09 15:05 - 2017-04-19 01:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-09 15:05 - 2017-04-19 01:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-09 15:05 - 2017-04-13 20:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-09 15:05 - 2017-04-13 20:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-09 15:05 - 2017-04-13 20:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-09 15:05 - 2017-04-13 20:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-09 15:05 - 2017-04-13 20:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-09 15:05 - 2017-04-13 20:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-09 15:05 - 2017-04-13 20:25 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-09 15:05 - 2017-04-13 20:25 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-09 15:05 - 2017-04-13 19:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-09 15:05 - 2017-04-13 19:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-09 15:05 - 2017-04-13 19:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-09 15:05 - 2017-04-13 19:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-09 15:05 - 2017-04-13 19:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-09 15:05 - 2017-04-13 19:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-09 15:05 - 2017-04-13 19:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-09 15:05 - 2017-04-13 19:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-09 15:05 - 2017-04-13 19:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-09 15:05 - 2017-04-13 19:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-09 15:05 - 2017-04-13 19:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-09 15:05 - 2017-04-13 19:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-09 15:05 - 2017-04-13 19:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-09 15:05 - 2017-04-13 19:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-09 15:05 - 2017-04-13 19:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-09 15:05 - 2017-04-13 19:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-09 15:05 - 2017-04-13 19:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-09 15:05 - 2017-04-13 19:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-09 15:05 - 2017-04-13 19:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-09 15:05 - 2017-04-13 19:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-09 15:05 - 2017-04-13 19:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-09 15:05 - 2017-04-13 19:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-09 15:05 - 2017-04-13 19:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-09 15:05 - 2017-04-13 19:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-09 15:05 - 2017-04-13 19:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-09 15:05 - 2017-04-13 19:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-09 15:05 - 2017-04-13 19:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-09 15:05 - 2017-04-13 19:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-09 15:05 - 2017-04-13 19:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-09 15:05 - 2017-04-13 19:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-09 15:05 - 2017-04-13 19:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-09 15:05 - 2017-04-13 19:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-09 15:05 - 2017-04-13 19:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-09 15:05 - 2017-04-13 19:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-09 15:05 - 2017-04-13 19:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-09 15:05 - 2017-04-13 19:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-09 15:05 - 2017-04-13 19:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-09 15:05 - 2017-04-13 19:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-09 15:05 - 2017-04-13 19:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-09 15:05 - 2017-04-13 19:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-09 15:05 - 2017-04-13 19:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-09 15:05 - 2017-04-13 19:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-09 15:05 - 2017-04-13 19:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-09 15:05 - 2017-04-13 19:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-09 15:05 - 2017-04-13 19:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-09 15:05 - 2017-04-13 19:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-09 15:05 - 2017-04-13 19:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-09 15:05 - 2017-04-13 19:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-09 15:02 - 2017-05-09 16:44 - 697470424 _____ (Image-Line) C:\Users\seth\Downloads\flstudio_12.4.2.exe
2017-05-09 14:43 - 2017-05-09 14:43 - 00000000 ____D C:\Users\seth\AppData\Roaming\Steam
2017-05-09 06:11 - 2017-05-13 21:03 - 00065396 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-05-08 21:37 - 2017-05-13 20:49 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-08 20:30 - 2017-05-08 20:30 - 00137203 _____ C:\Users\seth\Downloads\NBA.2K17-CODEX-_rarbg.com_.torrent
2017-05-08 20:25 - 2017-05-08 20:27 - 151494153 _____ C:\Users\seth\Downloads\NBA.2K17.Update.1.and.Crack-3DM.rar
2017-05-08 20:25 - 2017-05-08 20:26 - 29045448 _____ C:\Users\seth\Downloads\NBA.2K17.Update.1.Online.Fix-RVTFiX (1).rar
2017-05-08 20:22 - 2017-05-08 20:23 - 29045448 _____ C:\Users\seth\Downloads\NBA.2K17.Update.1.Online.Fix-RVTFiX.rar
2017-05-08 19:38 - 2017-05-08 19:38 - 00000000 ____D C:\Users\seth\AppData\Roaming\2K Sports
2017-05-08 19:12 - 2017-05-09 19:13 - 00000000 ____D C:\Users\seth\AppData\Roaming\NBA.2K17.[Legend.Edition.Gold].PC-ALI213
2017-05-08 19:12 - 2017-05-08 19:12 - 00003646 _____ C:\WINDOWS\System32\Tasks\Update Manager
2017-05-08 17:19 - 2017-05-08 19:29 - 00000000 ____D C:\Users\seth\Downloads\NBA.2K17.[Legend.Edition.Gold].PC-ALI213
2017-05-07 19:10 - 2017-05-07 19:10 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignbefa9e4c456a2c31
2017-05-07 19:10 - 2017-05-07 19:10 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign54e6ff191c2cf023
