Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is running slow over the last month


  • This topic is locked This topic is locked
6 replies to this topic

#1 donjuancho

donjuancho

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 01 August 2017 - 09:12 PM

My Computer has started to slow down quite a bit lately.  Before it ran fine, now it feels choppy or laggy.  This is mainly when I am playing games, even games that barely use the gpu, it also happens when watching videos on youtube.  I have tested changing fps and internet speed and that isn't the issue.  I have stress tested it using Prime95 and everything passes.  I also used CPUID to check temps and they are all reasonable.  I've tested the ram and run multiple anti viruses, as well as tried all of the tips in the Slow Computer section of this site, but haven't had an luck.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by Teddy C (administrator) on DESKTOP-6G3POI7 (01-08-2017 19:03:42)
Running from E:\Downloads
Loaded Profiles: Teddy C (Available Profiles: Teddy C)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) E:\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-25] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-27] (AVAST Software)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1205\G2AWinLogon_x64.dll (Citrix Systems, Inc.)
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-17] (Valve Corporation)
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\Run: [Google Update] => C:\Users\Teddy C\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc.)
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\Run: [Chromium] => c:\users\teddy c\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\Run: [Skype] => E:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-07-25] ()
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-10-04]
ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe (Andy OS, inc.)
Startup: C:\Users\Teddy C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2017-07-28]
ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.0 keystone.mwbsys.com
Tcpip\..\Interfaces\{c29a6fd0-f2c5-4dab-8910-87c9b02cdbd3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3816232487-70889957-2412248972-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-28] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: gse64ibt.default
FF ProfilePath: C:\Users\Teddy C\AppData\Roaming\Mozilla\Firefox\Profiles\gse64ibt.default [2017-08-01]
FF NewTab: Mozilla\Firefox\Profiles\gse64ibt.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\gse64ibt.default -> Yahoo! Powered
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\gse64ibt.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\gse64ibt.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\gse64ibt.default -> hxxps://www.google.com/
FF Session Restore: Mozilla\Firefox\Profiles\gse64ibt.default -> is enabled.
FF Keyword.URL: Mozilla\Firefox\Profiles\gse64ibt.default -> user_pref("keyword.URL", true);
FF Extension: (Avast SafePrice) - C:\Users\Teddy C\AppData\Roaming\Mozilla\Firefox\Profiles\gse64ibt.default\Extensions\sp@avast.com.xpi [2017-07-27]
FF Extension: (Avast Online Security) - C:\Users\Teddy C\AppData\Roaming\Mozilla\Firefox\Profiles\gse64ibt.default\Extensions\wrc@avast.com.xpi [2017-07-27]
FF Extension: (Adblock Plus) - C:\Users\Teddy C\AppData\Roaming\Mozilla\Firefox\Profiles\gse64ibt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3816232487-70889957-2412248972-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Teddy C\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-04-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-3816232487-70889957-2412248972-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Teddy C\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3816232487-70889957-2412248972-1001: @talk.google.com/O1DPlugin -> C:\Users\Teddy C\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3816232487-70889957-2412248972-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Teddy C\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-3816232487-70889957-2412248972-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Teddy C\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Teddy C\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Teddy C\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Teddy C\AppData\Local\Google\Chrome\User Data\Default [2017-08-01]
CHR Extension: (Google Slides) - C:\Users\Teddy C\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-25]
CHR Extension: (Google Docs) - C:\Users\Teddy C\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-25]
CHR Extension: (Google Drive) - C:\Users\Teddy C\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-25]
CHR Extension: (YouTube) - C:\Users\Teddy C\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-25]
CHR Extension: (Adblock Plus) - C:\Users\Teddy C\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-24]
CHR Extension: (Adobe Acrobat) - C:\Users\Teddy C\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Google Sheets) - C:\Users\Teddy C\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\Teddy C\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Teddy C\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Gmail) - C:\Users\Teddy C\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-25]
CHR Extension: (Chrome Media Router) - C:\Users\Teddy C\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-24]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-27] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [311592 2017-07-27] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-08-02] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1205\G2AC_Service.exe [309712 2017-05-05] (Citrix Systems, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-07-25] (Overwolf LTD)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S2 SkypeUpdate; E:\Program Files (x86)\Skype\Updater\Updater.exe [317400 2017-06-01] (Skype Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
S3 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320008 2017-07-27] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-07-27] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-07-27] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57728 2017-07-27] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-07-27] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41800 2017-07-27] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146696 2017-07-27] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [554528 2017-07-27] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-07-27] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-07-27] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015848 2017-07-27] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-07-27] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-07-27] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-27] (AVAST Software)
R3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2017-07-28] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2016-04-25] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvpcdwu.inf_amd64_4f213dee333805ba\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 tapoas; C:\WINDOWS\System32\drivers\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2016-09-06] (VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-02] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-01 19:03 - 2017-08-01 19:03 - 000000000 ____D C:\FRST
2017-07-28 19:42 - 2017-07-28 19:49 - 000000000 ____D C:\Users\Teddy C\AppData\Local\MSfree Inc
2017-07-28 19:38 - 2017-07-28 19:38 - 000002534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-07-28 19:38 - 2017-07-28 19:38 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-07-28 19:38 - 2017-07-28 19:38 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-07-28 19:38 - 2017-07-28 19:38 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-07-28 19:38 - 2017-07-28 19:38 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-07-28 19:38 - 2017-07-28 19:38 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-07-28 19:38 - 2017-07-28 19:38 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-07-28 19:38 - 2017-07-28 19:38 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-07-28 19:38 - 2017-07-28 19:38 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-07-28 19:38 - 2017-07-28 19:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-07-28 19:36 - 2017-07-30 03:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-28 19:36 - 2017-07-28 19:36 - 000181124 _____ C:\WINDOWSARIALNI.tt2
2017-07-28 19:36 - 2017-07-28 19:36 - 000180740 _____ C:\WINDOWSARIALNB.tt2
2017-07-28 19:36 - 2017-07-28 19:36 - 000180084 _____ C:\WINDOWSARIALNBI.tt2
2017-07-28 19:36 - 2017-07-28 19:36 - 000175956 _____ C:\WINDOWSARIALN.tt2
2017-07-28 19:36 - 2017-07-28 19:36 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-07-28 18:42 - 2017-07-28 18:42 - 000000000 ____D C:\Users\Teddy C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TREZOR Bridge
2017-07-28 16:13 - 2017-07-28 16:13 - 000000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-07-28 16:13 - 2017-07-28 16:13 - 000000000 ____D C:\Program Files\CPUID
2017-07-27 23:54 - 2017-07-27 23:54 - 000400464 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-07-22 12:31 - 2017-07-22 12:31 - 000000000 ____D C:\Users\Teddy C\AppData\Roaming\AVAST Software
2017-07-22 12:30 - 2017-07-28 00:40 - 000004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1500751856
2017-07-22 12:30 - 2017-07-28 00:40 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-22 12:30 - 2017-07-27 23:55 - 000146696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2017-07-22 12:30 - 2017-07-27 23:55 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-07-22 12:30 - 2017-07-27 23:54 - 001015848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-07-22 12:30 - 2017-07-27 23:54 - 000585608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-07-22 12:30 - 2017-07-27 23:54 - 000361336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-07-22 12:30 - 2017-07-27 23:54 - 000198768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-07-22 12:30 - 2017-07-27 23:54 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150122490446803
2017-07-22 12:30 - 2017-07-27 23:54 - 000110352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-07-22 12:30 - 2017-07-27 23:54 - 000084392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-07-22 12:30 - 2017-07-27 23:54 - 000046984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-07-22 12:30 - 2017-07-27 23:54 - 000041800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-07-22 12:30 - 2017-07-27 23:53 - 000554528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-07-22 12:30 - 2017-07-27 23:53 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-07-22 12:30 - 2017-07-27 23:53 - 000320008 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-07-22 12:30 - 2017-07-27 23:53 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-07-22 12:30 - 2017-07-27 23:53 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-07-22 12:30 - 2017-07-22 12:30 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk
2017-07-22 12:30 - 2017-07-22 12:30 - 000000000 ____D C:\Program Files\AVAST Software
2017-07-22 12:22 - 2017-07-22 12:21 - 000565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-07-22 12:11 - 2017-07-22 12:11 - 000001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-07-22 12:11 - 2017-07-22 12:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-07-22 12:11 - 2016-03-10 14:09 - 000065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-22 12:11 - 2016-03-10 14:08 - 000140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-07-22 12:11 - 2016-03-10 14:08 - 000027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-22 12:06 - 2017-07-22 12:33 - 000000000 ____D C:\Program Files\CCleaner
2017-07-22 12:06 - 2017-07-22 12:06 - 000002874 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-07-22 12:06 - 2017-07-22 12:06 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-22 12:06 - 2017-07-22 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-22 12:00 - 2017-07-28 18:40 - 000000000 ____D C:\Users\Teddy C\AppData\LocalLow\uTorrent
