Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keylogger detected. Not getting removed.


  • This topic is locked This topic is locked
19 replies to this topic

#1 po6pwn

po6pwn

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 28 July 2017 - 01:05 PM

Logs from FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2017
Ran by Armaan (administrator) on PO6PWN (28-07-2017 23:32:14)
Running from D:\Downloads
Loaded Profiles: Armaan (Available Profiles: Armaan)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(PornTime) C:\Users\Armaan\AppData\Roaming\PT\updater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Insyde Software Corp.) C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Hammer & Chisel, Inc.) C:\Users\Armaan\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Armaan\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Armaan\AppData\Local\Discord\app-0.0.297\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16686600 2016-08-05] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => D:\Program Files Redone\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-01-28] (Greenshot)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB5] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe [871936 2016-06-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)
HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\...\Run: [Discord] => C:\Users\Armaan\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\...\Run: [Hobbyist Software VLC Streamer] => D:\Program Files Redone\VLC Streamer\VLC Streamer Configuration.exe [1237032 2016-11-30] (Hobbyist Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CheVolume.lnk [2017-07-10]
ShortcutTarget: CheVolume.lnk -> D:\Program Files Redone\CheVolume\CheVolume.exe (WellWeWeb)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2017-05-28]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-05-28]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a49f9bec-a871-4f5c-a015-3d766cd3b074}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f2e5c3ea-e2a0-4774-be05-b78000d335ca}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-06] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-21] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-21] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-21] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-21] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-26] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-21] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-06] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-28] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-21] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default ->  Active:"chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
CHR Profile: C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default [2017-07-28]
CHR Extension: (Google Slides) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-21]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-06-22]
CHR Extension: (Google Docs) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-21]
CHR Extension: (Google Drive) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-21]
CHR Extension: (DuckDuckGo Search) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-06-22]
CHR Extension: (YouTube) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-21]
CHR Extension: (Adblock Plus) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Netflix) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2017-06-22]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2017-06-22]
CHR Extension: (Google Sheets) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-21]
CHR Extension: (Google Docs Offline) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-21]
CHR Extension: (SoundCloud) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2017-06-22]
CHR Extension: (Save to Facebook) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-06-22]
CHR Extension: (Black red shards) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjlkkaalgfbbegfnjoclhfidancjpch [2017-06-22]
CHR Extension: (Momentum) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2017-07-27]
CHR Extension: (Tom's Hardware - My Threads) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nddbmgcnelmmhlfibkmfnhnfeccaliip [2017-06-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-21]
CHR Extension: (Click&Clean App) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-06-24]
CHR Extension: (Data Saver) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac [2017-06-22]
CHR Extension: (Gmail) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-21]
CHR Extension: (Chrome Media Router) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR Profile: C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-28]
CHR HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-07-21] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
R2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [256480 2015-11-27] (Insyde Software Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-20] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-05-26] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [457432 2016-07-22] (Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-06-23] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-28] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
R2 PornTime Updater; C:\Users\Armaan\AppData\Roaming\PT\updater.exe [165888 2015-06-15] (PornTime) [File not signed]
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [30208 2016-09-14] (CLEVO CO.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [254568 2016-08-18] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1897184 2016-05-18] (Intel Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [873968 2017-06-30] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-12-02] (Intel® Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-06-23] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [33496 2015-07-18] (Insyde Corporation)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [135800 2016-05-05] (Rivet Networks, LLC.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-07-27] ()
R3 HKKbdFltr; C:\Windows\system32\DRIVERS\HKKbdFltr.sys [51400 2015-11-27] (Insyde Software Corp.)
R3 HKMouFltr; C:\Windows\system32\DRIVERS\HKMouFltr.sys [48344 2015-11-27] (Insyde Software Corp.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [129032 2017-04-13] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-29] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162456 2016-02-13] (Qualcomm Atheros, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-07-28] (Malwarebytes)
R1 MpKsl5d8bd620; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CC1EA090-6E69-4DCC-A038-0B2797EFBFF0}\MpKsl5d8bd620.sys [44928 2017-07-28] (Microsoft Corporation)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7218176 2017-03-19] (Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvcvi.inf_amd64_632f99892e9ad691\nvlddmkm.sys [15625336 2017-06-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-06-28] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [777944 2016-01-14] (Realsil Semiconductor Corporation)
R3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [63592 2016-08-18] (Synaptics Incorporated)
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [48824 2016-04-26] (Tunngle.net GmbH)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-07-17] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205952 2017-07-17] (Oracle Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-11] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-28 23:32 - 2017-07-28 23:32 - 00000000 ____D C:\FRST
2017-07-28 22:36 - 2017-07-28 22:36 - 00000624 _____ C:\Users\Armaan\Desktop\eset.txt
2017-07-28 21:50 - 2017-07-28 21:50 - 00000000 ____D C:\Users\Armaan\AppData\Local\ESET
2017-07-28 21:49 - 2017-07-28 21:49 - 00001191 _____ C:\Users\Armaan\Desktop\JRT.txt
2017-07-28 21:41 - 2017-07-28 21:43 - 00009720 _____ C:\TDSSKiller.3.1.0.15_28.07.2017_21.41.37_log.txt
2017-07-28 21:40 - 2017-07-28 21:41 - 00009720 _____ C:\TDSSKiller.3.1.0.15_28.07.2017_21.40.55_log.txt
2017-07-28 08:35 - 2017-07-28 21:46 - 100663296 _____ C:\Windows\system32\config\SOFTWARE
2017-07-28 08:33 - 2017-07-28 08:33 - 00000000 ____D C:\Windows\Microsoft Antimalware
2017-07-27 15:52 - 2017-07-27 15:52 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HLDS
2017-07-27 15:52 - 2017-07-27 15:52 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life
2017-07-27 15:52 - 2017-07-27 15:52 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike
2017-07-27 06:59 - 2017-07-27 06:59 - 00003362 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2890481376-1290147495-3485235637-1001
2017-07-27 06:49 - 2017-07-28 21:46 - 00000000 ____D C:\AdwCleaner
2017-07-27 06:46 - 2017-07-27 06:46 - 00055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-07-26 19:35 - 2017-07-26 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2017-07-26 19:35 - 2017-07-17 21:06 - 00965984 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2017-07-26 19:35 - 2017-07-17 21:06 - 00149816 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2017-07-26 16:39 - 2017-07-26 16:39 - 00001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-07-26 16:35 - 2017-07-26 17:52 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\Tunngle
2017-07-26 16:35 - 2017-07-26 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2017-07-26 16:35 - 2016-04-26 16:10 - 00048824 _____ (Tunngle.net GmbH) C:\Windows\system32\Drivers\tap0901t.sys
2017-07-26 16:34 - 2017-07-27 14:34 - 00000000 ____D C:\ProgramData\Tunngle
2017-07-26 16:34 - 2017-07-26 16:35 - 00000000 ____D C:\Program Files (x86)\Tunngle
2017-07-25 19:33 - 2017-07-25 19:33 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\Age of Empires III - Complete Collection_unistall
2017-07-25 19:33 - 2017-07-25 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires III - Complete Collection
2017-07-25 19:33 - 2017-07-25 19:33 - 00000000 ____D C:\ProgramData\Age of Empires 3
2017-07-25 19:33 - 2017-07-25 19:33 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2017-07-25 16:47 - 2017-07-25 16:47 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\bizarre creations
2017-07-25 16:39 - 2017-07-25 16:39 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\Blur
2017-07-25 16:39 - 2017-07-25 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2017-07-25 16:38 - 2017-07-25 16:38 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-07-24 07:12 - 2017-07-24 07:15 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-24 07:03 - 2017-07-26 16:40 - 00000000 ___RD C:\Users\Armaan\Creative Cloud Files
2017-07-24 07:01 - 2017-07-24 07:01 - 00000000 ____D C:\Users\Armaan\AppData\Local\Tempzxpsign9ec301ee474618a0
2017-07-24 07:00 - 2017-07-24 07:00 - 00000000 ____D C:\Users\Armaan\AppData\Local\Tempzxpsignfb0b515050a832bb
2017-07-24 07:00 - 2017-07-24 07:00 - 00000000 ____D C:\Users\Armaan\AppData\Local\Tempzxpsigne21d8e0d6a69b2fa
2017-07-24 07:00 - 2017-07-24 07:00 - 00000000 ____D C:\Users\Armaan\AppData\Local\Tempzxpsign14967b27830f6172
2017-07-24 06:58 - 2017-07-24 06:58 - 00000000 ____D C:\Users\Armaan\AppData\Local\Tempzxpsignc4ce5300960b703c
2017-07-24 06:58 - 2017-07-24 06:58 - 00000000 ____D C:\Users\Armaan\AppData\Local\Tempzxpsign3de68973a86e3c1d
2017-07-24 06:58 - 2017-07-24 06:58 - 00000000 ____D C:\Users\Armaan\AppData\Local\Tempzxpsign315ef259c0f9d8e1
2017-07-24 06:57 - 2017-07-24 06:57 - 00003602 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-PO6PWN-Armaan
2017-07-24 06:57 - 2017-07-24 06:57 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-07-24 06:55 - 2017-07-24 06:55 - 00000000 ____D C:\Program Files\Adobe
2017-07-22 19:26 - 2017-07-22 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry Primal
2017-07-21 11:34 - 2017-07-21 11:34 - 00000000 ____D C:\Users\Armaan\AppData\Local\UnrealEngine
2017-07-21 11:34 - 2017-07-21 11:34 - 00000000 ____D C:\Users\Armaan\AppData\Local\TslGame
2017-07-18 04:02 - 2017-07-18 04:02 - 00000000 ____D C:\Users\Armaan\AppData\Local\openvr
2017-07-17 21:06 - 2017-07-17 21:06 - 00205952 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2017-07-17 21:06 - 2017-07-17 21:06 - 00131144 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2017-07-14 20:09 - 2017-07-14 20:09 - 00000000 ____D C:\Users\Armaan\AppData\LocalLow\Daybreak Game Company
2017-07-14 20:09 - 2017-07-14 20:09 - 00000000 ____D C:\Users\Armaan\AppData\Local\SCE
2017-07-14 20:09 - 2017-07-14 20:09 - 00000000 ____D C:\Users\Armaan\AppData\Local\Daybreak Game Company
2017-07-14 03:38 - 2017-07-14 03:38 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\MMFApplications
2017-07-12 16:10 - 2017-07-07 19:30 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
2017-07-12 16:10 - 2017-07-07 12:57 - 01147288 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-07-12 16:10 - 2017-07-07 12:57 - 01024928 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-07-12 16:10 - 2017-07-07 12:57 - 00750560 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2017-07-12 16:10 - 2017-07-07 12:56 - 01065104 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-07-12 16:10 - 2017-07-07 12:55 - 00899824 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-07-12 16:10 - 2017-07-07 12:54 - 00117664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2017-07-12 16:10 - 2017-07-07 12:53 - 02399728 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-07-12 16:10 - 2017-07-07 12:52 - 08318880 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-07-12 16:10 - 2017-07-07 12:52 - 01186464 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-07-12 16:10 - 2017-07-07 12:51 - 32688336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsRaw.dll