2017-05-07 19:10 - 2017-05-07 19:10 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign488320c6c2317d72
2017-05-07 19:10 - 2017-05-07 19:10 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign15c23fad455fb180
2017-05-07 19:01 - 2017-05-07 19:01 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignb3a6d438663322f0
2017-05-07 19:01 - 2017-05-07 19:01 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignaf0e819f65757ace
2017-05-07 19:01 - 2017-05-07 19:01 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignaf0e4ce959644d6d
2017-05-07 19:01 - 2017-05-07 19:01 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsigna8631d23a803879e
2017-05-07 19:01 - 2017-05-07 19:01 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign9b1bced340e78b55
2017-05-07 19:01 - 2017-05-07 19:01 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign8af0dbd0e439a300
2017-05-07 19:01 - 2017-05-07 19:01 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign43853ab22e630e78
2017-05-07 19:01 - 2017-05-07 19:01 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign36a24686f32702da
2017-05-07 19:01 - 2017-05-07 19:01 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign32ab3da7a4e9d655
2017-05-07 19:01 - 2017-05-07 19:01 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign2bc264c92849edbd
2017-05-07 19:01 - 2017-05-07 19:01 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign20873a63142fbaab
2017-05-07 19:01 - 2017-05-07 19:01 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign0ab68eba5f8a2eb7
2017-05-07 18:56 - 2017-05-07 18:56 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignd3da3b3ea1960e7b
2017-05-07 18:56 - 2017-05-07 18:56 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignc8fec5fc0db5a249
2017-05-07 18:56 - 2017-05-07 18:56 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign5f080fa35431d6a2
2017-05-07 18:56 - 2017-05-07 18:56 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign3837bfbfd9b91a74
2017-05-07 18:56 - 2017-05-07 18:56 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign062684a41069aed8
2017-05-07 18:52 - 2017-05-07 18:52 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignae3d3356834ce861
2017-05-07 18:52 - 2017-05-07 18:52 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign52c44948fc68aa4a
2017-05-07 18:52 - 2017-05-07 18:52 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign29ff06c296a265a8
2017-05-07 18:52 - 2017-05-07 18:52 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign16b51118d6d7d4b7
2017-05-07 18:44 - 2017-05-07 18:44 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign86cab67cc4eda926
2017-05-07 18:38 - 2017-05-07 18:38 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignee7291ffa52bb6ee
2017-05-07 18:38 - 2017-05-07 18:38 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign6df3afc4f556c638
2017-05-07 18:37 - 2017-05-07 18:37 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignafd1ff831395ee82
2017-05-07 18:37 - 2017-05-07 18:37 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign8526f8d750887b8d
2017-05-07 18:37 - 2017-05-07 18:37 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign72ea6588132bf33c
2017-05-07 18:24 - 2017-05-07 18:24 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsigne8bd574e86b6ddf2
2017-05-07 18:24 - 2017-05-07 18:24 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignde904fb73b583349
2017-05-07 18:24 - 2017-05-07 18:24 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign7c4213e00b8b1dac
2017-05-07 18:24 - 2017-05-07 18:24 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign61cbdc194682dd74
2017-05-07 18:24 - 2017-05-07 18:24 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign59fcff3140ee3f4e
2017-05-07 18:23 - 2017-05-07 18:23 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignc47d68f4a31eec97
2017-05-07 18:23 - 2017-05-07 18:23 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignb3dcf50e6d89792c
2017-05-07 18:23 - 2017-05-07 18:23 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign4cf38faa60280974
2017-05-07 18:23 - 2017-05-07 18:23 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign3b2edd7eec6a304f
2017-05-07 18:23 - 2017-05-07 18:23 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign2482fe4818b8d109
2017-05-07 18:22 - 2017-05-07 18:22 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign729368fe52746233
2017-05-07 18:18 - 2017-05-07 18:18 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsigne7e08c69adf124c1
2017-05-07 18:18 - 2017-05-07 18:18 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsigna06f4f562c021a2b
2017-05-07 18:18 - 2017-05-07 18:18 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign3a2d8f15025349fc
2017-05-07 18:18 - 2017-05-07 18:18 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign0fd686235ac862c6
2017-05-07 18:18 - 2017-05-07 18:18 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign07b67ae28f08fef9
2017-05-07 16:39 - 2017-05-07 16:39 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignec34734153acf825
2017-05-07 16:39 - 2017-05-07 16:39 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignb9d8fe7b7fcd1605
2017-05-07 16:39 - 2017-05-07 16:39 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign9534437e5b0899a4
2017-05-07 16:39 - 2017-05-07 16:39 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign2ad8699c32645ec9
2017-05-07 16:39 - 2017-05-07 16:39 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign29707628dd4cb6a3
2017-05-07 16:30 - 2017-05-07 16:30 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign954b3bfd2db9e05c
2017-05-07 16:29 - 2017-05-07 16:29 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignd81398fc416db3fd
2017-05-07 16:29 - 2017-05-07 16:29 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignccb6a6419f01d211
2017-05-07 16:29 - 2017-05-07 16:29 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign4810b5b26fa7cce3
2017-05-07 15:58 - 2017-05-07 15:58 - 00000000 ____D C:\Users\seth\AppData\LocalLow\Adobe
2017-05-07 15:53 - 2017-05-07 15:53 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignb92f3a6070f80b49