2017-07-22 11:28 - 2017-07-22 11:29 - 000109162 _____ C:\Users\Teddy C\Documents\cc_20170722_112851.reg
2017-07-11 20:14 - 2017-07-06 23:57 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-11 20:14 - 2017-07-06 23:39 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-11 20:14 - 2017-07-06 23:37 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-11 20:14 - 2017-07-06 23:31 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-11 20:14 - 2017-07-06 23:31 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-11 20:14 - 2017-07-06 23:30 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-11 20:14 - 2017-07-06 23:27 - 006759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-11 20:14 - 2017-07-06 23:26 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-11 20:14 - 2017-07-06 23:26 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-11 20:14 - 2017-07-06 23:23 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-11 20:14 - 2017-07-06 23:14 - 002956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-11 20:14 - 2017-07-06 23:14 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-11 20:14 - 2017-07-06 23:13 - 013839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-11 20:14 - 2017-07-06 23:12 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-11 20:14 - 2017-07-06 23:05 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-11 20:14 - 2017-07-06 23:04 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-11 20:14 - 2017-07-06 23:04 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-11 20:14 - 2017-07-06 23:02 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-11 20:14 - 2017-07-06 23:00 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-11 20:14 - 2017-07-06 23:00 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-11 20:14 - 2017-07-06 22:58 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-11 20:14 - 2017-07-06 22:58 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-11 20:14 - 2017-06-19 22:04 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-11 20:14 - 2017-06-19 22:04 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-11 20:14 - 2017-06-19 22:03 - 005806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-11 20:14 - 2017-06-19 22:02 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-11 20:14 - 2017-06-19 22:02 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-11 20:14 - 2017-06-19 22:00 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-11 20:14 - 2017-06-19 21:40 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-11 20:14 - 2017-06-19 21:40 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-11 20:14 - 2017-06-19 21:39 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-11 20:14 - 2017-06-19 21:38 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-11 20:14 - 2017-06-19 21:38 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-11 20:14 - 2017-06-19 21:38 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-11 20:14 - 2017-06-19 21:36 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-11 20:14 - 2017-06-19 21:35 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-11 20:14 - 2017-06-19 21:34 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-11 20:14 - 2017-06-19 21:34 - 002211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-11 20:14 - 2017-06-19 21:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-11 20:13 - 2017-07-07 07:00 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-11 20:13 - 2017-07-07 00:27 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-11 20:13 - 2017-07-07 00:27 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-11 20:13 - 2017-07-07 00:27 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-11 20:13 - 2017-07-07 00:26 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-11 20:13 - 2017-07-07 00:25 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-11 20:13 - 2017-07-07 00:24 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-11 20:13 - 2017-07-07 00:23 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-11 20:13 - 2017-07-07 00:22 - 008318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-11 20:13 - 2017-07-07 00:22 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-11 20:13 - 2017-07-07 00:21 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-11 20:13 - 2017-07-07 00:21 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-11 20:13 - 2017-07-07 00:20 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-11 20:13 - 2017-07-07 00:20 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-11 20:13 - 2017-07-07 00:20 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-11 20:13 - 2017-07-07 00:20 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-11 20:13 - 2017-07-07 00:15 - 002444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-11 20:13 - 2017-07-07 00:14 - 007325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-11 20:13 - 2017-07-07 00:14 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-11 20:13 - 2017-07-07 00:14 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-11 20:13 - 2017-07-07 00:13 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-11 20:13 - 2017-07-07 00:13 - 000554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-11 20:13 - 2017-07-07 00:13 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-11 20:13 - 2017-07-07 00:12 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-11 20:13 - 2017-07-07 00:12 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-11 20:13 - 2017-07-07 00:11 - 007904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-11 20:13 - 2017-07-07 00:11 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-11 20:13 - 2017-07-07 00:10 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-11 20:13 - 2017-07-07 00:10 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-11 20:13 - 2017-07-07 00:10 - 001337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-11 20:13 - 2017-07-07 00:10 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-11 20:13 - 2017-07-07 00:10 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-11 20:13 - 2017-07-07 00:10 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-11 20:13 - 2017-07-07 00:09 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-11 20:13 - 2017-07-07 00:08 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-07-11 20:13 - 2017-07-07 00:08 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-07-11 20:13 - 2017-07-07 00:08 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-07-11 20:13 - 2017-07-07 00:08 - 001458584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-07-11 20:13 - 2017-07-07 00:08 - 000848280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-07-11 20:13 - 2017-07-07 00:08 - 000846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-07-11 20:13 - 2017-07-07 00:08 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-07-11 20:13 - 2017-07-07 00:08 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-07-11 20:13 - 2017-07-07 00:08 - 000672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-07-11 20:13 - 2017-07-07 00:08 - 000399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-07-11 20:13 - 2017-07-07 00:07 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-11 20:13 - 2017-07-07 00:07 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-11 20:13 - 2017-07-06 23:57 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-11 20:13 - 2017-07-06 23:40 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-11 20:13 - 2017-07-06 23:39 - 000096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-11 20:13 - 2017-07-06 23:37 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-11 20:13 - 2017-07-06 23:37 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-11 20:13 - 2017-07-06 23:31 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-11 20:13 - 2017-07-06 23:30 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-11 20:13 - 2017-07-06 23:30 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-11 20:13 - 2017-07-06 23:29 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-11 20:13 - 2017-07-06 23:29 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-11 20:13 - 2017-07-06 23:27 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-11 20:13 - 2017-07-06 23:27 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-11 20:13 - 2017-07-06 23:27 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-11 20:13 - 2017-07-06 23:27 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-11 20:13 - 2017-07-06 23:27 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-11 20:13 - 2017-07-06 23:26 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-11 20:13 - 2017-07-06 23:26 - 017364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-11 20:13 - 2017-07-06 23:26 - 001195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-11 20:13 - 2017-07-06 23:25 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-11 20:13 - 2017-07-06 23:25 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-11 20:13 - 2017-07-06 23:24 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-07-11 20:13 - 2017-07-06 23:23 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-11 20:13 - 2017-07-06 23:23 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-11 20:13 - 2017-07-06 23:22 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-11 20:13 - 2017-07-06 23:22 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-11 20:13 - 2017-07-06 23:21 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-11 20:13 - 2017-07-06 23:20 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-11 20:13 - 2017-07-06 23:20 - 008331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-11 20:13 - 2017-07-06 23:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-11 20:13 - 2017-07-06 23:19 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-11 20:13 - 2017-07-06 23:19 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-11 20:13 - 2017-07-06 23:19 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-11 20:13 - 2017-07-06 23:19 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-11 20:13 - 2017-07-06 23:18 - 007336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-11 20:13 - 2017-07-06 23:18 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-11 20:13 - 2017-07-06 23:18 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-11 20:13 - 2017-07-06 23:18 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-11 20:13 - 2017-07-06 23:17 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-11 20:13 - 2017-07-06 23:17 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-11 20:13 - 2017-07-06 23:17 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-11 20:13 - 2017-07-06 23:17 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-11 20:13 - 2017-07-06 23:17 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-11 20:13 - 2017-07-06 23:16 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-11 20:13 - 2017-07-06 23:16 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-11 20:13 - 2017-07-06 23:16 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-11 20:13 - 2017-07-06 23:15 - 008238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-11 20:13 - 2017-07-06 23:15 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-11 20:13 - 2017-07-06 23:14 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-11 20:13 - 2017-07-06 23:14 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-11 20:13 - 2017-07-06 23:14 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-11 20:13 - 2017-07-06 23:14 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-11 20:13 - 2017-07-06 23:14 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-11 20:13 - 2017-07-06 23:13 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-11 20:13 - 2017-07-06 23:13 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-11 20:13 - 2017-07-06 23:12 - 004730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-11 20:13 - 2017-07-06 23:12 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-11 20:13 - 2017-07-06 23:12 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-11 20:13 - 2017-07-06 23:12 