2017-07-12 16:10 - 2017-07-07 12:51 - 02969880 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
2017-07-12 16:10 - 2017-07-07 12:50 - 02021680 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2017-07-12 16:10 - 2017-07-07 12:50 - 00923040 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2017-07-12 16:10 - 2017-07-07 12:50 - 00519584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 16:10 - 2017-07-07 12:50 - 00382368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-07-12 16:10 - 2017-07-07 12:45 - 02444696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 16:10 - 2017-07-07 12:44 - 07325584 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2017-07-12 16:10 - 2017-07-07 12:44 - 05477088 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2017-07-12 16:10 - 2017-07-07 12:44 - 01760264 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-07-12 16:10 - 2017-07-07 12:43 - 00872472 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2017-07-12 16:10 - 2017-07-07 12:43 - 00554392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2017-07-12 16:10 - 2017-07-07 12:43 - 00336320 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2017-07-12 16:10 - 2017-07-07 12:42 - 00411040 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 16:10 - 2017-07-07 12:42 - 00318232 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2017-07-12 16:10 - 2017-07-07 12:41 - 00094624 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-07-12 16:10 - 2017-07-07 12:40 - 21353208 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-07-12 16:10 - 2017-07-07 12:40 - 01670496 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-07-12 16:10 - 2017-07-07 12:40 - 01325968 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-07-12 16:10 - 2017-07-07 12:40 - 00254168 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-07-12 16:10 - 2017-07-07 12:39 - 00041376 _____ (Microsoft Corporation) C:\Windows\system32\wininitext.dll
2017-07-12 16:10 - 2017-07-07 12:37 - 01106848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 16:10 - 2017-07-07 12:37 - 00058488 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 16:10 - 2017-07-07 12:27 - 00626528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2017-07-12 16:10 - 2017-07-07 12:27 - 00125344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2017-07-12 16:10 - 2017-07-07 12:10 - 23677440 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-07-12 16:10 - 2017-07-07 12:09 - 01839872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-07-12 16:10 - 2017-07-07 12:09 - 00096128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmcmnutils.dll
2017-07-12 16:10 - 2017-07-07 12:07 - 31652264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsRaw.dll
2017-07-12 16:10 - 2017-07-07 12:07 - 02259760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
2017-07-12 16:10 - 2017-07-07 12:07 - 01339352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2017-07-12 16:10 - 2017-07-07 12:01 - 05820984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2017-07-12 16:10 - 2017-07-07 12:01 - 01518088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-07-12 16:10 - 2017-07-07 12:01 - 00129184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-07-12 16:10 - 2017-07-07 12:00 - 02165752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-12 16:10 - 2017-07-07 12:00 - 00949920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2017-07-12 16:10 - 2017-07-07 12:00 - 00750496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2017-07-12 16:10 - 2017-07-07 11:59 - 00349600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-12 16:10 - 2017-07-07 11:59 - 00123520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Clipc.dll
2017-07-12 16:10 - 2017-07-07 11:57 - 06759512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-12 16:10 - 2017-07-07 11:57 - 03670016 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-07-12 16:10 - 2017-07-07 11:57 - 01050624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2017-07-12 16:10 - 2017-07-07 11:57 - 00557568 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-12 16:10 - 2017-07-07 11:57 - 00360960 _____ (Microsoft Corporation) C:\Windows\system32\ConhostV2.dll
2017-07-12 16:10 - 2017-07-07 11:56 - 20373408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-07-12 16:10 - 2017-07-07 11:56 - 17364992 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-07-12 16:10 - 2017-07-07 11:56 - 01529384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-07-12 16:10 - 2017-07-07 11:56 - 01195240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-07-12 16:10 - 2017-07-07 11:56 - 00988168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-07-12 16:10 - 2017-07-07 11:55 - 00035232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininitext.dll
2017-07-12 16:10 - 2017-07-07 11:54 - 01517472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2017-07-12 16:10 - 2017-07-07 11:53 - 00583160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2017-07-12 16:10 - 2017-07-07 11:53 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2017-07-12 16:10 - 2017-07-07 11:53 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-07-12 16:10 - 2017-07-07 11:52 - 07931392 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-07-12 16:10 - 2017-07-07 11:52 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-07-12 16:10 - 2017-07-07 11:51 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-07-12 16:10 - 2017-07-07 11:50 - 23681536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 16:10 - 2017-07-07 11:50 - 08331264 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2017-07-12 16:10 - 2017-07-07 11:50 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll
2017-07-12 16:10 - 2017-07-07 11:49 - 07149056 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2017-07-12 16:10 - 2017-07-07 11:49 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-07-12 16:10 - 2017-07-07 11:49 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2017-07-12 16:10 - 2017-07-07 11:48 - 07336448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-07-12 16:10 - 2017-07-07 11:48 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2017-07-12 16:10 - 2017-07-07 11:48 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 16:10 - 2017-07-07 11:48 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2017-07-12 16:10 - 2017-07-07 11:47 - 01878016 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-07-12 16:10 - 2017-07-07 11:47 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-12 16:10 - 2017-07-07 11:47 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 16:10 - 2017-07-07 11:47 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2017-07-12 16:10 - 2017-07-07 11:46 - 12786176 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 16:10 - 2017-07-07 11:46 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2017-07-12 16:10 - 2017-07-07 11:45 - 08238080 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-07-12 16:10 - 2017-07-07 11:45 - 00922112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 16:10 - 2017-07-07 11:44 - 08211968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-07-12 16:10 - 2017-07-07 11:44 - 03784704 _____ (Microsoft Corporation) C:\Windows\system32\MapRouter.dll
2017-07-12 16:10 - 2017-07-07 11:44 - 02956800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-07-12 16:10 - 2017-07-07 11:44 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 16:10 - 2017-07-07 11:44 - 01448960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-07-12 16:10 - 2017-07-07 11:44 - 00790016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2017-07-12 16:10 - 2017-07-07 11:44 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2017-07-12 16:10 - 2017-07-07 11:43 - 13839872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-07-12 16:10 - 2017-07-07 11:43 - 05892096 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-07-12 16:10 - 2017-07-07 11:43 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2017-07-12 16:10 - 2017-07-07 11:42 - 04730880 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 16:10 - 2017-07-07 11:42 - 03307008 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 16:10 - 2017-07-07 11:42 - 02499584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2017-07-12 16:10 - 2017-07-07 11:42 - 02199552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-12 16:10 - 2017-07-07 11:42 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-07-12 16:10 - 2017-07-07 11:42 - 01305088 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-07-12 16:10 - 2017-07-07 11:42 - 01142272 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-07-12 16:10 - 2017-07-07 11:42 - 00706560 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-07-12 16:10 - 2017-07-07 11:41 - 02829824 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-07-12 16:10 - 2017-07-07 11:41 - 02649600 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-07-12 16:10 - 2017-07-07 11:41 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-07-12 16:10 - 2017-07-07 11:41 - 01812480 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-07-12 16:10 - 2017-07-07 11:40 - 05557760 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2017-07-12 16:10 - 2017-07-07 11:40 - 04707840 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 16:10 - 2017-07-07 11:40 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-07-12 16:10 - 2017-07-07 11:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-07-12 16:10 - 2017-07-07 11:40 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapprovp.dll
2017-07-12 16:10 - 2017-07-07 11:39 - 20504576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-07-12 16:10 - 2017-07-07 11:39 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2017-07-12 16:10 - 2017-07-07 11:38 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 16:10 - 2017-07-07 11:37 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\PlayToReceiver.dll
2017-07-12 16:10 - 2017-07-07 11:37 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\raschap.dll
2017-07-12 16:10 - 2017-07-07 11:36 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2017-07-12 16:10 - 2017-07-07 11:36 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2017-07-12 16:10 - 2017-07-07 11:36 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\sensrsvc.dll
2017-07-12 16:10 - 2017-07-07 11:35 - 19335168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-12 16:10 - 2017-07-07 11:35 - 11870720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-12 16:10 - 2017-07-07 11:35 - 06728192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-07-12 16:10 - 2017-07-07 11:35 - 05719040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2017-07-12 16:10 - 2017-07-07 11:35 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2017-07-12 16:10 - 2017-07-07 11:35 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 16:10 - 2017-07-07 11:34 - 05961216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 16:10 - 2017-07-07 11:34 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-07-12 16:10 - 2017-07-07 11:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 16:10 - 2017-07-07 11:34 - 00506368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-12 16:10 - 2017-07-07 11:34 - 00394240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2017-07-12 16:10 - 2017-07-07 11:34 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-07-12 16:10 - 2017-07-07 11:33 - 06123520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2017-07-12 16:10 - 2017-07-07 11:33 - 00636416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2017-07-12 16:10 - 2017-07-07 11:33 - 00446464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2017-07-12 16:10 - 2017-07-07 11:32 - 00952832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2017-07-12 16:10 - 2017-07-07 11:32 - 00508416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2017-07-12 16:10 - 2017-07-07 11:31 - 06287360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-07-12 16:10 - 2017-07-07 11:31 - 02859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-12 16:10 - 2017-07-07 11:30 - 07596544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-07-12 16:10 - 2017-07-07 11:30 - 05225984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-07-12 16:10 - 2017-07-07 11:30 - 02588160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapRouter.dll
2017-07-12 16:10 - 2017-07-07 11:30 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-12 16:10 - 2017-07-07 11:30 - 01565184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-07-12 16:10 - 2017-07-07 11:30 - 01019904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-07-12 16:10 - 2017-07-07 11:29 - 04417024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 16:10 - 2017-07-07 11:29 - 03656704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-12 16:10 - 2017-07-07 11:29 - 01494016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2017-07-12 16:10 - 2017-07-07 11:29 - 01355264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2017-07-12 16:10 - 2017-07-07 11:29 - 00787456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-07-12 16:10 - 2017-07-07 11:28 - 04559360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2017-07-12 16:10 - 2017-07-07 11:28 - 02782720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2017-07-12 16:10 - 2017-07-07 11:28 - 02298368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2017-07-12 16:10 - 2017-07-07 11:28 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-12 16:10 - 2017-07-07 11:25 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2017-07-12 16:10 - 2017-07-07 11:25 - 00329216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2017-07-12 16:10 - 2017-07-07 11:23 - 01301504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 16:10 - 2017-07-07 11:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 16:10 - 2017-07-02 04:22 - 00031932 _____ C:\Windows\system32\edgehtmlpluginpolicy.bin