2017-05-07 15:53 - 2017-05-07 15:53 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign3b7b39f2d9f60143
2017-05-07 15:51 - 2017-05-10 14:54 - 00000000 ___RD C:\Users\seth\Creative Cloud Files
2017-05-07 15:51 - 2017-05-09 17:45 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-05-07 15:51 - 2017-05-07 15:51 - 00003602 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-seths-PC-seth
2017-05-07 15:51 - 2017-05-07 15:51 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsignd9e6296afc19eb54
2017-05-07 15:51 - 2017-05-07 15:51 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign714cf65eb6eaca6d
2017-05-07 15:51 - 2017-05-07 15:51 - 00000000 ____D C:\Users\seth\AppData\Local\Tempzxpsign22dbb88a2dfc3092
2017-05-07 15:51 - 2017-05-07 15:51 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-05-07 15:50 - 2017-05-07 15:50 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-05-07 15:50 - 2017-05-07 15:50 - 00000000 ____D C:\Users\seth\Documents\Adobe
2017-05-07 15:48 - 2017-05-07 15:50 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-05-07 15:48 - 2017-05-07 15:48 - 00000000 ____D C:\Program Files\Adobe
2017-05-07 15:47 - 2017-05-07 15:47 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-05-07 15:47 - 2017-05-07 15:47 - 00001286 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-05-07 15:46 - 2017-05-07 15:51 - 00000000 ____D C:\ProgramData\Adobe
2017-05-07 15:43 - 2017-05-13 12:02 - 00000000 ____D C:\Users\seth\AppData\Local\Adobe
2017-05-07 15:43 - 2017-05-07 15:43 - 02048568 _____ (Adobe Systems Incorporated) C:\Users\seth\Downloads\Photoshop_Set-Up.exe
2017-05-07 15:41 - 2017-05-07 15:41 - 00001245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.lnk
2017-05-07 15:41 - 2017-05-07 15:41 - 00001240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.lnk
2017-05-07 15:41 - 2017-05-07 15:41 - 00000193 _____ C:\WINDOWS\wordpad.INI
2017-05-07 15:35 - 2017-05-07 15:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-05-07 15:35 - 1998-11-05 10:08 - 00087392 ____N (Twain Working Group) C:\WINDOWS\twain.dll
2017-05-07 15:33 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2017-05-07 15:31 - 2008-10-24 02:10 - 00000000 ____D C:\Users\seth\Desktop\Adobe Photo Shop 7 + serial
2017-05-07 15:28 - 2017-05-07 15:29 - 161020455 _____ C:\Users\seth\Downloads\Adobe Photo Shop 7 + serial.rar
2017-05-07 11:28 - 2017-05-07 11:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3974007708-559372529-1078681355-1000
2017-05-07 11:12 - 2017-05-13 20:48 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2017-05-07 11:12 - 2017-05-07 11:12 - 00004338 _____ C:\WINDOWS\System32\Tasks\Norton Security Scan for seth
2017-05-07 11:12 - 2017-05-07 11:12 - 00001530 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2017-05-07 11:12 - 2017-05-07 11:12 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSSx64
2017-05-07 11:12 - 2017-05-07 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2017-05-07 11:12 - 2017-05-07 11:12 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2017-05-07 11:11 - 2017-05-13 20:37 - 00000000 ____D C:\Users\seth\AppData\Local\ElevatedDiagnostics
2017-05-07 10:20 - 2017-05-07 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-07 10:20 - 2017-05-07 10:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-07 10:20 - 2017-05-07 10:20 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-07 10:20 - 2017-03-22 11:02 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-07 10:19 - 2017-05-07 10:19 - 60107896 _____ (Malwarebytes ) C:\Users\seth\Downloads\mb3-setup-consumer-3.0.6.1469-10103 (1).exe
2017-05-07 10:08 - 2017-05-07 16:31 - 00000000 ____D C:\Users\seth\AppData\Local\Discord
2017-05-07 09:42 - 2017-05-07 10:06 - 00173068 _____ C:\WINDOWS\ZAM.krnl.trace
2017-05-07 09:41 - 2017-05-07 10:14 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-05-07 09:41 - 2017-05-07 09:41 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-05-07 09:41 - 2017-05-07 09:41 - 00000000 ____D C:\Users\seth\AppData\Local\Zemana
2017-05-07 09:37 - 2017-05-07 09:41 - 00006464 _____ C:\Users\seth\Desktop\Rkill.txt
2017-05-07 09:29 - 2017-05-07 09:29 - 00000000 ____D C:\Users\seth\AppData\Roaming\Macromedia
2017-05-07 09:13 - 2017-05-07 09:13 - 00000000 ____D C:\Users\seth\AppData\Local\TempOfficeC2R9ACF559B-9164-4A04-9AF5-A742E55CE20B
2017-05-07 09:08 - 2017-05-13 20:47 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-05-07 09:07 - 2017-05-13 20:46 - 00000000 ____D C:\ProgramData\Norton
2017-05-07 09:07 - 2017-05-07 09:07 - 00001345 _____ C:\Users\seth\Desktop\Norton Installation Files.lnk
2017-05-07 09:07 - 2017-05-07 09:07 - 00000000 ____D C:\Users\Public\Downloads\Norton
2017-05-07 08:25 - 2017-05-07 08:25 - 60107896 _____ (Malwarebytes ) C:\Users\seth\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-05-07 08:19 - 2017-05-13 15:44 - 00000000 ____D C:\Users\seth\AppData\Local\ntuserlitelist
2017-05-07 08:14 - 2017-05-13 20:54 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A39DD078-754D-408C-8BD2-95A571D7E556}
2017-05-07 08:14 - 2017-05-07 08:14 - 00000000 ____D C:\Users\seth\AppData\Roaming\SmartSteamEmu
2017-05-07 08:14 - 2017-05-07 08:14 - 00000000 ____D C:\Users\seth\ansel
2017-05-07 08:13 - 2017-05-07 09:30 - 00001053 _____ C:\WINDOWS\SysWOW64\splsrv.exe
2017-05-07 08:13 - 2017-05-07 08:28 - 00000000 ____D C:\Program Files (x86)\s5
2017-05-07 08:13 - 2017-05-07 08:13 - 00000000 ____D C:\Users\seth\AppData\Local\remtb
2017-05-07 07:56 - 2017-05-13 17:07 - 00001291 _____ C:\Users\seth\Desktop\Google Chrome.lnk
2017-05-07 07:54 - 2017-05-07 07:58 - 00000000 ____D C:\WINDOWS\SysWOW64\SSL
2017-05-07 07:54 - 2017-05-07 07:54 - 03506290 _____ C:\WINDOWS\GoogleChrome.exe
2017-05-07 07:54 - 2017-05-07 07:54 - 02497172 _____ C:\WINDOWS\chromebrowser.exe
2017-05-06 21:18 - 2017-05-06 21:18 - 00002117 _____ C:\Users\seth\Desktop\FL Studio 12 (64bit).lnk
2017-05-06 21:18 - 2017-05-06 21:18 - 00002101 _____ C:\Users\seth\Desktop\FL Studio 12.lnk
2017-05-06 21:15 - 2017-05-07 09:43 - 00000000 ____D C:\Users\seth\Desktop\Crack