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-11 20:13 - 2017-07-06 23:12 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-11 20:13 - 2017-07-06 23:12 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-11 20:13 - 2017-07-06 23:12 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-11 20:13 - 2017-07-06 23:12 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-11 20:13 - 2017-07-06 23:12 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-11 20:13 - 2017-07-06 23:11 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-11 20:13 - 2017-07-06 23:11 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-11 20:13 - 2017-07-06 23:11 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-11 20:13 - 2017-07-06 23:11 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-11 20:13 - 2017-07-06 23:11 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-11 20:13 - 2017-07-06 23:11 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-11 20:13 - 2017-07-06 23:10 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-11 20:13 - 2017-07-06 23:10 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-11 20:13 - 2017-07-06 23:10 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-11 20:13 - 2017-07-06 23:10 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-11 20:13 - 2017-07-06 23:10 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-11 20:13 - 2017-07-06 23:09 - 020504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-11 20:13 - 2017-07-06 23:09 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-11 20:13 - 2017-07-06 23:08 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-11 20:13 - 2017-07-06 23:07 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-11 20:13 - 2017-07-06 23:07 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-11 20:13 - 2017-07-06 23:06 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-11 20:13 - 2017-07-06 23:06 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-11 20:13 - 2017-07-06 23:06 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-11 20:13 - 2017-07-06 23:05 - 019335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-11 20:13 - 2017-07-06 23:05 - 011870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-11 20:13 - 2017-07-06 23:05 - 005719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-11 20:13 - 2017-07-06 23:05 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-11 20:13 - 2017-07-06 23:05 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-11 20:13 - 2017-07-06 23:04 - 005961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-11 20:13 - 2017-07-06 23:04 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-11 20:13 - 2017-07-06 23:04 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-11 20:13 - 2017-07-06 23:04 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-11 20:13 - 2017-07-06 23:03 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-11 20:13 - 2017-07-06 23:03 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-11 20:13 - 2017-07-06 23:03 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-11 20:13 - 2017-07-06 23:02 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-11 20:13 - 2017-07-06 23:01 - 006287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-11 20:13 - 2017-07-06 23:01 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-11 20:13 - 2017-07-06 23:00 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-11 20:13 - 2017-07-06 23:00 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-11 20:13 - 2017-07-06 23:00 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-11 20:13 - 2017-07-06 23:00 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-11 20:13 - 2017-07-06 22:59 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-11 20:13 - 2017-07-06 22:59 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-11 20:13 - 2017-07-06 22:59 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-11 20:13 - 2017-07-06 22:59 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-11 20:13 - 2017-07-06 22:59 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-11 20:13 - 2017-07-06 22:58 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-11 20:13 - 2017-07-06 22:58 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-11 20:13 - 2017-07-06 22:55 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-11 20:13 - 2017-07-06 22:55 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-11 20:13 - 2017-07-06 22:53 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-11 20:13 - 2017-07-06 22:53 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-11 20:13 - 2017-07-01 15:52 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-11 20:13 - 2017-06-19 23:18 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-11 20:13 - 2017-06-19 23:17 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-11 20:13 - 2017-06-19 23:16 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-11 20:13 - 2017-06-19 23:15 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-11 20:13 - 2017-06-19 23:11 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-11 20:13 - 2017-06-19 23:11 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-11 20:13 - 2017-06-19 23:10 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-11 20:13 - 2017-06-19 23:10 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-11 20:13 - 2017-06-19 23:08 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-11 20:13 - 2017-06-19 23:06 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-11 20:13 - 2017-06-19 23:05 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-11 20:13 - 2017-06-19 23:04 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-11 20:13 - 2017-06-19 23:03 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-11 20:13 - 2017-06-19 23:03 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-11 20:13 - 2017-06-19 23:02 - 002645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-11 20:13 - 2017-06-19 23:02 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-11 20:13 - 2017-06-19 23:00 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-11 20:13 - 2017-06-19 23:00 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-11 20:13 - 2017-06-19 22:59 - 006554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-11 20:13 - 2017-06-19 22:59 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-11 20:13 - 2017-06-19 22:59 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-11 20:13 - 2017-06-19 22:59 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-11 20:13 - 2017-06-19 22:58 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-11 20:13 - 2017-06-19 22:58 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-11 20:13 - 2017-06-19 22:57 - 002681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-11 20:13 - 2017-06-19 22:57 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-11 20:13 - 2017-06-19 22:34 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-11 20:13 - 2017-06-19 22:15 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-11 20:13 - 2017-06-19 22:15 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-11 20:13 - 2017-06-19 22:14 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-11 20:13 - 2017-06-19 22:13 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-11 20:13 - 2017-06-19 22:13 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-11 20:13 - 2017-06-19 22:12 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-11 20:13 - 2017-06-19 22:12 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-11 20:13 - 2017-06-19 22:12 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-11 20:13 - 2017-06-19 22:11 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-11 20:13 - 2017-06-19 22:11 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-11 20:13 - 2017-06-19 22:10 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-11 20:13 - 2017-06-19 22:10 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-11 20:13 - 2017-06-19 22:10 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-11 20:13 - 2017-06-19 22:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-11 20:13 - 2017-06-19 22:09 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-11 20:13 - 2017-06-19 22:09 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-11 20:13 - 2017-06-19 22:09 - 000406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-11 20:13 - 2017-06-19 22:09 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-11 20:13 - 2017-06-19 22:09 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-11 20:13 - 2017-06-19 22:09 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-11 20:13 - 2017-06-19 22:09 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-11 20:13 - 2017-06-19 22:09 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-11 20:13 - 2017-06-19 22:08 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-11 20:13 - 2017-06-19 22:08 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-11 20:13 - 2017-06-19 22:08 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-11 20:13 - 2017-06-19 22:08 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-11 20:13 - 2017-06-19 22:08 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-11 20:13 - 2017-06-19 22:08 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-11 20:13 - 2017-06-19 22:08 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-11 20:13 - 2017-06-19 22:07 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-11 20:13 - 2017-06-19 22:07 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-11 20:13 - 2017-06-19 22:07 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-11 20:13 - 2017-06-19 22:07 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-11 20:13 - 2017-06-19 22:07 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-11 20:13 - 2017-06-19 22:07 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-11 20:13 - 2017-06-19 22:07 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-11 20:13 - 2017-06-19 22:07 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-11 20:13 - 2017-06-19 22:06 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-11 20:13 - 2017-06-19 22:06 - 000847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-11 20:13 - 2017-06-19 22:06 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-11 20:13 - 2017-06-19 22:06 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-11 20:13 - 2017-06-19 22:06 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-11 20:13 - 2017-06-19 22:06 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-11 20:13 - 2017-06-19 22:06 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-11 20:13 - 2017-06-19 22:05 - 004447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-11 20:13 - 2017-06-19 22:05 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-11 20:13 - 2017-06-19 22:05 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-11 20:13 - 2017-06-19 22:05 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-11 20:13 - 2017-06-19 22:05 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-11 20:13 - 2017-06-19 22:05 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-11 20:13 - 2017-06-19 22:05 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-11 20:13 - 2017-06-19 22:05 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-11 20:13 - 2017-06-19 22:05 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-11 20:13 - 2017-06-19 22:05 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-11 20:13 - 2017-06-19 22:04 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-11 20:13 - 2017-06-19 22:04 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-11 20:13 - 2017-06-19 22:04 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-11 20:13 - 2017-06-19 22:04 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-11 20:13 - 2017-06-19 22:04 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-11 20:13 - 2017-06-19 22:04 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-11 20:13 - 2017-06-19 22:04 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-11 20:13 - 2017-06-19 22:04 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-11 20:13 - 2017-06-19 22:04 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-11 20:13 - 2017-06-19 22:03 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-11 20:13 - 2017-06-19 22:03 - 