2017-07-12 16:10 - 2017-06-20 11:47 - 00034720 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2017-07-12 16:10 - 2017-06-20 11:46 - 00335776 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2017-07-12 16:10 - 2017-06-20 11:45 - 00233376 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-12 16:10 - 2017-06-20 11:41 - 01395152 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-07-12 16:10 - 2017-06-20 11:41 - 00411992 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2017-07-12 16:10 - 2017-06-20 11:40 - 02327456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 16:10 - 2017-06-20 11:40 - 01930320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-07-12 16:10 - 2017-06-20 11:38 - 01242528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-07-12 16:10 - 2017-06-20 11:36 - 00279968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-07-12 16:10 - 2017-06-20 11:35 - 01057832 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2017-07-12 16:10 - 2017-06-20 11:34 - 04847424 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-07-12 16:10 - 2017-06-20 11:33 - 00820128 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2017-07-12 16:10 - 2017-06-20 11:33 - 00102312 _____ (Microsoft Corporation) C:\Windows\system32\CredentialUIBroker.exe
2017-07-12 16:10 - 2017-06-20 11:32 - 02645688 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-12 16:10 - 2017-06-20 11:32 - 01055648 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2017-07-12 16:10 - 2017-06-20 11:30 - 00255904 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2017-07-12 16:10 - 2017-06-20 11:30 - 00142752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2017-07-12 16:10 - 2017-06-20 11:29 - 06554928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-07-12 16:10 - 2017-06-20 11:29 - 01220072 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2017-07-12 16:10 - 2017-06-20 11:29 - 00467504 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2017-07-12 16:10 - 2017-06-20 11:28 - 00833160 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeManagerObj.dll
2017-07-12 16:10 - 2017-06-20 11:27 - 02681760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 16:10 - 2017-06-20 11:27 - 00204192 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2017-07-12 16:10 - 2017-06-20 11:04 - 00192416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2017-07-12 16:10 - 2017-06-20 10:45 - 01620368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-07-12 16:10 - 2017-06-20 10:45 - 00455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2017-07-12 16:10 - 2017-06-20 10:44 - 01150784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-07-12 16:10 - 2017-06-20 10:43 - 00787712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-12 16:10 - 2017-06-20 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\WinBioDataModelOOBE.exe
2017-07-12 16:10 - 2017-06-20 10:42 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-07-12 16:10 - 2017-06-20 10:42 - 00264192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2017-07-12 16:10 - 2017-06-20 10:42 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2017-07-12 16:10 - 2017-06-20 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2017-07-12 16:10 - 2017-06-20 10:41 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-07-12 16:10 - 2017-06-20 10:41 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-12 16:10 - 2017-06-20 10:40 - 00722432 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2017-07-12 16:10 - 2017-06-20 10:40 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\SettingsEnvironment.Desktop.dll
2017-07-12 16:10 - 2017-06-20 10:40 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\wincredui.dll
2017-07-12 16:10 - 2017-06-20 10:40 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-12 16:10 - 2017-06-20 10:39 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Payments.dll
2017-07-12 16:10 - 2017-06-20 10:39 - 00406032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2017-07-12 16:10 - 2017-06-20 10:39 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\Narrator.exe
2017-07-12 16:10 - 2017-06-20 10:39 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\SCardSvr.dll
2017-07-12 16:10 - 2017-06-20 10:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2017-07-12 16:10 - 2017-06-20 10:39 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-07-12 16:10 - 2017-06-20 10:39 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-07-12 16:10 - 2017-06-20 10:38 - 04469840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-07-12 16:10 - 2017-06-20 10:38 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\LockHostingFramework.dll
2017-07-12 16:10 - 2017-06-20 10:38 - 00386560 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-12 16:10 - 2017-06-20 10:38 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2017-07-12 16:10 - 2017-06-20 10:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\WinBioDataModel.dll
2017-07-12 16:10 - 2017-06-20 10:38 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-12 16:10 - 2017-06-20 10:38 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2017-07-12 16:10 - 2017-06-20 10:37 - 02475136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-07-12 16:10 - 2017-06-20 10:37 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2017-07-12 16:10 - 2017-06-20 10:37 - 00823296 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApi.dll
2017-07-12 16:10 - 2017-06-20 10:37 - 00632832 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2017-07-12 16:10 - 2017-06-20 10:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2017-07-12 16:10 - 2017-06-20 10:37 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\TDLMigration.dll
2017-07-12 16:10 - 2017-06-20 10:37 - 00346016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
2017-07-12 16:10 - 2017-06-20 10:37 - 00138656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostUser.dll
2017-07-12 16:10 - 2017-06-20 10:36 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2017-07-12 16:10 - 2017-06-20 10:36 - 00847872 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2017-07-12 16:10 - 2017-06-20 10:36 - 00754592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2017-07-12 16:10 - 2017-06-20 10:36 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 16:10 - 2017-06-20 10:36 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2017-07-12 16:10 - 2017-06-20 10:36 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2017-07-12 16:10 - 2017-06-20 10:36 - 00278944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2017-07-12 16:10 - 2017-06-20 10:35 - 04447744 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-07-12 16:10 - 2017-06-20 10:35 - 01468416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2017-07-12 16:10 - 2017-06-20 10:35 - 00687616 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-07-12 16:10 - 2017-06-20 10:35 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2017-07-12 16:10 - 2017-06-20 10:35 - 00438096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.dll
2017-07-12 16:10 - 2017-06-20 10:35 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-07-12 16:10 - 2017-06-20 10:35 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\InputSwitch.dll
2017-07-12 16:10 - 2017-06-20 10:35 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-07-12 16:10 - 2017-06-20 10:35 - 00364032 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 16:10 - 2017-06-20 10:34 - 02330520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-07-12 16:10 - 2017-06-20 10:34 - 01818624 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2017-07-12 16:10 - 2017-06-20 10:34 - 01425920 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-07-12 16:10 - 2017-06-20 10:34 - 01178528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2017-07-12 16:10 - 2017-06-20 10:34 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2017-07-12 16:10 - 2017-06-20 10:34 - 01077496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2017-07-12 16:10 - 2017-06-20 10:34 - 00899072 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2017-07-12 16:10 - 2017-06-20 10:34 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2017-07-12 16:10 - 2017-06-20 10:34 - 00181656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2017-07-12 16:10 - 2017-06-20 10:34 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeHelper.dll
2017-07-12 16:10 - 2017-06-20 10:34 - 00049656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2017-07-12 16:10 - 2017-06-20 10:33 - 05806048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-07-12 16:10 - 2017-06-20 10:33 - 02077184 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-12 16:10 - 2017-06-20 10:33 - 00864240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-07-12 16:10 - 2017-06-20 10:33 - 00443728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2017-07-12 16:10 - 2017-06-20 10:32 - 03377664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 16:10 - 2017-06-20 10:32 - 02804736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-07-12 16:10 - 2017-06-20 10:32 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-07-12 16:10 - 2017-06-20 10:32 - 01121928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2017-07-12 16:10 - 2017-06-20 10:32 - 00354400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2017-07-12 16:10 - 2017-06-20 10:31 - 04536320 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2017-07-12 16:10 - 2017-06-20 10:31 - 04396032 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-07-12 16:10 - 2017-06-20 10:31 - 03803136 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-12 16:10 - 2017-06-20 10:31 - 01076736 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2017-07-12 16:10 - 2017-06-20 10:31 - 00176032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2017-07-12 16:10 - 2017-06-20 10:30 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 16:10 - 2017-06-20 10:30 - 02171392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2017-07-12 16:10 - 2017-06-20 10:29 - 02938880 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2017-07-12 16:10 - 2017-06-20 10:29 - 01674240 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2017-07-12 16:10 - 2017-06-20 10:26 - 00985600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2017-07-12 16:10 - 2017-06-20 10:24 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\DmApiSetExtImplDesktop.dll
2017-07-12 16:10 - 2017-06-20 10:19 - 00899072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfuimanager.dll
2017-07-12 16:10 - 2017-06-20 10:19 - 00331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2017-07-12 16:10 - 2017-06-20 10:16 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 16:10 - 2017-06-20 10:15 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-12 16:10 - 2017-06-20 10:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-12 16:10 - 2017-06-20 10:13 - 00329728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2017-07-12 16:10 - 2017-06-20 10:13 - 00173568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ClipboardServer.dll
2017-07-12 16:10 - 2017-06-20 10:13 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredui.dll
2017-07-12 16:10 - 2017-06-20 10:13 - 00139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2017-07-12 16:10 - 2017-06-20 10:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-07-12 16:10 - 2017-06-20 10:13 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-12 16:10 - 2017-06-20 10:13 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dataclen.dll
2017-07-12 16:10 - 2017-06-20 10:12 - 00641024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certca.dll
2017-07-12 16:10 - 2017-06-20 10:12 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Payments.dll
2017-07-12 16:10 - 2017-06-20 10:12 - 00338432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-12 16:10 - 2017-06-20 10:12 - 00266240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-12 16:10 - 2017-06-20 10:12 - 00226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2017-07-12 16:10 - 2017-06-20 10:12 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sendmail.dll
2017-07-12 16:10 - 2017-06-20 10:11 - 00734208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2017-07-12 16:10 - 2017-06-20 10:11 - 00646656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApi.dll
2017-07-12 16:10 - 2017-06-20 10:11 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2017-07-12 16:10 - 2017-06-20 10:11 - 00433152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-12 16:10 - 2017-06-20 10:11 - 00201216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll
2017-07-12 16:10 - 2017-06-20 10:10 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-07-12 16:10 - 2017-06-20 10:10 - 00356864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
2017-07-12 16:10 - 2017-06-20 10:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-12 16:10 - 2017-06-20 10:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2017-07-12 16:10 - 2017-06-20 10:10 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edputil.dll
2017-07-12 16:10 - 2017-06-20 10:10 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerUI.dll