2017-05-06 21:13 - 2017-05-06 21:14 - 00000000 ____D C:\Users\seth\Downloads\FL STUDIO Producer Edition 12.2.3 + Crack
2017-05-06 21:12 - 2017-05-06 21:12 - 00000000 ____D C:\Users\seth\AppData\Local\DBG
2017-05-06 21:11 - 2017-05-06 21:11 - 00000000 ____D C:\Users\seth\Downloads\FL STUDIO 12 Producer Edition v12.2 [build3]  32Bit & 64Bit + Crack
2017-05-06 20:47 - 2017-05-06 20:47 - 00000000 ____D C:\Users\seth\AppData\Local\PeerDistRepub
2017-05-06 19:27 - 2017-05-06 19:27 - 00008748 _____ C:\Users\seth\AppData\Roaming\config.txt
2017-05-06 19:23 - 2017-05-06 19:23 - 00016384 _____ (noOrg) C:\Users\seth\AppData\Roaming\Run.exe
2017-05-06 19:02 - 2017-03-31 20:57 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-06 19:02 - 2017-03-31 20:57 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-06 19:02 - 2017-03-31 20:51 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-06 19:02 - 2017-03-31 20:29 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-06 19:02 - 2017-03-31 20:28 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-06 19:02 - 2017-03-31 20:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-06 19:02 - 2017-03-31 20:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-06 19:02 - 2017-03-31 20:04 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-06 19:02 - 2017-03-31 20:04 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-06 19:02 - 2017-03-31 20:02 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-06 19:02 - 2017-03-31 20:01 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-06 19:02 - 2017-03-31 19:58 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-06 19:02 - 2017-03-31 19:58 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-06 19:02 - 2017-03-31 19:56 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-06 19:02 - 2017-03-31 19:55 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-06 19:02 - 2017-03-31 19:52 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-06 19:02 - 2017-03-31 19:52 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-06 19:02 - 2017-03-31 19:50 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-06 19:02 - 2017-03-31 17:00 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-06 19:01 - 2017-03-31 21:05 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-06 19:01 - 2017-03-31 21:04 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-06 19:01 - 2017-03-31 21:04 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-06 19:01 - 2017-03-31 21:04 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-06 19:01 - 2017-03-31 20:52 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-06 19:01 - 2017-03-31 20:05 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-06 19:01 - 2017-03-31 19:55 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-06 19:01 - 2017-03-31 19:50 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-06 19:01 - 2017-03-31 19:45 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-06 19:01 - 2017-03-31 19:44 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-06 09:53 - 2017-05-06 09:53 - 02265600 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\seth\AppData\Roaming\libeay32.dll
2017-05-06 09:53 - 2017-05-06 09:53 - 00413696 _____ (Google Inc.) C:\Users\seth\AppData\Roaming\mine.exe
2017-05-06 09:53 - 2017-05-06 09:53 - 00385024 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\seth\AppData\Roaming\ssleay32.dll
2017-05-06 02:52 - 2017-05-06 02:52 - 00089416 _____ (Microsoft Corporation) C:\Users\seth\AppData\Roaming\vcruntime140.dll
2017-05-06 02:51 - 2017-05-06 02:51 - 00639808 _____ (Microsoft Corporation) C:\Users\seth\AppData\Roaming\msvcp140.dll
2017-05-05 22:26 - 2017-05-05 22:26 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-05 22:26 - 2017-05-05 22:26 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-05-05 22:26 - 2017-05-05 22:26 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-05-05 22:26 - 2017-05-05 22:26 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-05-05 22:26 - 2017-05-05 22:26 - 00000000 ____D C:\Windows.old
2017-05-05 22:26 - 2017-05-05 22:26 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-05-05 22:26 - 2017-05-05 22:26 - 00000000 ____D C:\Program Files\MSBuild
2017-05-05 22:26 - 2017-05-05 22:26 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-05-05 22:26 - 2017-05-05 22:26 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-05 22:26 - 2017-05-05 22:26 - 00000000 ____D C:\inetpub
2017-05-05 22:26 - 2017-02-10 15:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-05-05 22:26 - 2017-02-10 15:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-05-05 22:26 - 2017-02-10 15:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-05-05 22:26 - 2017-02-10 15:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-05-05 22:26 - 2017-02-10 15:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-05-05 22:26 - 2017-02-10 15:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-05-05 21:42 - 2017-05-05 21:42 - 02135283 _____ C:\Users\seth\Downloads\video.mov
2017-05-05 18:43 - 2017-05-05 18:44 - 00000000 ____D C:\Program Files (x86)\DriverToolkit
2017-05-05 18:43 - 2017-05-05 18:43 - 00000000 ____D C:\Users\seth\AppData\Local\DriverToolkit
2017-05-05 18:41 - 2017-05-05 18:41 - 00000000 ____D C:\ProgramData\USOShared
2017-05-05 18:38 - 2017-05-05 18:38 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-05-05 18:38 - 2017-02-23 04:17 - 00136064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-05-05 18:38 - 2017-01-25 20:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-05-05 18:38 - 2017-01-25 20:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-05-05 18:38 - 2017-01-25 20:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-05-05 18:38 - 2017-01-25 20:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-05-05 18:37 - 2017-05-05 18:37 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-05 18:37 - 2017-05-05 18:37 - 00002398 _____ C:\Users\seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-05 18:36 - 2017-05-07 07:42 - 00000000 ____D C:\Users\seth\AppData\Local\Comms
