Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"zed.exe" virus/malware (malwarebytes detects it as a "RiskWare.BitcoinMiner")


  • This topic is locked This topic is locked
71 replies to this topic

#1 Ahams

Ahams

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 AM

Posted 06 September 2017 - 03:54 PM

I am having a trouble removing a malware named zed.exe. I have tried removing it with malwarebytes, only for it to come back again. I dont know where it came from, but it started some days ago i think. I tried going through old guides but to no help at all. Any help would be greatly appriciated.

 

OS: Windows 10

Browser: Google Chrome

Attached Files



BC AdBot (Login to Remove)

 


#2 Ahams

Ahams
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 AM

Posted 07 September 2017 - 08:09 AM

Yesterday i tried removing it by running a full scan with malwarebytes, and then running a scan with eset online scanner. Both programs found something they could remove, but today the zed.exe file came back again....i am really lost on what to do. Please help me :(



#3 Ahams

Ahams
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 AM

Posted 07 September 2017 - 08:57 AM

Here is my FRST log:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Ahams (administrator) on DESKTOP-8HO2H5Q (07-09-2017 15:53:14)
Running from C:\Users\ushe2\Desktop
Loaded Profiles: Ahams (Available Profiles: Ahams & OVRLibraryService)
Platform: Windows 10 Home Version 1703 (X64) Language: Dansk (Danmark)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Oculus VR) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
(Microsoft Corporation) C:\Windows\syswow64\wbem\WmiPrvSE.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oculus VR) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
(MSI) C:\Windows\syswow64\muachost.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Discord Inc.) C:\Users\ushe2\AppData\Local\Discord\app-0.0.298\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Discord Inc.) C:\Users\ushe2\AppData\Local\Discord\app-0.0.298\Discord.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp.exe
(Discord Inc.) C:\Users\ushe2\AppData\Local\Discord\app-0.0.298\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET spol. s r.o.) C:\Users\ushe2\Desktop\esetonlinescanner_enu.exe
() C:\Users\ushe2\Desktop\delfix_1.013.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-08-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [80896 2017-08-07] ()
HKLM-x32\...\Run: [GammingApp] => C:\Program Files (x86)\MSI\Gaming APP\SGamingApp.exe [1149904 2016-12-07] (Micro-Star Int'l Co., Ltd.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [18848976 2017-08-04] (Corsair Components, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4027789535-904595525-3014968156-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-08-28] (Valve Corporation)
HKU\S-1-5-21-4027789535-904595525-3014968156-1001\...\Run: [Discord] => C:\Users\ushe2\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.0                   telemetry.malwarebytes.com
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{85bc0a27-d969-4d2d-9bf1-b5ea84dc8c00}: [DhcpNameServer] 192.168.100.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4027789535-904595525-3014968156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-03] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-03] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: ogc12pf1.default
FF ProfilePath: C:\Users\ushe2\AppData\Roaming\Mozilla\Firefox\Profiles\ogc12pf1.default [2017-09-07]
FF Extension: (Enhancer for YouTube™) - C:\Users\ushe2\AppData\Roaming\Mozilla\Firefox\Profiles\ogc12pf1.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2017-07-12]
FF Extension: (uBlock Origin) - C:\Users\ushe2\AppData\Roaming\Mozilla\Firefox\Profiles\ogc12pf1.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-26] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://myanimelist.net/animelist/ushe123
CHR StartupUrls: Default -> "hxxps://myanimelist.net/animelist/ushe123"
CHR Profile: C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default [2017-09-07]
CHR Extension: (BetterTTV) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-06-26]