2017-07-12 16:10 - 2017-06-20 10:09 - 02814464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2017-07-12 16:10 - 2017-06-20 10:09 - 02671616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-12 16:10 - 2017-06-20 10:09 - 00969728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2017-07-12 16:10 - 2017-06-20 10:09 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2017-07-12 16:10 - 2017-06-20 10:09 - 00471040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2017-07-12 16:10 - 2017-06-20 10:09 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-12 16:10 - 2017-06-20 10:08 - 01451008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2017-07-12 16:10 - 2017-06-20 10:08 - 01285120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2017-07-12 16:10 - 2017-06-20 10:08 - 01171968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-07-12 16:10 - 2017-06-20 10:08 - 00663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-12 16:10 - 2017-06-20 10:08 - 00648192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2017-07-12 16:10 - 2017-06-20 10:08 - 00329728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-07-12 16:10 - 2017-06-20 10:07 - 02008576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-12 16:10 - 2017-06-20 10:06 - 03667456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-07-12 16:10 - 2017-06-20 10:05 - 02679296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2017-07-12 16:10 - 2017-06-20 10:05 - 02132480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-12 16:10 - 2017-06-20 10:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2017-07-12 16:10 - 2017-06-20 10:04 - 04056576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2017-07-12 16:10 - 2017-06-20 10:04 - 02750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2017-07-12 16:10 - 2017-06-20 10:04 - 02211328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2017-07-12 16:10 - 2017-06-20 10:04 - 01492480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-12 16:10 - 2017-06-20 10:04 - 00760832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2017-07-12 16:10 - 2017-06-20 10:01 - 00334848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2017-07-12 16:10 - 2017-06-20 10:00 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdmaud.drv
2017-07-12 16:10 - 2017-06-20 10:00 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-12 16:10 - 2017-06-20 10:00 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-07-12 16:10 - 2017-06-20 09:58 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2017-07-12 16:09 - 2017-07-07 12:57 - 00965024 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2017-07-12 16:09 - 2017-07-07 12:57 - 00821664 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2017-07-12 16:09 - 2017-07-07 12:52 - 00119384 _____ (Microsoft Corporation) C:\Windows\system32\dmcmnutils.dll
2017-07-12 16:09 - 2017-07-07 12:47 - 01017760 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2017-07-12 16:09 - 2017-07-07 12:44 - 01171032 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2017-07-12 16:09 - 2017-07-07 12:43 - 00147800 _____ (Microsoft Corporation) C:\Windows\system32\Clipc.dll
2017-07-12 16:09 - 2017-07-07 12:42 - 00228256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 16:09 - 2017-07-07 12:41 - 07904784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2017-07-12 16:09 - 2017-07-07 12:40 - 01337848 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-07-12 16:09 - 2017-07-07 12:40 - 00372128 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-07-12 16:09 - 2017-07-07 12:38 - 02229152 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2017-07-12 16:09 - 2017-07-07 12:38 - 01854880 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2017-07-12 16:09 - 2017-07-07 12:38 - 01693600 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2017-07-12 16:09 - 2017-07-07 12:38 - 01458584 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2017-07-12 16:09 - 2017-07-07 12:38 - 01100704 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2017-07-12 16:09 - 2017-07-07 12:38 - 00992672 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2017-07-12 16:09 - 2017-07-07 12:38 - 00848280 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2017-07-12 16:09 - 2017-07-07 12:38 - 00846752 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2017-07-12 16:09 - 2017-07-07 12:38 - 00844704 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2017-07-12 16:09 - 2017-07-07 12:38 - 00774560 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2017-07-12 16:09 - 2017-07-07 12:38 - 00699808 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2017-07-12 16:09 - 2017-07-07 12:38 - 00672672 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2017-07-12 16:09 - 2017-07-07 12:38 - 00506776 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2017-07-12 16:09 - 2017-07-07 12:38 - 00399264 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2017-07-12 16:09 - 2017-07-07 11:57 - 01640448 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-07-12 16:09 - 2017-07-07 11:57 - 00859136 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2017-07-12 16:09 - 2017-07-07 11:57 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2017-07-12 16:09 - 2017-07-07 11:57 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\PerceptionSimulationExtensions.dll
2017-07-12 16:09 - 2017-07-07 11:55 - 02199552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-07-12 16:09 - 2017-07-07 11:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\officecsp.dll
2017-07-12 16:09 - 2017-07-07 11:53 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2017-07-12 16:09 - 2017-07-07 11:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\eapprovp.dll
2017-07-12 16:09 - 2017-07-07 11:52 - 00520704 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2017-07-12 16:09 - 2017-07-07 11:51 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncCsp.dll
2017-07-12 16:09 - 2017-07-07 11:49 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-07-12 16:09 - 2017-07-07 11:49 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2017-07-12 16:09 - 2017-07-07 11:48 - 00563712 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2017-07-12 16:09 - 2017-07-07 11:47 - 01260544 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2017-07-12 16:09 - 2017-07-07 11:47 - 00536064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2017-07-12 16:09 - 2017-07-07 11:47 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\SIHClient.exe
2017-07-12 16:09 - 2017-07-07 11:46 - 00925696 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2017-07-12 16:09 - 2017-07-07 11:44 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2017-07-12 16:09 - 2017-07-07 11:42 - 01713664 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2017-07-12 16:09 - 2017-07-07 11:42 - 01420800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Maps.dll
2017-07-12 16:09 - 2017-07-07 11:42 - 01293824 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-07-12 16:09 - 2017-07-07 11:41 - 03139584 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2017-07-12 16:09 - 2017-07-07 11:41 - 02177024 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2017-07-12 16:09 - 2017-07-07 11:41 - 00986112 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-07-12 16:09 - 2017-07-07 11:41 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-07-12 16:09 - 2017-07-07 11:37 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2017-07-12 16:09 - 2017-07-07 11:37 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2017-07-12 16:09 - 2017-07-07 11:35 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 16:09 - 2017-07-07 11:34 - 01703424 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-12 16:09 - 2017-07-07 11:34 - 01403392 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 16:09 - 2017-06-20 11:48 - 01564576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-12 16:09 - 2017-06-20 11:48 - 00096672 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-12 16:09 - 2017-06-20 11:47 - 00629152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-12 16:09 - 2017-06-20 11:47 - 00544160 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-12 16:09 - 2017-06-20 11:47 - 00334240 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-12 16:09 - 2017-06-20 11:47 - 00136096 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-12 16:09 - 2017-06-20 11:46 - 01214880 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-12 16:09 - 2017-06-20 11:34 - 00472728 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2017-07-12 16:09 - 2017-06-20 11:33 - 00179608 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostUser.dll
2017-07-12 16:09 - 2017-06-20 11:32 - 00426912 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostCommon.dll
2017-07-12 16:09 - 2017-06-20 11:30 - 00558920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.dll
2017-07-12 16:09 - 2017-06-20 11:29 - 01054280 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-07-12 16:09 - 2017-06-20 11:29 - 00583304 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-07-12 16:09 - 2017-06-20 11:28 - 00406072 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll
2017-07-12 16:09 - 2017-06-20 11:28 - 00203168 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostBroker.dll
2017-07-12 16:09 - 2017-06-20 10:46 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\msctfuimanager.dll
2017-07-12 16:09 - 2017-06-20 10:46 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2017-07-12 16:09 - 2017-06-20 10:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys
2017-07-12 16:09 - 2017-06-20 10:43 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 16:09 - 2017-06-20 10:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2017-07-12 16:09 - 2017-06-20 10:43 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\WFDSConMgr.dll
2017-07-12 16:09 - 2017-06-20 10:42 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\DolbyMATEnc.dll
2017-07-12 16:09 - 2017-06-20 10:42 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Profile.RetailInfo.dll
2017-07-12 16:09 - 2017-06-20 10:40 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\DolbyHrtfEnc.dll
2017-07-12 16:09 - 2017-06-20 10:40 - 00189440 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2017-07-12 16:09 - 2017-06-20 10:39 - 00555008 _____ (Microsoft Corporation) C:\Windows\system32\WFDSConMgrSvc.dll
2017-07-12 16:09 - 2017-06-20 10:39 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.BlueLightReduction.dll
2017-07-12 16:09 - 2017-06-20 10:39 - 00427008 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-07-12 16:09 - 2017-06-20 10:39 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\ClipboardServer.dll
2017-07-12 16:09 - 2017-06-20 10:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sendmail.dll
2017-07-12 16:09 - 2017-06-20 10:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
2017-07-12 16:09 - 2017-06-20 10:38 - 00791040 _____ (Microsoft Corporation) C:\Windows\system32\certca.dll
2017-07-12 16:09 - 2017-06-20 10:38 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Notifications.dll
2017-07-12 16:09 - 2017-06-20 10:37 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2017-07-12 16:09 - 2017-06-20 10:37 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2017-07-12 16:09 - 2017-06-20 10:37 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2017-07-12 16:09 - 2017-06-20 10:37 - 00411136 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-07-12 16:09 - 2017-06-20 10:36 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-12 16:09 - 2017-06-20 10:36 - 00335872 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinDataModelServer.dll
2017-07-12 16:09 - 2017-06-20 10:36 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\edputil.dll
2017-07-12 16:09 - 2017-06-20 10:36 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerUI.dll
2017-07-12 16:09 - 2017-06-20 10:35 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-07-12 16:09 - 2017-06-20 10:35 - 00873472 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2017-07-12 16:09 - 2017-06-20 10:35 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2017-07-12 16:09 - 2017-06-20 10:35 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll
2017-07-12 16:09 - 2017-06-20 10:34 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2017-07-12 16:09 - 2017-06-20 10:33 - 01396224 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2017-07-12 16:09 - 2017-06-20 10:32 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-12 16:09 - 2017-06-20 10:32 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-07-12 16:09 - 2017-06-20 10:32 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinAUG.dll
2017-07-12 16:09 - 2017-06-20 10:31 - 03332096 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-07-12 16:09 - 2017-06-20 10:31 - 03059200 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2017-07-12 16:09 - 2017-06-20 10:31 - 00809984 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2017-07-12 16:09 - 2017-06-20 10:31 - 00397312 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2017-07-12 16:09 - 2017-06-20 10:30 - 03057664 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2017-07-12 16:09 - 2017-06-20 10:29 - 01357824 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-07-12 16:09 - 2017-06-20 10:28 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-07-12 16:09 - 2017-06-20 10:27 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2017-07-12 16:09 - 2017-06-20 10:27 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\DMPushRouterCore.dll
2017-07-12 16:09 - 2017-06-20 10:26 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\FrameServer.dll
2017-07-12 16:09 - 2017-06-20 10:26 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv
2017-07-11 19:33 - 2017-07-11 19:33 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-07-11 19:33 - 2017-06-28 01:57 - 00135616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-07-11 19:33 - 2017-03-11 02:47 - 00536864 _____ C:\Windows\system32\vulkan-1.dll
2017-07-11 19:33 - 2017-03-11 02:47 - 00525600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-07-11 19:33 - 2017-03-11 02:47 - 00254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-07-11 19:33 - 2017-03-11 02:47 - 00233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-07-11 19:31 - 2017-06-28 04:09 - 40239736 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 35838912 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 35314296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 28953536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 13559376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 12337296 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 12132272 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 11501776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 10381664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 09982456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 04163008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 03595384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 01988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438476.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 01597888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438476.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 01278528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 01276992 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 01067128 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 01004664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00996760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00995224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00972736 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00924096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00781728 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00725112 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00689808 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00618744 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00617416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00584128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00499320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00045976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-07-11 19:31 - 2017-06-28 04:09 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-07-11 19:31 - 2017-06-28 04:09 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-07-10 19:15 - 2017-07-10 19:15 - 00000000 ____D C:\Users\Armaan\AppData\Local\WellWeWeb
2017-07-10 19:15 - 2017-07-10 19:15 - 00000000 ____D C:\Users\Armaan\AppData\Local\Chevolume.com
2017-07-10 19:14 - 2017-07-10 19:14 - 00000778 _____ C:\ProgramData\Microsoft\Windows\Start Menu\CheVolume.lnk
2017-07-10 19:14 - 2017-07-10 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CheVolume
2017-07-08 20:50 - 2017-07-08 20:50 - 00000000 ____D C:\Users\Armaan\.android
2017-07-07 23:18 - 2017-07-11 01:14 - 00000000 ____D C:\Users\Armaan\AppData\Local\Game Dev Tycoon - Steam
2017-07-06 22:48 - 2017-07-06 22:49 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\Prodiance
2017-07-06 22:31 - 2017-07-06 22:31 - 00002534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-07-06 22:31 - 2017-07-06 22:31 - 00002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-07-06 22:31 - 2017-07-06 22:31 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-07-06 22:31 - 2017-07-06 22:31 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-07-06 22:31 - 2017-07-06 22:31 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-07-06 22:31 - 2017-07-06 22:31 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-07-06 22:31 - 2017-07-06 22:31 - 00002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-07-06 22:31 - 2017-07-06 22:31 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-07-06 22:31 - 2017-07-06 22:31 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-07-06 22:31 - 2017-07-06 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-07-06 22:05 - 2017-07-26 16:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-06 22:05 - 2017-07-06 22:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-07-05 18:38 - 2017-07-05 18:38 - 00000000 ____D C:\Users\Armaan\AppData\Local\RzStats
2017-07-05 18:07 - 2017-07-05 18:07 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\Io Interactive
2017-07-05 18:06 - 2017-07-05 18:06 - 00000000 ____D C:\Users\Armaan\AppData\Local\IO Interactive
2017-07-02 22:46 - 2017-07-03 01:30 - 00000000 ____D C:\Fraps
2017-07-02 22:46 - 2017-07-02 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2017-07-02 13:21 - 2017-07-22 05:13 - 00000646 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-06-30 20:21 - 2017-06-30 20:21 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\Greenshot
2017-06-30 20:21 - 2017-06-30 20:21 - 00000000 ____D C:\Users\Armaan\AppData\Local\Greenshot
2017-06-30 20:20 - 2017-06-30 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2017-06-30 20:20 - 2017-06-30 20:20 - 00000000 ____D C:\Program Files\Greenshot
2017-06-29 06:16 - 2017-07-27 15:56 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\qBittorrent
2017-06-29 06:16 - 2017-06-29 06:16 - 00000000 ____D C:\Users\Armaan\AppData\Local\qBittorrent
2017-06-29 03:32 - 2017-07-08 21:52 - 00148480 ___SH C:\Users\Armaan\Desktop\Thumbs.db
2017-06-29 03:32 - 2017-06-29 03:32 - 00000000 ____D C:\Users\Armaan\AppData\LocalLow\Adobe
2017-06-28 01:43 - 2017-06-28 01:43 - 00007606 _____ C:\Users\Armaan\AppData\Local\Resmon.ResmonCfg
2017-06-28 01:40 - 2017-06-28 01:40 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\Hobbyist Software
2017-06-28 01:40 - 2017-06-28 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Streamer
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-28 22:44 - 2017-06-21 18:40 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-28 22:44 - 2017-05-28 23:50 - 00000000 ____D C:\Users\Armaan
2017-07-28 21:53 - 2017-05-28 23:59 - 02237276 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-28 21:48 - 2017-05-29 00:17 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-28 21:46 - 2017-06-21 18:45 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-28 21:46 - 2017-05-28 23:47 - 05022184 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-28 21:46 - 2017-05-28 23:47 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-28 21:46 - 2017-03-18 17:10 - 00524288 _____ C:\Windows\system32\config\BBI
2017-07-28 21:28 - 2017-05-28 23:47 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-07-28 17:05 - 2017-06-23 16:57 - 00000000 ____D C:\Users\Armaan\AppData\Local\ElevatedDiagnostics
2017-07-28 17:05 - 2017-03-19 02:33 - 00000000 ____D C:\Windows\rescache
2017-07-28 16:54 - 2017-06-21 18:39 - 00000000 ____D C:\Users\Armaan\AppData\Local\Adobe
2017-07-28 16:54 - 2017-03-19 02:33 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-28 16:54 - 2017-03-19 02:33 - 00000000 ____D C:\Windows\AppReadiness
2017-07-27 18:58 - 2017-06-21 23:02 - 00000000 ____D C:\Users\Armaan\AppData\Local\CrashDumps
2017-07-27 17:14 - 2017-06-21 18:40 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\Notepad++
2017-07-27 06:59 - 2017-05-28 23:52 - 00002406 _____ C:\Users\Armaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-26 19:35 - 2017-03-19 02:31 - 00000000 ____D C:\Windows\INF
2017-07-26 16:41 - 2017-06-22 15:06 - 00004386 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-26 16:41 - 2017-03-19 02:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-26 16:41 - 2017-03-19 02:33 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-26 16:40 - 2017-06-21 18:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-07-26 16:36 - 2017-05-28 23:50 - 00000000 ____D C:\Users\Armaan\AppData\Local\VirtualStore
2017-07-26 15:14 - 2017-03-19 02:33 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-26 00:50 - 2017-06-24 00:31 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\vlc
2017-07-25 19:35 - 2017-03-19 02:26 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2017-07-25 19:35 - 2017-03-19 02:26 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2017-07-25 19:35 - 2017-03-19 02:26 - 00217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2017-07-25 19:35 - 2017-03-19 02:26 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2017-07-25 19:35 - 2017-03-19 02:26 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2017-07-25 19:35 - 2017-03-19 02:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2017-07-25 19:35 - 2017-03-19 02:26 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2017-07-25 19:35 - 2017-03-19 02:26 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2017-07-25 19:35 - 2017-03-19 02:26 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2017-07-25 19:35 - 2017-03-19 02:26 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2017-07-25 19:35 - 2017-03-19 02:26 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2017-07-25 19:35 - 2017-03-19 02:26 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2017-07-25 19:35 - 2017-03-19 02:26 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2017-07-25 19:35 - 2017-03-19 02:26 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2017-07-25 19:35 - 2017-03-19 02:26 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2017-07-25 19:35 - 2017-03-19 02:26 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2017-07-25 19:35 - 2017-03-19 02:26 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2017-07-25 19:35 - 2017-03-19 02:26 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2017-07-25 19:35 - 2017-03-19 02:21 - 00000000 ____D C:\Windows\CbsTemp
2017-07-25 16:29 - 2017-03-19 02:33 - 00000000 ____D C:\Windows\system32\NDF
2017-07-24 10:45 - 2017-03-19 02:33 - 00000000 ____D C:\Windows\LiveKernelReports
2017-07-24 07:06 - 2017-05-28 23:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-24 07:05 - 2017-05-28 23:50 - 00000000 ____D C:\Users\Armaan\AppData\Roaming\Adobe
2017-07-24 07:03 - 2017-06-21 18:39 - 00000000 ____D C:\ProgramData\Adobe
2017-07-24 07:00 - 2017-06-22 14:50 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-07-24 06:56 - 2017-06-22 14:47 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-07-23 04:58 - 2017-05-28 23:54 - 00000000 ____D C:\ProgramData\Killer
2017-07-20 06:34 - 2017-06-22 15:05 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2017-07-12 17:28 - 2017-03-19 02:33 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-07-12 17:28 - 2017-03-19 02:33 - 00000000 ___SD C:\Windows\system32\F12
2017-07-12 17:28 - 2017-03-19 02:33 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-07-12 17:28 - 2017-03-19 02:33 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-12 17:28 - 2017-03-19 02:33 - 00000000 ____D C:\Windows\system32\oobe
2017-07-12 17:28 - 2017-03-19 02:33 - 00000000 ____D C:\Windows\system32\migwiz
2017-07-12 17:28 - 2017-03-19 02:33 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-12 17:28 - 2017-03-19 02:33 - 00000000 ____D C:\Windows\ShellExperiences
2017-07-12 17:28 - 2017-03-19 02:33 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-12 17:28 - 2017-03-19 02:33 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-12 17:28 - 2017-03-19 02:33 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-12 16:12 - 2017-06-25 14:54 - 00000000 ____D C:\Windows\system32\MRT
2017-07-12 16:10 - 2017-06-25 14:54 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-11 19:33 - 2017-05-29 00:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-07 02:47 - 2017-06-21 18:45 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-06 22:05 - 2017-03-19 02:33 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-06 15:31 - 2017-06-21 18:45 - 00093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-06 15:22 - 2017-06-21 18:45 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-06 15:22 - 2017-06-21 18:45 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-30 21:33 - 2017-05-28 23:52 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-30 20:17 - 2017-03-19 02:36 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-30 20:17 - 2017-03-19 02:36 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-29 04:59 - 2017-06-21 23:02 - 00000000 ___RD C:\Users\Armaan\Google Drive
2017-06-28 04:09 - 2017-05-29 00:16 - 04208984 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-06-28 04:09 - 2017-05-29 00:16 - 03709952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-06-28 04:09 - 2017-05-29 00:16 - 01615448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-06-28 04:09 - 2017-05-29 00:16 - 00218712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-06-28 04:09 - 2017-05-29 00:16 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-06-28 04:09 - 2017-05-29 00:16 - 00046373 _____ C:\Windows\system32\nvinfo.pb
2017-06-28 02:33 - 2017-05-29 00:17 - 06462400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-06-28 02:33 - 2017-05-29 00:17 - 02478712 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-06-28 02:33 - 2017-05-29 00:17 - 01762936 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-06-28 02:33 - 2017-05-29 00:17 - 00549312 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-06-28 02:33 - 2017-05-29 00:17 - 00392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-06-28 02:33 - 2017-05-29 00:17 - 00082040 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-06-28 02:33 - 2017-05-29 00:17 - 00069752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-06-28 02:22 - 2017-05-29 00:17 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
 