2017-05-05 18:36 - 2017-05-05 18:48 - 00000000 ____D C:\Users\seth\AppData\Local\MicrosoftEdge
2017-05-05 18:35 - 2017-05-05 18:35 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-05-05 18:34 - 2017-05-13 15:50 - 00000000 ____D C:\Users\seth\AppData\Local\Packages
2017-05-05 18:34 - 2017-05-09 17:45 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-05 18:34 - 2017-05-07 07:42 - 00000000 ____D C:\Users\seth\AppData\Local\ConnectedDevicesPlatform
2017-05-05 18:34 - 2017-05-05 18:34 - 00000020 ___SH C:\Users\seth\ntuser.ini
2017-05-05 18:34 - 2017-05-05 18:34 - 00000000 ____D C:\Users\seth\AppData\Local\TileDataLayer
2017-05-05 18:34 - 2017-05-05 18:34 - 00000000 ____D C:\Users\seth\AppData\Local\Publishers
2017-05-05 18:33 - 2017-05-05 18:33 - 00000000 _SHDL C:\Users\Default\My Documents
2017-05-05 18:32 - 2017-05-13 20:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-05 18:32 - 2017-05-13 16:30 - 00014838 _____ C:\WINDOWS\diagwrn.xml
2017-05-05 18:32 - 2017-05-13 16:30 - 00009528 _____ C:\WINDOWS\diagerr.xml
2017-05-05 18:32 - 2017-05-13 14:13 - 00002820 _____ C:\WINDOWS\System32\Tasks\{36747A84-3735-0603-3F1B-045E5B0259BA}
2017-05-05 18:32 - 2017-05-05 18:41 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-05 18:32 - 2017-05-05 18:41 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-05 18:32 - 2017-05-05 18:41 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-05 18:32 - 2017-05-05 18:41 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-05 18:32 - 2017-05-05 18:41 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-05 18:32 - 2017-05-05 18:41 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-05 18:32 - 2017-05-05 18:41 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-05 18:32 - 2017-05-05 18:32 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-05 18:32 - 2017-05-05 18:32 - 00003528 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2017-05-05 18:32 - 2017-05-05 18:32 - 00003440 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-05 18:32 - 2017-05-05 18:32 - 00003318 _____ C:\WINDOWS\System32\Tasks\{6A513571-6571-FCF0-90F3-681130D76092}
2017-05-05 18:32 - 2017-05-05 18:32 - 00003312 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-05 18:32 - 2017-05-05 18:32 - 00003298 _____ C:\WINDOWS\System32\Tasks\{260DAB19-D00F-4B7C-8BA1-F41E9D9FEE12}
2017-05-05 18:32 - 2017-05-05 18:32 - 00003178 _____ C:\WINDOWS\System32\Tasks\MSIOSDx86_Host
2017-05-05 18:32 - 2017-05-05 18:32 - 00003178 _____ C:\WINDOWS\System32\Tasks\MSIOSDx64_Host
2017-05-05 18:32 - 2017-05-05 18:32 - 00003112 _____ C:\WINDOWS\System32\Tasks\MSISW_Host
2017-05-05 18:32 - 2017-05-05 18:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-05-05 18:32 - 2017-05-05 18:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-05-05 18:32 - 2017-05-05 18:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-05-05 18:32 - 2017-05-05 18:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-05-05 18:32 - 2016-12-30 06:27 - 00003150 _____ C:\WINDOWS\System32\Tasks\{68664CBE-2C8C-4C8B-8145-F9B75A2473B1}
2017-05-05 18:32 - 2016-12-29 18:48 - 00002790 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-05-05 18:31 - 2017-05-05 18:31 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-05 18:31 - 2017-05-05 18:31 - 00000252 ____H C:\WINDOWS\Tasks\MSISW_Host.job
2017-05-05 18:30 - 2017-05-05 18:30 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-05-05 18:30 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-05 18:29 - 2017-05-13 20:55 - 01560182 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-05 18:29 - 2017-05-13 20:49 - 00000000 ____D C:\Users\seth
2017-05-05 18:29 - 2017-05-05 18:29 - 00939752 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-05-05 18:29 - 2017-05-05 18:29 - 00000000 _SHDL C:\Users\seth\My Documents
2017-05-05 18:29 - 2017-05-05 18:29 - 00000000 _SHDL C:\Users\seth\Documents\My Videos
2017-05-05 18:29 - 2017-05-05 18:29 - 00000000 _SHDL C:\Users\seth\Documents\My Pictures
2017-05-05 18:29 - 2017-05-05 18:29 - 00000000 _SHDL C:\Users\seth\Documents\My Music
2017-05-05 18:28 - 2017-05-13 14:12 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-05 18:28 - 2017-05-09 17:32 - 00380296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-05 18:28 - 2017-05-05 18:28 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-05 18:16 - 2017-05-13 16:30 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-05 18:16 - 2017-05-05 18:22 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-05 18:11 - 2017-05-13 16:30 - 00000000 ____D C:\ESD
2017-05-05 18:10 - 2017-05-05 18:10 - 18357776 _____ (Microsoft Corporation) C:\Users\seth\Downloads\MediaCreationTool.exe
2017-05-05 18:07 - 2017-05-07 08:29 - 00000000 ___HD C:\Users\seth\AppData\Local\029dc7dd17135f56
2017-05-05 18:07 - 2017-05-05 18:07 - 00000000 ___HD C:\Users\seth\AppData\Local\0cf3cd792e81a95f
2017-05-05 04:19 - 2017-05-05 04:19 - 00066408 _____ (QRDXPX) C:\WINDOWS\system32\Drivers\5e711147cd3a4e2f738049e5960994d6.sys
2017-05-05 04:19 - 2017-05-05 04:19 - 00051619 _____ C:\WINDOWS\uninstaller.dat
2017-05-03 20:06 - 2017-05-03 21:06 - 00000270 _____ C:\WINDOWS\Tasks\{6A513571-6571-FCF0-90F3-681130D76092}.job
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N C:\WINDOWS\system32\tprdpw64.exe
2017-04-25 17:37 - 2017-04-25 17:37 - 33956566 _____ C:\Users\seth\Desktop\WELCOME - TO (1).wav
2017-04-25 17:36 - 2017-04-25 17:36 - 00011531 _____ C:\Users\seth\Desktop\WELCOME - TO (1).aup
2017-04-25 17:36 - 2017-04-25 17:36 - 00000000 ____D C:\Users\seth\Desktop\ghdhghhgf
2017-04-25 17:14 - 2017-04-25 17:14 - 00002640 _____ C:\Users\seth\Desktop\Quadratic Formula Pop Goes the Weasel.aup
2017-04-25 17:14 - 2017-04-25 17:14 - 00000000 ____D C:\Users\seth\Desktop\Quadratic Formula Pop Goes the Weasel_data
2017-04-25 16:11 - 2017-04-25 16:11 - 00000000 ____D C:\Users\seth\Documents\ROBLOX
2017-04-25 16:07 - 2017-05-03 20:09 - 00000000 ____D C:\Users\seth\AppData\LocalLow\RbxLogs
2017-04-23 19:47 - 2017-04-23 19:47 - 115776886 _____ C:\Users\seth\Downloads\2017-04-23 19-34-52.mov
2017-04-23 19:47 - 2017-04-23 19:47 - 115776886 _____ C:\Users\seth\Desktop\2017-04-23 19-34-52.mov