CHR Extension: (Google Drev) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-26]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-09-03]
CHR Extension: (YouTube) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-26]
CHR Extension: (uBlock Origin) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-09-05]
CHR Extension: (Adblock til Youtube™) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-26]
CHR Extension: (Postman) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2017-08-31]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-08-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-07-31]
CHR Extension: (mydlink services plugin) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldibdoepbjbkkcbgndfljnphngpglhbb [2017-06-26]
CHR Extension: (Morpheon Dark) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2017-06-26]
CHR Extension: (Hoxx VPN Proxy) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2017-08-27]
CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (4chan X) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam [2017-08-25]
CHR Extension: (Gmail) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-26]
CHR Extension: (Chrome Media Router) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-09-05] ()
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-08-24] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424384 2017-08-28] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-09-06] (EasyAntiCheat Ltd)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [47056 2017-02-17] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-10-13] (Micro-Star INT'L CO., LTD.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-06-13] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [75192 2017-04-05] (Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-19] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2168208 2017-07-05] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3148184 2017-07-05] (Electronic Arts)
S3 OVRLibraryService; C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe [135464 2017-08-08] (Oculus VR, LLC)
R2 OVRService; C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [479184 2017-08-08] (Oculus VR)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-03] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-17] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 avchv; C:\WINDOWS\System32\drivers\avchv.sys [282000 2015-09-17] (BitDefender)
R3 CorsairGamingAudioService; C:\WINDOWS\system32\DRIVERS\CorsairGamingAudioamd64.sys [95216 2017-08-04] (Corsair Components, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45528 2017-06-07] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21968 2017-06-07] (Corsair)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-01-03] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-01-03] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-09-02] ()
R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
S3 Kinonih; C:\WINDOWS\System32\drivers\kinonih.sys [32256 2016-06-22] (Kinoni)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-02] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-07] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-07] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-07] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-07] (Malwarebytes)
S3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-03-08] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_24ddebfb518b5a55\nvlddmkm.sys [15668664 2017-07-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-19] (NVIDIA Corporation)
R3 OCULUSVRHEADSET; C:\WINDOWS\system32\DRIVERS\OCULUS119B.sys [1887232 2017-04-08] (OCULUS)
R3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32024 2017-04-08] (Benjamin Höglinger-Stelzer)
R3 OCUSBVID; C:\WINDOWS\System32\drivers\ocusbvid111.sys [69176 2016-08-26] (Oculus VR, LLC)
S3 qcusbser; C:\WINDOWS\System32\drivers\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-11-13] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [126624 2016-10-06] (Wacom Technology)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-09-05] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-07 15:53 - 2017-09-07 15:53 - 000020687 _____ C:\Users\ushe2\Desktop\FRST.txt
2017-09-07 15:53 - 2017-09-07 15:53 - 000000000 ____D C:\FRST