==================== Files in the root of some directories =======
 
2017-05-28 23:53 - 2017-05-28 23:53 - 0000000 _____ () C:\Users\Armaan\AppData\Local\Driver_LOM_8171Present.flag
2017-06-28 01:43 - 2017-06-28 01:43 - 0007606 _____ () C:\Users\Armaan\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2017-05-29 00:07 - 2017-05-29 00:07 - 0007224 _____ () C:\Users\Armaan\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2017-05-29 00:17 - 2017-05-18 10:51 - 0869200 _____ (NVIDIA Corporation) C:\Users\Armaan\AppData\Local\Temp\nvSCPAPI64.dll
2017-07-11 19:31 - 2017-05-18 10:51 - 0367552 _____ (NVIDIA Corporation) C:\Users\Armaan\AppData\Local\Temp\nvStInst.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-26 16:07
 
==================== End of FRST.txt ============================
 
Additional Logs
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2017
Ran by Armaan (28-07-2017 23:32:39)
Running from D:\Downloads
Windows 10 Pro Version 1703 (X64) (2017-05-28 18:18:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2890481376-1290147495-3485235637-500 - Administrator - Disabled)
armaa (S-1-5-21-2890481376-1290147495-3485235637-1004 - Limited - Disabled)
Armaan (S-1-5-21-2890481376-1290147495-3485235637-1001 - Administrator - Enabled) => C:\Users\Armaan
DefaultAccount (S-1-5-21-2890481376-1290147495-3485235637-503 - Limited - Disabled)
Guest (S-1-5-21-2890481376-1290147495-3485235637-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2890481376-1290147495-3485235637-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.2.0.211 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Skybox Labs)
Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_Origami_is1) (Version: 1.0 - R.G. Origami, Seraph1)
Airplane Mode Hid Installer (HKLM-x32\...\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 5.0.0.2 - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.76 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Assassin's Creed Syndicate (HKLM-x32\...\Uplay Install 1875) (Version: 1.51 - Ubisoft)
Blur (HKLM-x32\...\Blur_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CheVolume 0.4.1.1 (HKLM-x32\...\CheVolume 0.4.1.1) (Version:  - WellWeWeb)
Control Center 5.0001.0.90 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 5.0001.0.90 - )
Control Center 5.0001.0.90 (HKLM-x32\...\{F5EFDD28-E07A-4B85-8385-557D9B8F38DD}) (Version: 5.0001.0.90 - Default Company Name) Hidden
Discord (HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version:  - Ubisoft)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Game Dev Tycoon (HKLM\...\Steam App 239820) (Version:  - Greenheart Games)
Google Chrome (HKLM\...\{45F0FC91-285A-3BAE-B25D-8DB4C87FD755}) (Version: 59.0.3071.115 - Google, Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto: Vice City (HKLM\...\Steam App 12110) (Version:  - Rockstar Games)
Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
HITMAN™ (HKLM\...\Steam App 236870) (Version:  - Io-Interactive)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.3 - Insyde Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{b23c55fa-5271-4d64-ba8f-6718be55b9a7}) (Version: 10.1.1.33 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{45F6F2A9-6176-4431-8907-09474B534B34}) (Version: 19.01.1627.3533 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{12415e07-c869-4438-9d99-b55261706671}) (Version: 19.1.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Killer Bandwidth Control Filter Driver (HKLM\...\{2F3F0CA0-3953-47F8-B623-A870842B5464}) (Version: 1.1.61.1724 - Rivet Networks) Hidden
Killer E240x Drivers (HKLM\...\{BF5EA3B5-95E6-4D31-8AB0-261F24B0DD7E}) (Version: 1.1.61.1724 - Rivet Networks) Hidden
Killer Network Manager (HKLM\...\{B638C4BB-71EE-4A7E-AEDA-B3D495CF28EA}) (Version: 1.1.61.1724 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{AA9D52AC-7156-4244-A65E-0E4A43C42DB4}) (Version: 1.1.61.1724 - Rivet Networks)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Middle-earth™: Shadow of Mordor™ (HKLM\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Mr.President! (HKLM\...\Steam App 507010) (Version:  - Game Developer X)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
NVIDIA 3D Vision Driver 384.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.76 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 384.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.76 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.24 (HKLM\...\{6487D3C0-8C39-4585-A44C-64DC40F22CB7}) (Version: 5.1.24 - Oracle Corporation)
Orwell (HKLM\...\Steam App 491950) (Version:  - Osmotic Studios)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server) (HKLM\...\Steam App 622590) (Version:  - )
PornTime (HKLM-x32\...\{6450E6AC-0E02-4E24-A13E-EE7DC5F1CFAF}_is1) (Version: 0.3.8.5 - PornTime)
qBittorrent 3.3.13 (HKLM-x32\...\qBittorrent) (Version: 3.3.13 - The qBittorrent project)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21288 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7898 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
Shower With Your Dad Simulator 2015: Do You Still Shower With Your Dad (HKLM\...\Steam App 359050) (Version:  - marbenx)
Sound Blaster X-Fi MB5 (HKLM-x32\...\{918A4598-866C-4B8F-8901-13F8593EBED6}) (Version: 1.00.18 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.31 - Synaptics Incorporated)
Synaptics WBF USB Fingerprint Reader (HKLM\...\{28303E4F-8C2B-408C-B0C2-7EAA74564665}) (Version: 5.5.204.24 - Synaptics Incorporated)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)
The Stanley Parable (HKLM\...\Steam App 221910) (Version:  - Galactic Cafe)
Thunderbolt™ Software (HKLM-x32\...\{FBD934F4-FC23-4044-8392-3551DC8D972F}) (Version: 16.1.47.275 - Intel Corporation)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.9 - Tunngle.net GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 36.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VLC Streamer 5.31 (HKLM-x32\...\VLC Streamer_is1) (Version:  - Hobbyist Software)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\...\WinDirStat) (Version:  - )
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/14/2015 1.4.0.3) (HKLM\...\F6EE2AD6575789BFA9536FE4637A2E06B7F2DD0F) (Version: 07/14/2015 1.4.0.3 - Insyde)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2890481376-1290147495-3485235637-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5EB03140F2D8}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2890481376-1290147495-3485235637-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-06-19] ()
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-06-28] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\rarext32.dll [2013-12-01] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04BF9E5B-84B8-4C2E-9251-B9B691DDD4E4} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {0CD40966-9FA9-4F97-B862-D99D32E1F56C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {0DDF63FA-A7E3-4901-8869-65054CAFCB6D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {12D8F0D4-113B-498D-B904-9E6B55ED5107} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-26] (Adobe Systems Incorporated)
Task: {14D1BCC7-2207-4611-9C3D-AFE12D703CD0} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation)
Task: {330B86AD-1E2C-4B53-AE07-9E98B075547E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {365BF6AA-28EB-4477-84C0-0E52ADA5F4CE} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {46D6AA36-4455-4C4D-B177-AD873711937F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {51910534-E64B-4C54-92A6-C8E740243928} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-21] (Google Inc.)
Task: {5661BA48-6332-4450-A334-7AB8E22BDB40} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {6400F9CC-DAC2-4D67-B621-2DE790E6B527} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {7A021B89-DF8A-43E5-B10A-9914E1A0E74D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {7AFC18E1-ECFB-4960-B142-021BB625CA9D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation)
Task: {7FD52BA6-BE07-4706-BBBC-70A88766D62F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {A4C50745-F62F-40B7-AB52-D96506A838F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {AA0433F8-AEA4-4EB2-81EF-EE33E496DAD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-21] (Google Inc.)
Task: {AD74FE5B-8A25-4DBC-9942-9F8EC31C1701} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation)
Task: {C2C4679E-C26C-440E-8E36-6A06AFE6DF3B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {C5F7F4A8-19A4-4839-84B1-9CF1551CA60B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {C77D08CC-7545-4EF5-9DF8-A105F400CB0F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {D32AC322-918B-40B9-9540-C4816E8D8D89} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-26] (Microsoft Corporation)
Task: {E4E869A5-F270-495C-BE03-12964F9DD4FA} - System32\Tasks\AdobeAAMUpdater-1.0-PO6PWN-Armaan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {EF6E35CF-5740-4E74-BEC9-4FEACB6F3D3C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-20] (Intel® Corporation)
Task: {FCF98A26-E2D4-462C-93F6-805D1BD94749} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-26] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-09 00:44 - 2017-05-09 00:44 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-25 03:50 - 2016-09-25 03:51 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-07-18 00:50 - 2017-07-18 00:50 - 00492112 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2017-03-19 02:28 - 2017-03-19 02:28 - 00138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-03-19 02:29 - 2017-03-19 08:00 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-29 00:18 - 2017-06-21 12:37 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-06 22:24 - 2017-07-06 22:24 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-06-27 03:45 - 2017-06-23 08:51 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 03:45 - 2017-06-23 08:51 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-06-21 18:52 - 2017-06-21 18:52 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-26 15:03 - 2017-07-26 15:03 - 10631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-07-26 15:03 - 2017-07-26 15:03 - 02640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-07-16 22:14 - 2017-07-16 22:14 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-16 22:14 - 2017-07-16 22:14 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-29 00:18 - 2017-06-21 12:37 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-05-26 11:22 - 2016-05-26 11:22 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-06-21 19:01 - 2017-05-17 07:24 - 00678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-06-21 19:01 - 2016-09-01 06:32 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-06-21 19:01 - 2017-07-18 06:03 - 02497824 _____ () C:\Program Files (x86)\Steam\video.dll
2017-06-21 19:01 - 2016-09-01 06:32 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-06-21 19:01 - 2016-09-01 06:32 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-06-21 19:01 - 2016-01-27 13:19 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-06-21 19:01 - 2016-01-27 13:19 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-06-21 19:01 - 2016-01-27 13:19 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-06-21 19:01 - 2016-01-27 13:19 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-06-21 19:01 - 2016-01-27 13:19 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-06-21 19:01 - 2017-07-18 06:03 - 00884512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-06-21 19:01 - 2016-07-05 03:47 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-06-21 19:02 - 2017-05-17 07:24 - 00678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-06-21 19:02 - 2017-07-06 23:28 - 73088800 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-21 19:01 - 2017-07-18 06:03 - 00384288 _____ () C:\Program Files (x86)\Steam\steam.dll
2017-06-21 19:01 - 2015-09-25 05:22 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-06-22 13:46 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\Armaan\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-06-22 13:46 - 2017-06-22 13:46 - 01082880 _____ () \\?\C:\Users\Armaan\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-06-22 13:46 - 2017-06-22 13:46 - 03750400 _____ () \\?\C:\Users\Armaan\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-06-22 13:46 - 2017-06-22 13:46 - 00914432 _____ () \\?\C:\Users\Armaan\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-06-22 13:46 - 2017-06-22 13:46 - 01127424 _____ () \\?\C:\Users\Armaan\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-06-22 13:46 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\Armaan\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-06-22 13:46 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\Armaan\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-07-28 22:40 - 2017-07-28 22:40 - 00148992 _____ () \\?\C:\Users\Armaan\AppData\Local\Temp\3A5B.tmp.node