001396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-11 20:13 - 2017-06-19 22:03 - 000864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-11 20:13 - 2017-06-19 22:03 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-11 20:13 - 2017-06-19 22:02 - 003204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-11 20:13 - 2017-06-19 22:02 - 002804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-11 20:13 - 2017-06-19 22:02 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-11 20:13 - 2017-06-19 22:02 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-11 20:13 - 2017-06-19 22:02 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-11 20:13 - 2017-06-19 22:01 - 004536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-11 20:13 - 2017-06-19 22:01 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-11 20:13 - 2017-06-19 22:01 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-11 20:13 - 2017-06-19 22:01 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-11 20:13 - 2017-06-19 22:01 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-11 20:13 - 2017-06-19 22:01 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-11 20:13 - 2017-06-19 22:01 - 000176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-11 20:13 - 2017-06-19 22:00 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-11 20:13 - 2017-06-19 22:00 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-11 20:13 - 2017-06-19 21:59 - 002938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-11 20:13 - 2017-06-19 21:59 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-11 20:13 - 2017-06-19 21:59 - 001357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-11 20:13 - 2017-06-19 21:58 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-11 20:13 - 2017-06-19 21:56 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-11 20:13 - 2017-06-19 21:54 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-11 20:13 - 2017-06-19 21:49 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-11 20:13 - 2017-06-19 21:49 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-11 20:13 - 2017-06-19 21:46 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-11 20:13 - 2017-06-19 21:45 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-11 20:13 - 2017-06-19 21:45 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-11 20:13 - 2017-06-19 21:43 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-11 20:13 - 2017-06-19 21:43 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-11 20:13 - 2017-06-19 21:43 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-11 20:13 - 2017-06-19 21:43 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-11 20:13 - 2017-06-19 21:43 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-11 20:13 - 2017-06-19 21:43 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-11 20:13 - 2017-06-19 21:43 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-11 20:13 - 2017-06-19 21:42 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-11 20:13 - 2017-06-19 21:42 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-11 20:13 - 2017-06-19 21:42 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-11 20:13 - 2017-06-19 21:42 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-11 20:13 - 2017-06-19 21:42 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-11 20:13 - 2017-06-19 21:42 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-11 20:13 - 2017-06-19 21:41 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-11 20:13 - 2017-06-19 21:41 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-11 20:13 - 2017-06-19 21:41 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-11 20:13 - 2017-06-19 21:41 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-11 20:13 - 2017-06-19 21:41 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-11 20:13 - 2017-06-19 21:40 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-11 20:13 - 2017-06-19 21:40 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-11 20:13 - 2017-06-19 21:40 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-11 20:13 - 2017-06-19 21:40 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-11 20:13 - 2017-06-19 21:39 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-11 20:13 - 2017-06-19 21:39 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-11 20:13 - 2017-06-19 21:39 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-11 20:13 - 2017-06-19 21:39 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-11 20:13 - 2017-06-19 21:39 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-11 20:13 - 2017-06-19 21:38 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-11 20:13 - 2017-06-19 21:38 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-11 20:13 - 2017-06-19 21:38 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-11 20:13 - 2017-06-19 21:37 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-11 20:13 - 2017-06-19 21:35 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-11 20:13 - 2017-06-19 21:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-11 20:13 - 2017-06-19 21:34 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-11 20:13 - 2017-06-19 21:34 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-11 20:13 - 2017-06-19 21:34 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-11 20:13 - 2017-06-19 21:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-11 20:13 - 2017-06-19 21:30 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-11 20:13 - 2017-06-19 21:30 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-11 20:13 - 2017-06-19 21:28 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-11 20:12 - 2017-07-07 00:27 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-11 20:12 - 2017-07-07 00:27 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-11 20:12 - 2017-07-07 00:22 - 000119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-11 20:12 - 2017-07-07 00:17 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-11 20:12 - 2017-07-07 00:14 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-11 20:12 - 2017-07-07 00:13 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-11 20:12 - 2017-07-07 00:12 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-11 20:12 - 2017-07-07 00:08 - 001100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-07-11 20:12 - 2017-07-07 00:08 - 000992672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-07-11 20:12 - 2017-07-07 00:08 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-07-11 20:12 - 2017-07-07 00:08 - 000506776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-07-11 20:12 - 2017-07-06 23:27 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-11 20:12 - 2017-07-06 23:27 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-11 20:12 - 2017-07-06 23:27 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-11 20:12 - 2017-07-06 23:24 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-11 20:12 - 2017-07-06 23:23 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-11 20:12 - 2017-07-06 23:23 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-11 20:12 - 2017-07-06 23:21 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-11 20:12 - 2017-07-06 23:19 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-11 20:12 - 2017-07-06 23:18 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-11 20:12 - 2017-07-06 23:17 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-11 20:12 - 2017-07-06 23:17 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-11 20:12 - 2017-07-06 23:14 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-11 20:12 - 2017-07-06 23:12 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-11 20:12 - 2017-07-06 23:11 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-11 20:12 - 2017-07-06 23:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-11 20:12 - 2017-07-06 23:07 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-11 20:12 - 2017-07-06 23:07 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-11 20:12 - 2017-07-06 23:05 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-11 20:12 - 2017-07-06 23:04 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-11 20:12 - 2017-07-06 23:04 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-11 20:12 - 2017-06-19 23:18 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-11 20:12 - 2017-06-19 23:17 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-11 20:12 - 2017-06-19 23:17 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-11 20:12 - 2017-06-19 23:17 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-11 20:12 - 2017-06-19 23:17 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-11 20:12 - 2017-06-19 23:16 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-11 20:12 - 2017-06-19 23:04 - 000472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-11 20:12 - 2017-06-19 23:03 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-11 20:12 - 2017-06-19 23:02 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-11 20:12 - 2017-06-19 23:00 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-11 20:12 - 2017-06-19 22:59 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-11 20:12 - 2017-06-19 22:58 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-11 20:12 - 2017-06-19 22:16 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-11 20:12 - 2017-06-19 22:16 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-11 20:12 - 2017-06-19 22:14 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-11 20:12 - 2017-06-19 22:13 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-11 20:12 - 2017-06-19 22:13 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-11 20:12 - 2017-06-19 22:13 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-11 20:12 - 2017-06-19 22:12 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-11 20:12 - 2017-06-19 22:12 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-11 20:12 - 2017-06-19 22:10 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-11 20:12 - 2017-06-19 22:10 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-11 20:12 - 2017-06-19 22:09 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-11 20:12 - 2017-06-19 22:09 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-11 20:12 - 2017-06-19 22:09 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-11 20:12 - 2017-06-19 22:09 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-11 20:12 - 2017-06-19 22:09 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-11 20:12 - 2017-06-19 22:08 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-11 20:12 - 2017-06-19 22:08 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-11 20:12 - 2017-06-19 22:07 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-11 20:12 - 2017-06-19 22:07 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-11 20:12 - 2017-06-19 22:07 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-11 20:12 - 2017-06-19 22:06 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-11 20:12 - 2017-06-19 22:06 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-11 20:12 - 2017-06-19 22:06 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-11 20:12 - 2017-06-19 22:06 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-11 20:12 - 2017-06-19 22:05 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-11 20:12 - 2017-06-19 22:05 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-11 20:12 - 2017-06-19 22:05 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-11 20:12 - 2017-06-19 22:04 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-11 20:12 - 2017-06-19 22:02 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-11 20:12 - 2017-06-19 22:01 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-11 20:12 - 2017-06-19 22:01 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-11 20:12 - 2017-06-19 21:57 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-11 20:12 - 2017-06-19 21:57 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-11 20:12 - 2017-06-19 21:56 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-11 20:12 - 2017-06-19 21:56 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-10 23:36 - 2017-07-10 23:36 - 000000000 ____D C:\Users\Teddy C\AppData\LocalLow\Dire Wolf Digital