2017-04-23 19:40 - 2017-04-23 19:40 - 00000000 ____D C:\Users\seth\AppData\Local\Movavi
2017-04-23 19:40 - 2017-04-23 19:40 - 00000000 ____D C:\Users\seth\AppData\Local\converter
2017-04-23 19:40 - 2017-04-23 19:40 - 00000000 ____D C:\Users\seth\.fontconfig
2017-04-23 19:39 - 2017-05-05 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 17
2017-04-23 19:39 - 2017-04-23 19:39 - 42296976 _____ (Movavi) C:\Users\seth\Downloads\MovaviVideoConverterSetupC.exe
2017-04-23 19:39 - 2017-04-23 19:39 - 00005041 _____ C:\ProgramData\mudtcpaz.vzs
2017-04-23 19:39 - 2017-04-23 19:39 - 00001131 _____ C:\Users\Public\Desktop\Movavi Video Converter 17.lnk
2017-04-23 19:39 - 2017-04-23 19:39 - 00000016 _____ C:\ProgramData\mntemp
2017-04-23 19:39 - 2017-04-23 19:39 - 00000000 ____D C:\ProgramData\Movavi Video Converter 17
2017-04-23 19:39 - 2017-04-23 19:39 - 00000000 ____D C:\ProgramData\Movavi
2017-04-23 19:39 - 2017-04-23 19:39 - 00000000 ____D C:\Program Files (x86)\Movavi Video Converter 17
2017-04-23 19:22 - 2017-05-05 18:46 - 00000000 ____D C:\Users\seth\AppData\Roaming\obs-studio
2017-04-23 19:22 - 2017-05-05 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-04-23 19:22 - 2017-04-23 19:22 - 00001198 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-04-23 19:21 - 2017-04-23 19:22 - 00000000 ____D C:\Program Files (x86)\obs-studio
2017-04-23 19:20 - 2017-04-23 19:21 - 113034688 _____ (obsproject.com) C:\Users\seth\Downloads\OBS-Studio-18.0.1-Full-Installer.exe
2017-04-23 19:04 - 2017-05-12 20:05 - 00001466 _____ C:\Users\seth\Desktop\ROBLOX Player.lnk
2017-04-23 19:04 - 2017-05-12 20:05 - 00001281 _____ C:\Users\seth\Desktop\ROBLOX Studio.lnk
2017-04-23 19:04 - 2017-05-12 20:05 - 00000000 ____D C:\Users\seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-04-23 19:04 - 2017-04-25 17:09 - 00000000 ____D C:\Users\seth\AppData\Local\Roblox
2017-04-23 19:04 - 2017-04-25 16:06 - 00000252 _____ C:\Users\seth\AppData\LocalLow\rbxcsettings.rbx
2017-04-23 19:04 - 2017-04-23 19:04 - 00852024 _____ (ROBLOX Corporation) C:\Users\seth\Downloads\RobloxPlayerLauncher.exe
2017-04-23 14:38 - 2017-04-23 14:38 - 16226743 _____ C:\Users\seth\Desktop\dfsdfsdfsdfsdfsdfsdf.mp4
2017-04-23 14:32 - 2017-04-23 14:32 - 49480914 _____ C:\Users\seth\Desktop\bleep - Me earrape.wav
2017-04-23 14:31 - 2017-04-23 14:31 - 00016173 _____ C:\Users\seth\Desktop\bleep - Me earrape.aup
2017-04-23 14:31 - 2017-04-23 14:31 - 00000000 ____D C:\Users\seth\Desktop\bleep - Me earrape_data
2017-04-23 13:36 - 2017-05-13 14:13 - 00019333 _____ C:\Users\seth\AppData\Roaming\Mihohakenera
2017-04-23 13:09 - 2017-05-05 19:24 - 00001267 _____ C:\Users\seth\Desktop\nativelog.txt
2017-04-18 20:04 - 2017-03-27 23:32 - 00153536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-04-18 20:04 - 2017-03-27 23:32 - 00127424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-04-18 20:04 - 2017-03-27 23:32 - 00047552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-13 21:00 - 2017-03-31 20:40 - 00000000 ____D C:\Users\seth\AppData\Roaming\uTorrent
2017-05-13 20:50 - 2017-01-11 20:49 - 00000000 ____D C:\Users\seth\AppData\Roaming\Skype
2017-05-13 20:49 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-13 20:49 - 2017-02-05 14:08 - 00000000 ___RD C:\Users\seth\iCloudDrive
2017-05-13 20:49 - 2016-12-30 09:46 - 00304351 ____N C:\WINDOWS\Minidump\051317-6578-01.dmp
2017-05-13 20:49 - 2016-12-29 23:55 - 00000000 ____D C:\Users\seth\AppData\Roaming\discord
2017-05-13 20:49 - 2016-12-29 19:57 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-13 20:29 - 2009-07-13 22:34 - 00000466 _____ C:\WINDOWS\win.ini
2017-05-13 17:33 - 2017-03-18 07:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-05-13 17:07 - 2016-12-29 20:14 - 00000000 ____D C:\Users\seth\AppData\Local\Google
2017-05-13 17:05 - 2016-12-30 06:10 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-13 17:05 - 2016-12-29 23:51 - 00000000 ____D C:\Users\seth\AppData\Local\CrashDumps
2017-05-13 16:23 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-13 16:23 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-13 15:55 - 2017-03-22 16:00 - 00000000 ____D C:\Users\seth\Desktop\adbfw128
2017-05-13 15:25 - 2017-01-11 20:17 - 00000000 ____D C:\Users\seth\AppData\Roaming\Audacity
2017-05-13 14:28 - 2017-03-31 18:33 - 00000280 _____ C:\WINDOWS\Tasks\{36747A84-3735-0603-3F1B-045E5B0259BA}.job
2017-05-13 14:26 - 2016-12-29 23:55 - 00000000 ____D C:\Users\seth\AppData\Local\SquirrelTemp
2017-05-13 14:23 - 2016-12-29 23:55 - 52553728 _____ (Hammer & Chisel, Inc.) C:\Users\seth\Downloads\DiscordSetup.exe
2017-05-13 14:22 - 2016-12-29 23:55 - 00000000 ____D C:\Users\seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-05-13 14:14 - 2017-03-31 18:32 - 00000000 ____D C:\Users\seth\AppData\Local\{9A65AC39-BECD-C081-D355-E569F73D19F1}
2017-05-13 14:13 - 2017-03-31 18:33 - 00000000 ____D C:\Users\seth\AppData\Roaming\36747a84373506033f1b045e5b0259ba
2017-05-13 14:12 - 2017-01-11 14:36 - 00000344 __RSH C:\ProgramData\ntuser.pol
2017-05-13 13:32 - 2017-01-12 01:37 - 00000293 _____ C:\Users\seth\AppData\Roaming\WB.CFG
2017-05-12 20:08 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-12 20:07 - 2016-12-31 20:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-09 17:42 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-09 17:41 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-09 17:31 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-09 17:31 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-09 17:31 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-09 17:31 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-09 17:31 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-09 17:31 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-09 17:31 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-09 17:31 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-09 17:31 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-09 17:31 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-09 17:31 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-09 17:31 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-08 21:37 - 2016-12-30 09:46 - 00303191 ____N C:\WINDOWS\Minidump\050817-5343-01.dmp