2017-06-22 13:46 - 2017-06-22 13:46 - 02658296 _____ () \\?\C:\Users\Armaan\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-06-22 13:47 - 2017-06-22 13:47 - 02665976 _____ () \\?\C:\Users\Armaan\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-19 02:33 - 2017-03-19 02:31 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Armaan\Downloads\far_cry_3_beach_game_graphics_hdr_95932_1920x1080.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CheVolume.lnk"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Sound Blaster X-Fi MB5"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\...\StartupApproved\Run: => "Hobbyist Software VLC Streamer"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F9CB27C1-C436-4C71-9BA1-95834BD6E277}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{515F2AD7-2BB9-4312-BC66-38D21B2900E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{15B0F4E1-C46D-4954-A7EA-6E4148D0B4A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BD67A853-D880-4047-8018-4BC1B44EC433}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EE9B9F47-CE86-4BF1-91BB-A9E0CB5F6211}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9A991017-45BA-482E-A28E-7B7BAF766C82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8472AC15-C033-4A66-8F21-F55FC8A8307A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A67433FC-35F8-49EA-8A55-37CD744520F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9B784631-3234-458C-906B-E66A6B0BC979}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{53EF137A-5E6F-4F60-86F5-CD414EB04289}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AB37B7B7-FFCB-4949-962E-C25BCF98F0B6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{59A64141-DA43-4DFA-9349-E5EE7C6F2D9E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BDF277E9-834A-4D18-925A-3D083E688709}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{B3A90893-3618-4796-B1FC-180FBDF1EBC7}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{1371EEC2-B58F-4452-BEFD-14E25F543684}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{32736CE6-30B9-4F83-A2FB-47B5818A8C22}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DBD9562B-209C-4373-B113-A8D9B9BBD0BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0568C670-5454-415D-882A-8326F59AEDB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6ABB5FF5-17EE-4456-A5E6-C27676F8088B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{472BDC02-029D-4834-8DD4-61ED94575E50}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DF1244B3-00D8-45CB-B5C7-0E6986D9EBCF}] => (Allow) D:\Program Files Redone\iTunes\iTunes.exe
FirewallRules: [{D286017D-C549-40CD-96AD-A3B93C452A05}] => (Allow) D:\Steam Library\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{66B469B3-5B5F-415F-B135-CF683A8D9F35}] => (Allow) D:\Steam Library\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{F9876547-2B46-435E-A2F9-8B3A553E5AC9}] => (Allow) D:\Steam Library\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe
FirewallRules: [{A657B497-6C66-4A65-A11B-A530521703AC}] => (Allow) D:\Steam Library\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe
FirewallRules: [{DE65E574-3418-4B7E-9905-A46A2E050464}] => (Allow) D:\Steam Library\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{5F5C915E-DC85-476A-8E62-7B8530B29A4A}] => (Allow) D:\Steam Library\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{3D0E89F8-9785-4CBB-B67F-ED2BCB3037B4}] => (Allow) D:\Steam Library\steamapps\common\Mr.President!\Mr.Prez.exe
FirewallRules: [{00F22DEB-4B7D-43E0-84F4-CD4EF17CEC81}] => (Allow) D:\Steam Library\steamapps\common\Mr.President!\Mr.Prez.exe
FirewallRules: [{EC941B1C-901F-4698-84CF-CE6059C09674}] => (Allow) D:\Steam Library\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{B1E94881-BE8A-4F99-98AB-29338C5C5CDF}] => (Allow) D:\Steam Library\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{0FAB23EF-A17A-4D2B-BBB3-B2F26C05A374}] => (Allow) D:\Steam Library\steamapps\common\Showerdad\SHOWERDAD.exe
FirewallRules: [{AD03DF32-43A7-4B9E-AB79-3C1E791FD0FB}] => (Allow) D:\Steam Library\steamapps\common\Showerdad\SHOWERDAD.exe
FirewallRules: [{3C63C911-D4E7-448B-87D4-179894AC2D2C}] => (Allow) D:\Steam Library\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{76FD8EDC-DDC4-4EA4-A99B-2B67ECB2145E}] => (Allow) D:\Steam Library\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{2529A5AA-AAF2-429C-ABC0-74B3EEF19457}] => (Allow) D:\Steam Library\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{68A9276C-0861-4988-8A8F-F87DFD1052EA}] => (Allow) D:\Steam Library\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{22059FF1-D404-4E5E-AE18-197DA51CA163}] => (Allow) D:\Steam Library\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{5DCFF3F3-09BF-4641-85FE-2AE76700F341}] => (Allow) D:\Steam Library\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{E7610B2A-7AB8-4E6C-961D-8B17955279BE}] => (Allow) D:\Steam Library\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{DB1BD619-46D1-40E0-A891-1BD32116DD7C}] => (Allow) D:\Steam Library\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{F9343EC9-D353-4F29-BCF0-C4A415E216F3}] => (Allow) D:\Steam Library\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A14D4EAA-A5D7-4BAB-9121-CFF4465765EB}] => (Allow) D:\Steam Library\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{25D43C27-19C1-45F9-A89C-91B917A73854}D:\games\gta v\gta5.exe] => (Allow) D:\games\gta v\gta5.exe
FirewallRules: [UDP Query User{5CBED2F7-4885-4E96-8681-3EB7341D0052}D:\games\gta v\gta5.exe] => (Allow) D:\games\gta v\gta5.exe
FirewallRules: [{0ED45160-A8C5-4B64-851D-4BE389657A9B}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{15AE8171-73B2-4AEC-B65A-90607A8238D3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{B1327F99-F035-4BFB-BD9A-BCA90A9EEA20}] => (Allow) D:\Program Files Redone\PornTime\PornTime.exe
FirewallRules: [{A9F1C1F8-6AC6-4753-BEF1-3D0F8986B2D0}] => (Allow) D:\Program Files Redone\PornTime\PornTime.exe
FirewallRules: [{ACF71345-1277-404A-ADB5-D112ED980FAE}] => (Allow) C:\Users\Armaan\AppData\Roaming\PT\updater.exe
FirewallRules: [{48E32EB0-F97B-4281-8F8A-35BAFC782969}] => (Allow) C:\Users\Armaan\AppData\Roaming\PT\updater.exe
FirewallRules: [TCP Query User{7ED2623D-08A6-4B3A-AEC9-3EE4F528E4DE}D:\games\gta v\gta5.exe] => (Allow) D:\games\gta v\gta5.exe
FirewallRules: [UDP Query User{E8D782DE-4749-401D-8C92-BEF5440CD27A}D:\games\gta v\gta5.exe] => (Allow) D:\games\gta v\gta5.exe
FirewallRules: [{2408FED6-FBA1-49E2-80CF-ACCCA441C2DF}] => (Allow) D:\Games\Assassin's Creed Syndicate\ACS.exe
FirewallRules: [{BDA241A5-A459-4699-AB28-A701F0134F14}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{512EC2E9-79F3-46CD-8489-5C3CA0578E2B}] => (Allow) D:\Steam Library\steamapps\common\Orwell\Orwell.exe
FirewallRules: [{6BBF68E7-A4BF-45F6-AC4D-22DF56AC065C}] => (Allow) D:\Steam Library\steamapps\common\Orwell\Orwell.exe
FirewallRules: [{F94ED88D-00CB-42E2-9BD8-20BB6009A25D}] => (Allow) D:\Program Files Redone\VLC Streamer\VLC Streamer Configuration.exe
FirewallRules: [{AFD3BA53-1418-4684-B01E-8CD8CA27B895}] => (Allow) D:\Program Files Redone\VLC Streamer\mDNSResponder.exe
FirewallRules: [{B4EEB77D-5A8D-4C81-9CBE-0A38EF8A6519}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{A014445B-BB30-47CC-ABF3-F72C6CA7E349}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{1E51DB5D-260A-404F-AEA4-68D64F94ED0E}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{4FE29308-080F-4FBC-8F9B-DE8B760DA76E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{E137C96A-C069-48CA-91BE-B6F51EB0C1BC}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{686C4E1B-D00D-4476-A0BA-51219FDE0800}] => (Allow) D:\Steam Library\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{F4B0B3BE-7A14-43E3-8799-46474F6D23E6}] => (Allow) D:\Steam Library\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{41DF3738-BE68-4E32-B693-3720B30FBF4E}] => (Allow) D:\Steam Library\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [{CA307423-260E-41F7-AD02-3883FB5FCEBF}] => (Allow) D:\Steam Library\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [{A88794A8-AFE5-47DE-B24E-6157D41657E8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{717739D2-AD86-425E-95F4-447AD02B1C44}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{AAAD22BB-DB82-4168-9469-FB1761CB86A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D0F7A7AA-986F-4AD2-9483-758DB61A6B01}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{18FFF59B-53F5-4A2B-9E6A-92EFFDC141D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{CA649156-7F7C-47F9-96DE-3524DF14BA44}] => (Allow) D:\Steam Library\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{1F6B8956-5716-4D9D-9F4B-C5A1814D1888}] => (Allow) D:\Steam Library\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{76648AF9-A4D4-42F5-A9FC-744725FEB20A}] => (Allow) D:\Steam Library\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [{D3F94D5F-4C11-4659-8F22-243A1CE6BB10}] => (Allow) D:\Steam Library\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [TCP Query User{FCC9DE52-800B-4D79-BAA4-098400450C58}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{A687150A-F5A3-4C91-9B88-FD42B1FFACF3}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{33B98683-D5B5-451E-8418-5C81710CD799}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{25262C76-8466-4EB7-ABB9-7152FF5089B1}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4BC8659E-38F7-4495-A523-12903F976689}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{72E45D16-425F-46BF-8249-0678B68118FB}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{53E878A8-A74F-492B-AF15-728A5A9182C6}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D472EE50-63B6-4DAD-A623-6C747DE4B5B6}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{5443E2FB-711B-47C2-99D7-E1942A5307D4}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6327273B-7B85-4991-B49B-6E33FBA5253E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{364FD62E-272D-4739-ABE9-94C0FD2BDEB0}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B5DA2329-5FB6-412E-B090-EF158E368BB0}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7BCDA47E-D81A-4736-ABAD-56A2C95136EE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{856D801D-2AA8-4FB4-AD13-5C26547BF512}D:\program files redone\far cry primal\bin\fcprimal.exe] => (Block) D:\program files redone\far cry primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{DE212F3A-114E-4654-9A5D-BFA5B27E7712}D:\program files redone\far cry primal\bin\fcprimal.exe] => (Block) D:\program files redone\far cry primal\bin\fcprimal.exe
FirewallRules: [TCP Query User{66FA835D-B3F3-489B-A75A-DC21F710C0EA}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{86BDBBB0-EDB2-4049-B510-57913527AEC6}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{0D672791-6778-492D-B2FC-D42CAF6C7254}D:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{62C23166-9204-4527-9975-0E0AA1F33EC6}D:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{22375B49-E3DD-46D1-8C7A-6C1658E9622B}D:\program files redone\blur\blur.exe] => (Allow) D:\program files redone\blur\blur.exe
FirewallRules: [UDP Query User{1E15E112-04F3-4B91-9E09-7183C76574C4}D:\program files redone\blur\blur.exe] => (Allow) D:\program files redone\blur\blur.exe
FirewallRules: [TCP Query User{1E2EA1BA-7065-43ED-9DEF-E66F995E0F2E}D:\program files redone\age of empires iii - complete collection\age3.exe] => (Allow) D:\program files redone\age of empires iii - complete collection\age3.exe
FirewallRules: [UDP Query User{9B7C98BF-875D-424E-B45C-0BD52192C916}D:\program files redone\age of empires iii - complete collection\age3.exe] => (Allow) D:\program files redone\age of empires iii - complete collection\age3.exe
FirewallRules: [{D0726815-5C61-47AF-AF94-4D2D29C32581}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{9B0455C0-053A-496D-907E-FF64816BE9DD}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{C3B7A7B6-E285-41C0-ABB5-F71BB486653C}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{12D0E240-F9B5-4AED-B661-65D2D42C8F78}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{AAF2328F-1054-4116-BBB0-492846239B95}D:\program files redone\blur\blur.exe] => (Allow) D:\program files redone\blur\blur.exe
FirewallRules: [UDP Query User{F6B8D1FC-FCAD-4689-A6A8-19172DDDA9A9}D:\program files redone\blur\blur.exe] => (Allow) D:\program files redone\blur\blur.exe
FirewallRules: [TCP Query User{1CF891DF-9074-4F50-8377-676ECE2BF922}D:\program files redone\counter strike 1.6\hl.exe] => (Block) D:\program files redone\counter strike 1.6\hl.exe
FirewallRules: [UDP Query User{51DED892-D506-4634-B9B2-B133235D3D0C}D:\program files redone\counter strike 1.6\hl.exe] => (Block) D:\program files redone\counter strike 1.6\hl.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/28/2017 10:43:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PO6PWN)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/28/2017 04:54:54 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/27/2017 06:58:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhostw.exe, version: 10.0.15063.0, time stamp: 0x521b5eb7
Faulting module name: InputService.dll, version: 10.0.15063.447, time stamp: 0x09735b78
Exception code: 0xc0000005
Fault offset: 0x000000000002899d
Faulting process id: 0x2b8c
Faulting application start time: 0x01d306c2e2200917
Faulting application path: c:\windows\system32\taskhostw.exe
Faulting module path: C:\Windows\system32\InputService.dll
Report Id: b866ac5f-f8c3-4a54-bde1-b8db51006dd2
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/27/2017 05:26:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PO6PWN)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/27/2017 04:39:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x48feaf5a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x67934c29
Faulting process id: 0x2e40
Faulting application start time: 0x01d306c8c8e19534
Faulting application path: D:\Program Files Redone\Counter Strike 1.6\hl.exe
Faulting module path: unknown
Report Id: f577bed4-a59c-4851-a423-2d5115dacc8a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/27/2017 04:13:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x48feaf5a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0aa916f3
Faulting process id: 0x1d08
Faulting application start time: 0x01d306c4af352b17
Faulting application path: D:\Program Files Redone\Counter Strike 1.6\hl.exe
Faulting module path: unknown
Report Id: 73086704-f163-4677-ae41-e2d1e427dcd3
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/27/2017 04:06:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program hl.exe version 1.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2528
 