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-01 18:56 - 2017-05-15 18:41 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A3035E0E-0F07-4C14-905D-F4C4F70787B2}
2017-08-01 18:44 - 2016-04-25 14:58 - 000000000 ____D C:\Users\Teddy C\AppData\Local\VirtualStore
2017-08-01 18:43 - 2016-06-14 19:03 - 000077454 _____ C:\Users\Teddy C\Desktop\Product Ideas.xlsx
2017-08-01 18:38 - 2017-05-15 18:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-01 17:24 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-01 17:24 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-01 17:21 - 2016-11-18 11:51 - 000000000 ____D C:\Users\Teddy C\AppData\LocalLow\Mozilla
2017-08-01 01:03 - 2017-05-15 18:35 - 000000000 ____D C:\Users\Teddy C
2017-08-01 01:03 - 2016-09-26 21:45 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-01 00:57 - 2016-04-25 17:54 - 000000000 ____D C:\Users\Teddy C\AppData\Local\Battle.net
2017-07-31 23:26 - 2017-05-10 22:46 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-07-31 23:26 - 2017-05-10 22:45 - 000000000 ____D C:\Users\Teddy C\AppData\Local\Overwolf
2017-07-31 22:29 - 2017-05-08 00:58 - 000000000 ____D C:\Users\Teddy C\AppData\Local\HearthSim
2017-07-30 22:05 - 2017-04-19 19:06 - 000002577 _____ C:\Users\Teddy C\Desktop\Hearthstone Deck Tracker.lnk
2017-07-30 22:05 - 2017-04-19 19:06 - 000000000 ____D C:\Users\Teddy C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2017-07-30 22:05 - 2017-04-19 19:06 - 000000000 ____D C:\Users\Teddy C\AppData\Local\HearthstoneDeckTracker
2017-07-30 22:05 - 2016-08-23 20:11 - 000000000 ____D C:\Users\Teddy C\AppData\Local\SquirrelTemp
2017-07-28 19:40 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-28 19:40 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-07-28 19:36 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-28 18:42 - 2016-07-10 18:19 - 000000000 ____D C:\Program Files (x86)\TREZOR Bridge
2017-07-28 18:40 - 2016-04-28 18:06 - 000000000 ____D C:\Users\Teddy C\AppData\Roaming\uTorrent
2017-07-28 18:31 - 2016-04-28 21:28 - 000000000 ____D C:\Program Files\Microsoft Office
2017-07-28 18:31 - 2016-02-13 06:04 - 000000000 ____D C:\WINDOWS\ShellNew
2017-07-28 18:30 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Common Files\System
2017-07-28 18:30 - 2015-07-10 04:04 - 000000076 _____ C:\WINDOWS\win.ini
2017-07-28 16:21 - 2017-05-15 18:44 - 001167692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-28 16:13 - 2016-06-29 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-07-28 16:10 - 2016-06-29 14:28 - 000000801 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2017-07-28 11:36 - 2016-06-29 11:09 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-28 00:39 - 2017-05-15 18:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-28 00:39 - 2017-03-18 04:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-07-28 00:39 - 2016-10-04 18:27 - 000000000 ____D C:\ProgramData\VMware
2017-07-27 23:55 - 2017-06-06 15:36 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-07-27 18:50 - 2017-05-15 18:41 - 000005254 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-6G3POI7-Teddy C DESKTOP-6G3POI7
2017-07-22 12:30 - 2016-04-25 15:23 - 000000000 ____D C:\ProgramData\AVAST Software
2017-07-22 12:22 - 2017-01-29 12:42 - 000000000 ____D C:\Program Files\Common Files\AV
2017-07-22 12:21 - 2017-03-18 04:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-22 12:11 - 2016-06-29 11:01 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-07-22 12:10 - 2016-06-29 11:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-07-22 11:30 - 2017-05-15 18:41 - 000003542 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-07-22 11:30 - 2017-05-15 18:41 - 000003404 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-22 11:30 - 2017-05-15 18:41 - 000003338 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-07-22 11:30 - 2017-05-15 18:41 - 000003304 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2017-07-22 11:30 - 2017-05-15 18:41 - 000003180 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-22 11:30 - 2017-05-15 18:41 - 000003102 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2017-07-22 11:30 - 2017-05-15 18:41 - 000002828 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-07-22 11:30 - 2017-05-15 18:41 - 000002740 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2017-07-22 11:28 - 2017-05-11 15:53 - 000000000 ___DC C:\WINDOWS\Panther
2017-07-22 11:28 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-22 11:28 - 2016-05-15 00:44 - 000000000 ____D C:\Users\Teddy C\AppData\Local\CrashDumps
2017-07-19 17:36 - 2017-06-06 15:36 - 000061304 _____ () C:\WINDOWS\SMSS-PFRO0aec.tmp
2017-07-19 17:36 - 2016-04-25 15:24 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150051097503103
2017-07-16 13:55 - 2016-05-02 23:03 - 000155760 _____ C:\Users\Teddy C\Documents\clickerHeroSave.txt
2017-07-14 18:48 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-07-12 23:47 - 2016-02-13 06:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-07-12 23:46 - 2017-05-15 18:34 - 000389928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-12 23:45 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-12 23:45 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-07-12 23:45 - 2017-03-18 14:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-12 23:45 - 2017-03-18 14:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-07-12 23:45 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-07-12 23:45 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-07-12 23:45 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-12 23:45 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-07-12 23:45 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-12 23:45 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-12 23:45 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-12 23:45 - 2016-11-17 12:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-12 23:45 - 2016-04-25 15:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-12 01:54 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-12 01:54 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-07-11 23:53 - 2016-06-21 20:25 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-11 20:17 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-07-11 20:15 - 2016-05-11 17:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-07-11 20:14 - 2016-05-11 17:17 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-03 17:07 - 2016-04-25 15:24 - 000360792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.149912685989006
2017-07-02 21:36 - 2016-05-28 01:09 - 000000000 ____D C:\Users\Teddy C\Documents\StarCraft II
2017-07-02 21:36 - 2016-04-25 17:55 - 000000000 ____D C:\Users\Teddy C\AppData\Local\Blizzard Entertainment
2017-07-02 21:32 - 2016-04-25 17:54 - 000000000 ____D C:\ProgramData\Blizzard Entertainment