2017-05-08 19:36 - 2016-12-29 20:39 - 00000000 ____D C:\Users\seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-07 20:24 - 2017-02-05 14:08 - 00000000 ____D C:\Users\seth\Documents\Outlook Files
2017-05-07 20:24 - 2017-02-05 14:08 - 00000000 ____D C:\Users\seth\AppData\Local\DF1B39D4-3E78-4B61-8B3E-24F81B03264F.aplzod
2017-05-07 20:24 - 2016-12-31 20:04 - 00002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-05-07 16:32 - 2017-03-22 15:56 - 00000000 ____D C:\Users\seth\AppData\Roaming\Adobe
2017-05-07 16:32 - 2016-12-29 20:14 - 00000000 ____D C:\Users\seth\AppData\Local\VirtualStore
2017-05-07 10:14 - 2017-03-18 17:03 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-05-07 10:12 - 2017-03-18 07:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-05-07 09:31 - 2017-01-07 20:28 - 00000000 ____D C:\Users\seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-05-07 09:31 - 2017-01-07 20:28 - 00000000 ____D C:\Program Files\Image-Line
2017-05-07 09:31 - 2017-01-07 20:26 - 00000000 ____D C:\Program Files (x86)\Image-Line
2017-05-07 08:19 - 2017-01-11 20:47 - 00000000 ____D C:\Users\seth\Tracing
2017-05-07 08:05 - 2016-12-29 18:47 - 00002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-07 08:05 - 2016-12-29 18:47 - 00002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-06 21:18 - 2017-01-07 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-05-06 19:26 - 2016-12-29 20:19 - 00000000 ____D C:\Users\seth\AppData\Local\Ubisoft Game Launcher
2017-05-06 19:00 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-06 19:00 - 2010-11-20 23:27 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-05 22:27 - 2017-03-18 17:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-05 22:26 - 2017-03-18 17:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-05 22:26 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-05-05 22:26 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-05-05 22:26 - 2017-03-18 16:59 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-05-05 22:26 - 2017-03-18 16:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-05-05 22:26 - 2017-03-18 16:59 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-05-05 22:26 - 2017-03-18 16:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-05-05 22:26 - 2017-03-18 16:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-05-05 22:26 - 2017-03-18 16:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-05-05 22:26 - 2017-03-18 16:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-05-05 22:26 - 2017-03-18 16:59 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-05-05 22:26 - 2017-03-18 16:56 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-05-05 22:26 - 2017-03-18 16:56 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-05-05 22:26 - 2017-03-18 16:56 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-05-05 22:26 - 2017-03-18 16:56 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-05-05 22:26 - 2017-03-18 16:56 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-05-05 22:26 - 2017-03-18 16:56 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-05-05 22:26 - 2017-03-18 16:56 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-05-05 22:26 - 2017-03-18 16:56 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-05-05 22:26 - 2017-03-18 16:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-05-05 22:26 - 2017-03-18 16:56 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-05-05 22:26 - 2017-03-18 16:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-05-05 22:26 - 2017-03-18 16:56 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-05-05 22:26 - 2017-03-18 16:56 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-05-05 22:26 - 2017-03-18 16:56 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-05-05 22:26 - 2017-03-18 16:56 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-05-05 19:24 - 2016-12-31 14:45 - 00000000 ____D C:\Users\seth\AppData\Roaming\.minecraft
2017-05-05 18:47 - 2016-12-29 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-05 18:42 - 2016-12-29 19:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-05 18:41 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-05-05 18:41 - 2016-12-29 19:57 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-05-05 18:41 - 2016-12-29 19:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-05 18:41 - 2016-12-29 19:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-05 18:37 - 2016-12-31 20:11 - 00000000 ___RD C:\Users\seth\OneDrive
2017-05-05 18:35 - 2016-12-29 19:38 - 00000000 ____D C:\Program Files (x86)\Razer
2017-05-05 18:33 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-05 18:33 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-05 18:33 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-05 18:32 - 2017-03-18 17:03 - 00000000 __RSD C:\WINDOWS\Media
2017-05-05 18:32 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-05 18:32 - 2017-02-05 14:08 - 00000000 ____D C:\Users\seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2017-05-05 18:32 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-05 18:31 - 2017-03-31 20:58 - 00000000 ____D C:\Users\seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Splice
2017-05-05 18:31 - 2017-02-05 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-05-05 18:31 - 2017-02-05 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-05-05 18:31 - 2017-02-05 14:00 - 00000000 ____D C:\WINDOWS\SysWOW64\DCS
2017-05-05 18:31 - 2017-01-25 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2017-05-05 18:31 - 2017-01-11 20:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-05-05 18:31 - 2017-01-11 20:46 - 00000000 ____D C:\WINDOWS\en
2017-05-05 18:31 - 2017-01-11 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Win Movie Maker