Start Time: 01d306c36125e4d7
 
Termination Time: 6
 
Application Path: D:\Program Files Redone\Counter Strike 1.6\hl.exe
 
Report Id: 55f4f690-6729-4ba5-9f75-b2e322b2c402
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/27/2017 04:00:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x48feaf5a
Faulting module name: MSVCR100.dll, version: 10.0.30319.1, time stamp: 0x4ba1dbbe
Exception code: 0xc0000417
Fault offset: 0x0008ae6e
Faulting process id: 0x39c8
Faulting application start time: 0x01d306c342ce817e
Faulting application path: D:\Program Files Redone\Counter Strike 1.6\hl.exe
Faulting module path: D:\Program Files Redone\Counter Strike 1.6\MSVCR100.dll
Report Id: 1a4a2523-70c5-4493-ba0b-20f711fc9755
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/27/2017 03:54:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x48feaf5a
Faulting module name: steam.dll_unloaded, version: 2.0.0.0, time stamp: 0x4a0fe93e
Exception code: 0xc0000005
Fault offset: 0x0000d1a0
Faulting process id: 0xeb8
Faulting application start time: 0x01d306c26f74ca0e
Faulting application path: D:\Program Files Redone\Counter Strike 1.6\hl.exe
Faulting module path: steam.dll
Report Id: 0c873724-4486-4f70-b159-842b94af25ab
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/27/2017 03:11:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Blur.exe, version: 0.0.0.0, time stamp: 0x562b029a
Faulting module name: Blur.exe, version: 0.0.0.0, time stamp: 0x562b029a
Exception code: 0xc0000005
Fault offset: 0x00730df4
Faulting process id: 0x9b4
Faulting application start time: 0x01d306bc54f86cde
Faulting application path: D:\Program Files Redone\Blur\Blur.exe
Faulting module path: D:\Program Files Redone\Blur\Blur.exe
Report Id: 5f586c6c-f8b0-42c8-be2c-b4f082f2dff4
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (07/28/2017 09:55:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (07/28/2017 09:55:54 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Armaan\AppData\Local\Temp\ehdrv.sys
 
Error: (07/28/2017 09:55:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (07/28/2017 09:55:54 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Armaan\AppData\Local\Temp\ehdrv.sys
 
Error: (07/28/2017 09:55:54 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Armaan\AppData\Local\Temp\ehdrv.sys
 
Error: (07/28/2017 09:55:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (07/28/2017 09:55:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (07/28/2017 09:55:54 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Armaan\AppData\Local\Temp\ehdrv.sys
 
Error: (07/28/2017 09:55:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (07/28/2017 09:55:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Armaan\AppData\Local\Temp\ehdrv.sys
 
 
CodeIntegrity:
===================================
  Date: 2017-07-28 23:31:56.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-28 23:31:56.990
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-28 23:31:56.778
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-28 23:31:56.776
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-28 23:31:54.299
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-28 23:31:54.298
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-28 21:48:50.210
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-28 21:48:50.208
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-28 21:48:50.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-28 21:48:50.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 35%
Total physical RAM: 16303.08 MB
Available physical RAM: 10585.9 MB
Total Virtual: 18735.08 MB
Available Virtual: 11647.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:118.69 GB) (Free:69.8 GB) NTFS
Drive d: () (Fixed) (Total:931.5 GB) (Free:389.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:07 AM

Posted 29 July 2017 - 07:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\...\Run: [AdobeBridge] => [X]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-21]
CHR Extension: (Chrome Media Router) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
CustomCLSID: HKU\S-1-5-21-2890481376-1290147495-3485235637-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5EB03140F2D8}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
===

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know what problems you are experiencing with this this computer.

#3 po6pwn

po6pwn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 30 July 2017 - 08:39 AM

Yeah, I noticed that Windows restore points were off after I ran FRST the first time too. This is probably because my OS was installed on a low capacity SSD (120GB). I have turned it on and updated Java, as well as resetting Chrome. The logs from FRST are posted below:

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-07-2017
Ran by Armaan (30-07-2017 18:53:50) Run:1
Running from D:\Downloads
Loaded Profiles: Armaan (Available Profiles: Armaan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\...\Run: [AdobeBridge] => [X]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-21]
CHR Extension: (Chrome Media Router) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
CustomCLSID: HKU\S-1-5-21-2890481376-1290147495-3485235637-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5EB03140F2D8}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2890481376-1290147495-3485235637-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
CHR Extension: (Chrome Web Store Payments) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-21] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
HKU\S-1-5-21-2890481376-1290147495-3485235637-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5EB03140F2D8} => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 118858715 B
Java, Flash, Steam htmlcache => 369701209 B
Windows/system/drivers => 19219311 B
Edge => 30157203 B
Chrome => 810295619 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 234372 B
Armaan => 1415671626 B
 
RecycleBin => 281758 B
EmptyTemp: => 2.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:54:38 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:07 AM

Posted 30 July 2017 - 09:38 AM

Is the problem persisting?

What is not being removed?

#5 po6pwn

po6pwn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 30 July 2017 - 02:42 PM

Every time I run Adwcleaner, this entry pops up 'shadow-keylogger.en.softonic.com'. I posted this in a previous topic and was instructed to post in a new topic for a closer look.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:07 AM

Posted 31 July 2017 - 06:58 AM

Please run the AdwCleaner and post the Scan log.

I need to see what is reported.

#7 po6pwn

po6pwn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 31 July 2017 - 10:23 AM

Alright, I ran the program as instructed.

This is the log from the first time i ran the program on the 28th:

# AdwCleaner 7.0.0.0 - Logfile created on Fri Jul 28 16:15:12 2017

# Updated on 2017/17/07 by Malwarebytes

# Database: 07-27-2017.2

# Running on Windows 10 Pro (X64)

# Mode: scan

# Support: https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

No malicious services found.

 

***** [ Folders ] *****

 

No malicious folders found.

 

***** [ Files ] *****

 

No malicious files found.

 

***** [ DLL ] *****

 

No malicious DLLs found.

 

***** [ WMI ] *****

 

No malicious WMI found.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts found.

 

***** [ Tasks ] *****

 

No malicious tasks found.

 

***** [ Registry ] *****

 

No malicious registry entries found.

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries.

 

***** [ Chromium (and derivatives) ] *****

 

SearchProvider found: Softonic EN - shadow-keylogger.en.softonic.com

SearchProvider found: torrentz.colorask.com - torrentz.colorask.com

 

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271

 

 

*************************

 

C:/AdwCleaner/AdwCleaner[C0].txt - [1230 B] - [2017/7/27 1:20:47]

C:/AdwCleaner/AdwCleaner[S0].txt - [1199 B] - [2017/7/27 1:20:10]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

 

This is the log file from the scan I ran today (the 31st):

# AdwCleaner 7.0.0.0 - Logfile created on Mon Jul 31 15:15:45 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: Softonic EN - shadow-keylogger.en.softonic.com
SearchProvider deleted: torrentz.colorask.com - torrentz.colorask.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1230 B] - [2017/7/27 1:20:47]
C:/AdwCleaner/AdwCleaner[C1].txt - [1370 B] - [2017/7/28 16:16:18]
C:/AdwCleaner/AdwCleaner[C2].txt - [1505 B] - [2017/7/28 18:8:6]
C:/AdwCleaner/AdwCleaner[S0].txt - [1199 B] - [2017/7/27 1:20:10]
C:/AdwCleaner/AdwCleaner[S1].txt - [1324 B] - [2017/7/28 16:15:12]
C:/AdwCleaner/AdwCleaner[S2].txt - [1460 B] - [2017/7/28 18:7:43]
C:/AdwCleaner/AdwCleaner[S3].txt - [1593 B] - [2017/7/31 15:15:15]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt ##########
This is what I meant, everytime I run the program it removes these two entries:
'SearchProvider found: Softonic EN - shadow-keylogger.en.softonic.com

SearchProvider found: torrentz.colorask.com - torrentz.colorask.com'
Almost like they are removed but find themselves back into my system. Does this just refer to entries which have been removed previously or am I infected?

SearchProvider found: Softonic EN - shadow-keylogger.en.softonic.com

SearchProvider found: torrentz.colorask.com - torrentz.colorask.com



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:07 AM

Posted 01 August 2017 - 06:56 AM

Hi,







Lets see what we can find in the Registry.

Farbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.
  • Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:
softonic
  • Once done, click on the Search Registry button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply;


#9 po6pwn

po6pwn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 01 August 2017 - 07:28 AM

Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Armaan (01-08-2017 17:58:11)
Running from D:\Downloads\FRST-OlderVersion
Boot Mode: Normal
 
================== Search Registry: "softonic" ===========
 
 
====== End of Search ======


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:07 AM

Posted 01 August 2017 - 07:49 AM

Almost like they are removed but find themselves back into my system. Does this just refer to entries which have been removed previously or am I infected?

An entry that was removed. It's just an empty sting.

===

Run this cleaning tool. If these are not remove and all is well forget about them.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

#11 po6pwn

po6pwn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 01 August 2017 - 10:50 AM

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Armaan on 01-08-2017 at 20:40:32.61.
Microsoft Windows 10 Pro 10.0.15063  x64
Running in: Normal Mode No Internet Access Detected
Launched: D:\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
01-08-2017 20:41:05 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Armaan\AppData\Local\DBG deleted successfully
C:\Users\Armaan\AppData\Local\ESET deleted successfully
C:\Users\Armaan\AppData\Local\PeerDistRepub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\AGEIA Technologies not found
C:\Users\Armaan\AppData\Roaming\discord deleted
C:\Users\Armaan\.android deleted
C:\PROGRA~3\Package Cache deleted
 
==== Chromium Look ======================
 
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
 
DuckDuckGo for Chrome - Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg
Netflix - Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh
SoundCloud - Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp
Black red shards - Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjlkkaalgfbbegfnjoclhfidancjpch
Momentum - Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca
Chrome Media Router - Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Armaan\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Armaan\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Armaan\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Armaan\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=446 folders=77 235843411 bytes)
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Armaan\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 01-08-2017 at 20:49:42.09 ======================


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:07 AM

Posted 01 August 2017 - 12:20 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#13 po6pwn

po6pwn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 03 August 2017 - 12:47 AM

All was well until today I was playing a game and suddenly the sound glitched out, and the screen froze. It gave me a blue screen with the title "Your PC ran into a problem and needs to restart". Not sure if this is because I was playing an Early access game which is still in development or there is actually something wrong. Please advice.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:07 AM

Posted 03 August 2017 - 08:13 AM

Hi,

It could be a driver issue.

Navigate to this page.
http://learn.flexerasoftware.com/SVM-EVAL-Personal-Software-Inspector

Download and run the Flexera Software Personal Software Inspector.

Update all the 3rd party divers that are old.

Restart the computer normally after.

Let me know if the problem persists.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:07 AM

Posted 09 August 2017 - 08:44 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users