==================== Files in the root of some directories =======

2016-07-01 00:38 - 2016-07-01 00:38 - 000007661 _____ () C:\Users\Teddy C\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-07-28 18:30 - 2012-10-01 20:34 - 000178824 _____ (Microsoft Corporation) C:\Users\Teddy C\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-26 00:23

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Teddy C (01-08-2017 19:04:13)
Running from E:\Downloads
Windows 10 Pro Version 1703 (X64) (2017-05-16 01:48:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3816232487-70889957-2412248972-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3816232487-70889957-2412248972-503 - Limited - Disabled)
Guest (S-1-5-21-3816232487-70889957-2412248972-501 - Limited - Disabled)
Teddy C (S-1-5-21-3816232487-70889957-2412248972-1001 - Administrator - Enabled) => C:\Users\Teddy C

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Andy OS (HKLM\...\Andy OS) (Version: 46.14 - Andy OS, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Betcoin Poker (HKLM-x32\...\DEAECD1E-0CEF-494d-A7DE-20EC7A6E3F61) (Version: 16.6 - IGSoft)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\Bitcoin Core (64-bit)) (Version: 0.12.1 - Bitcoin Core project)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
CCleaner 5.21.5700 (HKLM-x32\...\CCleaner 5.21.5700) (Version: 5.21.5700 - SandySeedings Team)
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
CPUID CPU-Z 1.80 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Discord (HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dungeon Keeper 2 (HKLM-x32\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version:  - Turtle Rock Studios)
GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.8.0.1205 - Citrix Systems, Inc.)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\HearthstoneDeckTracker) (Version: 1.3.6 - HearthSim)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.105.329.0 - Overwolf Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls: Legends (HKLM\...\Steam App 364470) (Version:  - Dire Wolf Digital)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
VMware Player (HKLM\...\{BC00AC33-2B00-443D-8FC2-3656D94AEA0A}) (Version: 12.5.0 - VMware, Inc.)
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.15.4.00000 - VMware, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3816232487-70889957-2412248972-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Teddy C\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3816232487-70889957-2412248972-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Teddy C\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2016-09-06] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2016-09-06] (VMware, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01887EEB-A074-4103-83B6-DD5B5FCCAA16} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {053EFF51-DE72-486B-A41F-0898B837E382} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {09857D34-06B4-4E46-9A9E-943467C79A9B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {11E13A19-A8D7-40BA-B146-9F80FFB69584} - System32\Tasks\{2EBE11FE-E86C-4CC4-A28F-7A14AAFA67B0} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Teddy C\AppData\Local\{89F7BFAB-AD5F-D313-C0C7-F6FBE4AF0A63}\uninst.exe" -c -FN="C:\Users\Teddy C\AppData\Local\{89AABF11-ACF8-D267-C7CE-F5B51B1C088B}\syncversion.exe"-P=/Uninstall /s /noun /DelSelfDir
Task: {1AE1A1E1-BBF9-4F00-BF99-A4671885DB6A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-16] (Microsoft Corporation)
Task: {2199F6E7-A819-4527-977B-0A3192C62B20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-25] (Google Inc.)
Task: {2CFDE32A-8DD3-4E3E-8E3F-9A716E75EFCB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-04-28] ()
Task: {4337FDBF-4501-4A69-875C-82F3E7A04C44} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-07-25] (Overwolf LTD)
Task: {48770C46-3D35-4C1C-9D51-3ED83A0A8C6B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-16] (Microsoft Corporation)
Task: {579AB5C2-2976-4AA0-B9E9-C06099D389F7} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {61DF6716-6F8C-4758-96B0-50B31D361B65} - System32\Tasks\SafeZone scheduled Autoupdate 1500751856 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {8FD6B62F-A496-414D-8888-6B4969937C61} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-6G3POI7-Teddy C DESKTOP-6G3POI7 => C:\Program Files\Microsoft Office\Office15\MsoSync.exe
Task: {972422F7-8A2A-4A34-98B7-31D1725BA74E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3816232487-70889957-2412248972-1001UA => C:\Users\Teddy C\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-10] (Google Inc.)
Task: {CFAA8546-2498-4996-940A-B615D3314EF4} - System32\Tasks\{BDCC6E73-9825-473C-97B8-BE45A5C239F2} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.30.80.105/en/abandoninstall?page=tsProgressBar
Task: {D59273FD-C175-4C9C-90DE-11072C7AB292} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-28] (Microsoft Corporation)
Task: {D8CC1E4A-81E5-4C7C-9C6E-F75EDAD576D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {DB2DA115-3E14-450D-A62D-D5E491BA7AED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-28] (Microsoft Corporation)
Task: {DBA2BC3A-23A6-453D-AB42-7FCBD98912A0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-27] (AVAST Software)
Task: {E5DF0422-163C-4D19-96C8-48CAFC7E41C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-25] (Google Inc.)
Task: {EC28B64C-4886-4CCD-967B-44B8550E4404} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {F8BCD903-FBCF-4282-8772-3B83A86CF0A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3816232487-70889957-2412248972-1001Core => C:\Users\Teddy C\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-10] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3816232487-70889957-2412248972-1001Core.job => C:\Users\Teddy C\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3816232487-70889957-2412248972-1001UA.job => C:\Users\Teddy C\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-28 19:36 - 2015-08-16 00:21 - 000162880 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-28 19:38 - 2017-07-28 19:38 - 008901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 13:59 - 2017-03-18 19:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-18 17:20 - 2017-07-18 17:20 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-18 17:20 - 2017-07-18 17:20 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-22 17:29 - 2017-05-22 17:30 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-24 22:51 - 2017-07-24 22:51 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-07-24 22:51 - 2017-07-24 22:51 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-06-28 12:53 - 2017-06-22 20:21 - 003807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 12:53 - 2017-06-22 20:21 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-07-27 23:54 - 2017-07-27 23:54 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-28 19:38 - 2017-07-28 19:38 - 008903232 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-07-27 23:54 - 2017-07-27 23:54 - 001065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-27 23:54 - 2017-07-27 23:54 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-27 23:54 - 2017-07-27 23:54 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-27 23:54 - 2017-07-27 23:54 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-27 23:53 - 2017-07-27 23:53 - 000292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-27 23:54 - 2017-07-27 23:54 - 000689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 04:04 - 2017-07-22 12:17 - 000000851 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 keystone.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3816232487-70889957-2412248972-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
HKLM\...\StartupApproved\StartupFolder: => "HandyAndy.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "Malwarebytes TrayApp"