2017-09-07 15:52 - 2017-09-07 15:52 - 002395648 _____ (Farbar) C:\Users\ushe2\Desktop\FRST64.exe
2017-09-07 15:44 - 2017-09-07 15:44 - 322389488 _____ C:\Users\ushe2\Desktop\EmsisoftEmergencyKit.exe
2017-09-07 15:37 - 2017-09-07 15:37 - 000797760 _____ C:\Users\ushe2\Desktop\delfix_1.013.exe
2017-09-07 15:21 - 2017-09-07 15:21 - 011584088 _____ (SurfRight B.V.) C:\Users\ushe2\Desktop\HitmanPro_x64.exe
2017-09-07 15:21 - 2017-09-07 15:21 - 000000000 ____D C:\Program Files\HitmanPro
2017-09-06 22:58 - 2017-09-06 22:58 - 000000000 ____D C:\Users\ushe2\AppData\Local\ESET
2017-09-06 22:50 - 2017-09-07 15:40 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-06 22:49 - 2017-09-07 15:40 - 000000000 ____D C:\Users\ushe2\Desktop\mbar
2017-09-06 22:40 - 2017-09-06 22:40 - 006754944 _____ (ESET spol. s r.o.) C:\Users\ushe2\Desktop\esetonlinescanner_enu.exe
2017-09-06 21:00 - 2017-09-06 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-09-06 21:00 - 2017-09-06 21:00 - 000000000 ____D C:\Program Files\RogueKiller
2017-09-06 19:44 - 2017-09-06 19:44 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0E8E5CD2.sys
2017-09-06 19:27 - 2017-09-06 19:27 - 000013472 _____ C:\Users\ushe2\Desktop\cc_20170906_192755.reg
2017-09-06 13:37 - 2017-09-06 13:37 - 000788520 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-09-06 13:37 - 2017-09-06 13:37 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\EasyAntiCheat
2017-09-06 13:32 - 2017-09-06 13:32 - 000000000 ____D C:\Users\Public\Documents\Arc
2017-09-06 13:32 - 2017-09-06 13:12 - 000383016 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-09-05 22:47 - 2017-09-05 22:47 - 000000000 ____D C:\Users\ushe2\Desktop\RSA_EcryptionDecryption
2017-09-05 21:41 - 2017-09-05 21:44 - 000000000 ____D C:\Users\ushe2\AppData\Local\MomodoraRUtM
2017-09-05 16:09 - 2017-09-05 16:09 - 000000233 _____ C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tom Clancy's Rainbow Six Siege.url
2017-09-05 15:17 - 2017-09-07 15:26 - 000000000 ____D C:\AdwCleaner
2017-09-05 15:15 - 2017-09-07 15:53 - 000057488 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-09-05 15:15 - 2017-09-06 22:46 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-09-05 15:15 - 2017-09-05 16:03 - 000289837 _____ C:\WINDOWS\ZAM.krnl.trace
2017-09-05 15:15 - 2017-09-05 15:15 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-09-05 15:12 - 2017-09-07 15:24 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-09-05 15:04 - 2017-09-05 15:04 - 008182736 _____ (Malwarebytes) C:\Users\ushe2\Desktop\AdwCleaner.exe
2017-09-05 15:04 - 2017-09-05 15:04 - 001790024 _____ (Malwarebytes) C:\Users\ushe2\Desktop\JRT.exe
2017-09-04 22:19 - 2017-09-06 22:23 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-04 22:18 - 2017-09-04 22:38 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-04 22:14 - 2017-09-04 22:14 - 000000866 _____ C:\WINDOWS\system32\.crusader
2017-09-04 22:11 - 2017-09-04 22:15 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-04 22:05 - 2017-09-04 22:05 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-09-04 22:05 - 2017-09-04 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-04 22:05 - 2017-09-04 22:05 - 000000000 ____D C:\Program Files\CCleaner
2017-09-04 21:52 - 2017-09-04 21:52 - 000444871 _____ C:\Users\ushe2\Desktop\Projektgrundlaget_opgave.pdf
2017-09-04 20:56 - 2017-09-04 20:56 - 000000000 ____D C:\Users\ushe2\AppData\Local\AirCar
2017-09-04 19:44 - 2017-09-04 19:44 - 000000000 ____D C:\Users\ushe2\.oracle_jre_usage
2017-09-04 19:44 - 2017-09-04 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B-bishiop
2017-09-04 19:43 - 2017-09-04 19:44 - 000000000 ____D C:\Program Files (x86)\Elsa
2017-09-04 19:43 - 2017-09-04 19:43 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\22CB400E.sys
2017-09-04 19:43 - 2017-09-04 19:43 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\135B3F8C.sys
2017-09-04 13:26 - 2017-09-04 13:26 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7A7A1F5F.sys
2017-09-03 18:58 - 2017-09-03 18:58 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1FEB4F23.sys
2017-09-03 17:26 - 2017-09-03 17:26 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5EE30932.sys
2017-09-03 16:55 - 2017-09-03 16:55 - 000000000 ____D C:\Users\ushe2\AppData\Local\Project_RH2_Standard_Bulid