2017-05-05 18:31 - 2017-01-11 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2017-05-05 18:31 - 2017-01-10 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2017-05-05 18:31 - 2017-01-07 20:28 - 00000000 ____D C:\Users\seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-05-05 18:31 - 2017-01-07 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LMMS 1.1.3
2017-05-05 18:31 - 2016-12-31 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-05-05 18:31 - 2016-12-31 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-05-05 18:31 - 2016-12-30 06:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt™ Software
2017-05-05 18:31 - 2016-12-30 06:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-05 18:31 - 2016-12-29 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-05-05 18:31 - 2016-12-29 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-05 18:31 - 2016-12-29 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-05 18:31 - 2016-12-29 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2017-05-05 18:30 - 2017-03-18 17:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-05-05 18:30 - 2017-03-18 17:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-05-05 18:30 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-05-05 18:30 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-05-05 18:30 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\IME
2017-05-05 18:30 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\schemas
2017-05-05 18:30 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-05 18:30 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-05 18:30 - 2017-02-05 13:59 - 00000000 ____D C:\WINDOWS\SysWOW64\Cef
2017-05-05 18:30 - 2017-01-11 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-05 18:30 - 2017-01-11 20:46 - 00000000 ____D C:\Program Files\Windows Live
2017-05-05 18:30 - 2017-01-11 20:38 - 00000000 ____D C:\Program Files (x86)\Windows Live
2017-05-05 18:30 - 2016-12-30 06:17 - 00000000 ____D C:\Program Files (x86)\Intel
2017-05-05 18:30 - 2016-12-29 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2017-05-05 18:30 - 2016-12-29 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-05-05 18:30 - 2016-12-29 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
2017-05-05 18:30 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-05-05 18:29 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-05 18:29 - 2016-12-29 20:19 - 00000000 ____D C:\Users\seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-05-05 18:29 - 2009-07-13 23:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-05 18:28 - 2017-03-18 22:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-05 18:28 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-05-05 18:28 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-05-05 18:24 - 2009-07-14 00:45 - 00022096 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-05 18:24 - 2009-07-14 00:45 - 00022096 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-03 20:32 - 2017-02-22 20:36 - 00000250 _____ C:\WINDOWS\Tasks\{260DAB19-D00F-4B7C-8BA1-F41E9D9FEE12}.job
2017-04-28 21:05 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-28 21:05 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-26 01:40 - 2017-02-05 14:03 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-04-26 01:40 - 2016-12-29 19:57 - 01882048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-04-26 01:40 - 2016-12-29 19:57 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-04-26 01:40 - 2016-12-29 19:57 - 01472960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-04-26 01:40 - 2016-12-29 19:57 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-04-26 01:40 - 2016-12-29 19:57 - 00121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-04-26 01:03 - 2016-12-29 19:57 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-04-23 14:34 - 2017-01-11 20:45 - 00000000 ____D C:\Users\seth\AppData\Local\Windows Live
2017-04-23 13:09 - 2016-12-31 14:45 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-04-18 20:03 - 2017-04-01 09:32 - 00000000 ____D C:\Users\seth\AppData\Local\Splice
 
==================== Files in the root of some directories =======
 
2017-05-06 19:27 - 2017-05-06 19:27 - 0008748 _____ () C:\Users\seth\AppData\Roaming\config.txt
2017-02-22 20:36 - 2017-01-11 14:36 - 0000472 _____ () C:\Users\seth\AppData\Roaming\install.log
2017-05-06 09:53 - 2017-05-06 09:53 - 2265600 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\seth\AppData\Roaming\libeay32.dll
2017-04-23 13:36 - 2017-05-13 14:13 - 0019333 _____ () C:\Users\seth\AppData\Roaming\Mihohakenera
2017-05-06 09:53 - 2017-05-06 09:53 - 0413696 _____ (Google Inc.) C:\Users\seth\AppData\Roaming\mine.exe
2017-05-06 02:51 - 2017-05-06 02:51 - 0639808 _____ (Microsoft Corporation) C:\Users\seth\AppData\Roaming\msvcp140.dll
2017-05-06 19:23 - 2017-05-06 19:23 - 0016384 _____ (noOrg) C:\Users\seth\AppData\Roaming\Run.exe
2017-05-06 09:53 - 2017-05-06 09:53 - 0385024 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\seth\AppData\Roaming\ssleay32.dll
2017-05-06 02:52 - 2017-05-06 02:52 - 0089416 _____ (Microsoft Corporation) C:\Users\seth\AppData\Roaming\vcruntime140.dll
2017-01-12 01:37 - 2017-05-13 13:32 - 0000293 _____ () C:\Users\seth\AppData\Roaming\WB.CFG
2017-04-23 19:39 - 2017-04-23 19:39 - 0000016 _____ () C:\ProgramData\mntemp
2017-04-23 19:39 - 2017-04-23 19:39 - 0005041 _____ () C:\ProgramData\mudtcpaz.vzs
2016-12-29 19:57 - 2017-01-10 20:49 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-29 19:57 - 2017-01-10 20:46 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
 
Files to move or delete:
====================
C:\Windows\Tasks\{260DAB19-D00F-4B7C-8BA1-F41E9D9FEE12}.job
C:\Windows\Tasks\{36747A84-3735-0603-3F1B-045E5B0259BA}.job
C:\Windows\Tasks\{6A513571-6571-FCF0-90F3-681130D76092}.job
 
 
Some files in TEMP:
====================
2017-05-07 09:29 - 2017-05-13 20:49 - 1653878 _____ () C:\Users\seth\AppData\Local\Temp\pool.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:10 PM

Posted 14 May 2017 - 02:33 PM

Welcome :)

 

 

 

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:10 PM

Posted 17 May 2017 - 05:55 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users