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\StartupApproved\StartupFolder: => "TREZOR Bridge.lnk"
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\StartupApproved\Run: => "GoToMeeting"
HKU\S-1-5-21-3816232487-70889957-2412248972-1001\...\StartupApproved\Run: => "Overwolf"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3C2452DE-ED6E-46E5-A977-55082E01DFBB}] => (Allow) LPort=1688
FirewallRules: [UDP Query User{A40379AB-9DA1-4F24-AFC1-770EFD02CC97}E:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{0878B2A2-6A2E-49E2-A105-2E3BD8136027}E:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{BF68A99C-2A54-4146-8772-897BE716E3EE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{4E0DC697-74FF-4470-916A-6BF3F98E2927}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [UDP Query User{AA351691-04F5-4841-B896-81AF746C6CFC}E:\program files (x86)\battle.net\overwatch\overwatch.exe] => (Allow) E:\program files (x86)\battle.net\overwatch\overwatch.exe
FirewallRules: [TCP Query User{38C19F12-80F4-4543-B378-940DAE3036B1}E:\program files (x86)\battle.net\overwatch\overwatch.exe] => (Allow) E:\program files (x86)\battle.net\overwatch\overwatch.exe
FirewallRules: [{5474D20F-34BC-4D6D-9C66-DE5DA95BAAF1}] => (Allow) E:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B8CAB09A-D388-4D28-AA29-BC2B33C571CF}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6A0E3F9E-97FD-4162-AF1A-A1C7D23A176E}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{18955C85-1F05-4635-834E-31C0AAD4AEC1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{8734B37D-EB1D-4B0E-B3EE-57C8B7553FE2}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{6D279C3E-7882-419D-858C-8478930B255D}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{301B8F1B-5BC6-455D-BD05-4CE010E95E91}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{D4B120DB-78CE-4BA9-B317-9609B6512E72}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B618BBF2-308B-48A9-8D88-594D4D811C7C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F840CEBB-1AFD-4ECB-B163-0A8C8B284107}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{89872AFB-CD8D-406C-B732-EEC8C5BE2701}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F41577BF-164F-4DD5-A120-9DF0536FADBE}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{E7122E1A-D91D-4C4C-9433-C94496C7E1F3}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{032A9AA4-7AE5-4A92-BAE9-F125EFC06D29}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{80A71B31-0961-4830-B9B1-6F5A6363EE27}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{0E4A2327-980E-42D8-8372-4DB70D694CFA}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{63E83C93-66A6-4470-8144-BED4CF02068A}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{6F8F51DC-1FFD-4449-AC74-CD20D8BC37E0}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{B420CDB0-814A-4E5C-8253-1B8B2C2BE377}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{ECF6C984-0AE6-4FDE-BFDA-0678AD4CAE02}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{4438AD63-8AA6-4DAD-9870-FCD3155AAD0E}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{DCC1D4D4-2D72-4E48-8EC0-5C84E566A672}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{CC3E7053-C5F3-4D34-9E86-BFA7C6C0FD4C}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{CC7C356E-19B0-40F0-975C-0B3EE407E563}] => (Allow) C:\Users\Teddy C\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{4B416DAB-6C5B-4F99-B066-39AA38B75E92}] => (Allow) C:\Users\Teddy C\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{397276C4-51AA-48B5-92FA-512855061FAE}] => (Allow) C:\Users\Teddy C\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{34253D68-8ADD-434D-B103-3B7C3FC86FB1}] => (Allow) C:\Users\Teddy C\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{91309F18-04F6-4976-9E27-BB70F0FC917A}] => (Allow) C:\Users\Teddy C\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6B052423-488B-4433-9A4E-D89A4F6FC1DC}] => (Allow) C:\Users\Teddy C\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{29671B61-6A82-47EA-8584-C52F46FB9A89}] => (Allow) C:\Users\Teddy C\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C5CD52D2-038F-48ED-A61D-9DB3B0B3F5B6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{0BA4682F-FD20-4581-83D6-A5E07BD8764C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{3F69575C-CC92-461D-9617-D7FABC045D5D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{88A35AD7-7139-448C-9559-300ADDF8B646}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{27660DBC-F79E-4E3C-8CCA-0F1E3FCCB36B}] => (Block) E:\program files (x86)\battle.net\hearthstone\hearthstone.exe
FirewallRules: [{C3382330-CF22-48DC-A6B1-9EA40934805D}] => (Block) E:\program files (x86)\battle.net\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{FAE42FE7-4B1F-4007-B173-2E844B12CB5B}E:\program files (x86)\battle.net\hearthstone\hearthstone.exe] => (Allow) E:\program files (x86)\battle.net\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{D937B058-FCA6-43B9-B3CF-0FE16615388D}E:\program files (x86)\battle.net\hearthstone\hearthstone.exe] => (Allow) E:\program files (x86)\battle.net\hearthstone\hearthstone.exe
FirewallRules: [{382F66C5-033B-4D8C-A770-E61368672983}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ARK SOTF\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{BD92EF8D-F060-4D4A-A3EB-FE06A8ABA0B0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ARK SOTF\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{3FFA850C-EE77-4E27-9C7D-ABBC86BE212C}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{64EBCD45-9159-4421-9FE9-6DE81002F8E7}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C1D54C5C-7075-4CF8-A5A1-31F40140E77F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{93ED48D1-4A9C-48CF-A3C9-716BFBEF31E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8D492BD6-4CD5-474B-AACF-B9FE322C4E20}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0CF63745-E630-4B2E-A28E-35B4E0997E56}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B13E81C7-2E3F-4194-A887-505D3BCE1972}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{948F3ADD-107D-4277-BB14-A0EAF8CBE53F}E:\program files\bitcoin\bitcoin-qt.exe] => (Allow) E:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{1F42D5BE-34D1-43A6-928F-3787ABD8E8E0}E:\program files\bitcoin\bitcoin-qt.exe] => (Allow) E:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{D42515D2-B70E-482D-8F42-DB43D800A154}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{97C0896E-E6E5-4F05-AC15-808A533B76A1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe
FirewallRules: [{E58C78BD-6BB7-4FCD-A6ED-E56566BA7689}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe
FirewallRules: [{25967AC4-9E3B-4B52-A303-54048E4F3D4B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{A5B2D73E-32A8-45C2-B6FB-486A86802CC9}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [TCP Query User{6E978165-1BBA-4B37-BBF6-6CCF0122C0B0}E:\program files\dogecoin\dogecoin-qt.exe] => (Allow) E:\program files\dogecoin\dogecoin-qt.exe
FirewallRules: [UDP Query User{19739B66-B21B-4360-B1AF-7E65DA832FCB}E:\program files\dogecoin\dogecoin-qt.exe] => (Allow) E:\program files\dogecoin\dogecoin-qt.exe
FirewallRules: [{0F111852-427B-4863-8809-263290717301}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{AD85F356-0868-44AF-B00C-1AC3FF58E703}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{62069508-BD7B-4517-A88B-0A398DBD07F5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6DD14417-FE9B-40EC-8635-23F45F27344E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1A3B5FB5-CE5A-4131-B863-1BED1DB39A1D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{77117F92-4338-4672-8D7A-9F3A0DEF724C}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe
FirewallRules: [{87317B07-35A7-4EA1-9C0B-FAAC5629A317}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2017 06:40:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent

Error: (08/01/2017 05:24:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2017 05:23:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/01/2017 05:23:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent

Error: (08/01/2017 05:22:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/01/2017 05:22:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=8

Error: (08/01/2017 05:22:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.15063.483, time stamp: 0xaa6457d1
Exception code: 0xe0434352
Fault offset: 0x0000000000069e08
Faulting process id: 0x15e0
Faulting application start time: 0x01d30b254b75305d
Faulting application path: C:\Windows\AutoKMS\AutoKMS.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 06598b04-e432-4a10-8db8-522d82c069c5
Faulting package full name:
Faulting package-relative application ID:

Error: (08/01/2017 05:22:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(Int32, System.String, System.String, Boolean, Boolean, Boolean, Boolean, ., Boolean, System.String, System.String, Boolean, Boolean)
   at ..(.)
   at ..()

Error: (07/31/2017 05:20:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/31/2017 05:20:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.15063.483, time stamp: 0xaa6457d1
Exception code: 0xe0434352
Fault offset: 0x0000000000069e08
Faulting process id: 0x1a78
Faulting application start time: 0x01d30a5be71dfddd
Faulting application path: C:\Windows\AutoKMS\AutoKMS.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 2ff5c8d3-5e02-46d5-a1d1-71c52f2229d7
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (07/29/2017 02:06:09 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6G3POI7)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.

Error: (07/29/2017 02:06:09 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6G3POI7)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.

Error: (07/29/2017 02:06:09 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6G3POI7)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.

Error: (07/28/2017 08:54:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6G3POI7)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (07/28/2017 08:54:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6G3POI7)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (07/28/2017 08:54:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6G3POI7)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (07/28/2017 08:54:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6G3POI7)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (07/28/2017 08:54:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6G3POI7)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (07/28/2017 06:33:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/28/2017 06:31:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================
  Date: 2017-07-29 08:09:38.261
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-29 08:09:38.260
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-29 00:55:16.189
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-29 00:55:16.186
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-28 19:58:52.468
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-28 19:58:52.467
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-28 19:34:04.438
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-28 19:34:04.437
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-28 18:29:13.490
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-28 18:29:13.489
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 27%
Total physical RAM: 16331.96 MB
Available physical RAM: 11866.35 MB
Total Virtual: 18763.96 MB
Available Virtual: 13557.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.86 GB) (Free:64.07 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:698.54 GB) (Free:133.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 7D624C97)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 2695BBED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:01:10 PM

Posted 01 August 2017 - 11:50 PM

Hi donjuancho,

 

I am reviewing your logs and will reply shortly. Please note that as I am still in training, my replies must be reviewed before they are posted, which might delay them a bit. Please avoid using HijackThis or any other tools on your own while I am helping you (HJT is also not very useful on Windows 10).


Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#3 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:01:10 PM

Posted 03 August 2017 - 11:48 PM

Hi donjuancho,

First, I feel compelled to say that you should not be pirating the software that you are. If it is not the source of any infections or slowness today, it may end up being later on, and you will end up back here. :( And, of course, things like Office and Malwarebytes are not free to maintain.

The tools we use to help clean up your computer may end up incidentally removing some cracks. If you do not want to accept that risk, please let me know and we will close this topic. Otherwise, continue on.

Please follow the below instructions so we can make sure you have no malware. Let me know if anything changes in regard to performance.

:step1: Please move FRST64.exe from your Downloads folder to your Desktop.

:step2: iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop.
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Click on the Fix button.
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad.
  • Copy and paste its content in your next reply.

Attached Files


Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#4 donjuancho

donjuancho
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 04 August 2017 - 08:13 PM

Thank you for responding.  Yes, I need to fix some of my software.  Did you see a virus or malware in the first log?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Teddy C (04-08-2017 18:12:09) Run:1
Running from C:\Users\Teddy C\Desktop
Loaded Profiles: Teddy C (Available Profiles: Teddy C)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Task: {11E13A19-A8D7-40BA-B146-9F80FFB69584} - System32\Tasks\{2EBE11FE-E86C-4CC4-A28F-7A14AAFA67B0} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Teddy C\AppData\Local\{89F7BFAB-AD5F-D313-C0C7-F6FBE4AF0A63}\uninst.exe" -c -FN="C:\Users\Teddy C\AppData\Local\{89AABF11-ACF8-D267-C7CE-F5B51B1C088B}\syncversion.exe"-P=/Uninstall /s /noun /DelSelfDir
*****************

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11E13A19-A8D7-40BA-B146-9F80FFB69584} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11E13A19-A8D7-40BA-B146-9F80FFB69584} => key removed successfully
C:\WINDOWS\System32\Tasks\{2EBE11FE-E86C-4CC4-A28F-7A14AAFA67B0} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2EBE11FE-E86C-4CC4-A28F-7A14AAFA67B0} => key removed successfully

==== End of Fixlog 18:12:10 ====



#5 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:01:10 PM

Posted 05 August 2017 - 04:04 PM

Hi donjuancho,
 

Did you see a virus or malware in the first log?


No, only a couple of odd items that have now been removed.

Please follow the below instructions to run a scan with ESET's online scanner, and to get a new FRST log. Additionally, please let me know if your slowness was occurring before you installed Avast and Malwarebytes.


:step1: cvMlKv6.pngESET Online Scanner
  • Download and execute ESET Online Scanner (on this window, click on Scan Now to trigger the download).
  • Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :
    • Enable detection of potentially unwanted applications;
    • Scan archives;
    • Scan for potentially unsafe applications;
    • Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;
  • After you're done checking these options, click on "Start" and ESET Online Scanner will download it's virus signature database before starting the scan;
  • Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
  • After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
  • Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
  • Once you're done, click on the Back button, then click on the Finish button;
:step2: iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to execute a new scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on FRST64.exe on your Desktop and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#6 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:01:10 PM

Posted 08 August 2017 - 11:01 AM

Hi donjuancho,

Please let me know if you are still here, or if you've had any difficulty following my instructions. If you do not reply, this thread will be closed in two days (five days from my original reply).

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,985 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:10 PM

Posted 11 August 2017 - 02:00 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users