2017-09-02 19:10 - 2017-09-02 19:10 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\npm-cache
2017-09-02 19:07 - 2017-09-02 19:07 - 000002754 _____ C:\Users\ushe2\coffeelint.json
2017-09-02 19:07 - 2017-09-02 19:07 - 000001803 _____ C:\Users\ushe2\tslint.json
2017-09-02 19:07 - 2017-09-02 19:07 - 000001506 _____ C:\Users\ushe2\.eslintrc
2017-09-02 19:07 - 2017-09-02 19:07 - 000001002 _____ C:\Users\ushe2\.csslintrc
2017-09-02 19:06 - 2017-09-02 19:06 - 000000000 ____D C:\Users\ushe2\Desktop\BudgetManager
2017-09-02 13:00 - 2017-09-07 15:27 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-02 13:00 - 2017-09-07 15:27 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-02 13:00 - 2017-09-07 15:27 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-02 13:00 - 2017-09-07 15:27 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-02 13:00 - 2017-09-06 22:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-02 13:00 - 2017-09-02 13:03 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-02 13:00 - 2017-09-02 13:03 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-02 13:00 - 2017-09-02 13:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-02 13:00 - 2017-09-02 13:00 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-01 10:03 - 2017-09-01 10:03 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-09-01 10:03 - 2017-09-01 10:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2017-09-01 10:03 - 2017-09-01 10:03 - 000000000 ____D C:\Program Files (x86)\Corsair
2017-09-01 00:56 - 2017-09-06 19:40 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-01 00:55 - 2017-09-01 00:55 - 014151168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaips.exe
2017-09-01 00:55 - 2017-09-01 00:55 - 009626476 _____ C:\WINDOWS\update.cab
2017-09-01 00:55 - 2017-09-01 00:55 - 000003700 _____ C:\WINDOWS\System32\Tasks\Microsoft Advanced Identity Protection Service
2017-09-01 00:55 - 2017-09-01 00:55 - 000003144 _____ C:\WINDOWS\splash.cab
2017-08-30 22:24 - 2017-08-30 22:24 - 000000000 ___HD C:\Users\ushe2\Desktop\.vs
2017-08-30 20:54 - 2017-08-30 20:54 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Bigscreen, Inc_
2017-08-30 17:36 - 2017-08-30 17:36 - 000000000 ____D C:\Users\ushe2\Documents\My Web Sites
2017-08-30 17:36 - 2017-08-30 17:36 - 000000000 ____D C:\Users\ushe2\Documents\IISExpress
2017-08-27 20:32 - 2017-08-27 20:32 - 000000000 ____D C:\Users\ushe2\Desktop\Math_GCD(number)
2017-08-26 11:06 - 2017-08-26 11:06 - 000000000 ____D C:\Users\ushe2\Documents\FeedbackHub
2017-08-24 14:19 - 2017-08-24 14:19 - 000000000 ____D C:\Users\ushe2\Desktop\ConsoleApp1
2017-08-24 12:16 - 2017-08-24 12:16 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\NuGet
2017-08-24 12:16 - 2017-08-24 12:16 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Temp
2017-08-24 12:11 - 2017-08-24 12:11 - 000000000 ____D C:\Users\ushe2\source
2017-08-24 12:05 - 2017-08-24 12:05 - 000000000 ____D C:\WINDOWS\symbols
2017-08-24 12:05 - 2017-08-24 12:05 - 000000000 ____D C:\Program Files\Windows Identity Foundation
2017-08-24 12:05 - 2017-08-24 12:05 - 000000000 ____D C:\Program Files\Microsoft Identity Extensions
2017-08-24 12:05 - 2017-08-24 12:05 - 000000000 ____D C:\Program Files (x86)\Workflow Manager Tools
2017-08-24 12:05 - 2017-08-24 12:05 - 000000000 ____D C:\Program Files (x86)\Open XML SDK
2017-08-24 12:04 - 2017-08-24 12:04 - 000000000 ____D C:\ProgramData\Git
2017-08-24 12:03 - 2017-08-24 12:03 - 000000000 ____D C:\Program Files (x86)\ShellDir
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\ProgramData\dftmp
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files\VS2012Schemas
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files\VS2010Schemas
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files\Microsoft SDKs
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files (x86)\NuGet
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.1 Local Feed - Visual Studio 2017
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.0 Local Feed - Visual Studio 2017
2017-08-24 12:01 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files\IIS Express
2017-08-24 12:01 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files (x86)\IIS Express
2017-08-24 12:01 - 2017-08-24 12:01 - 000000000 ____D C:\Program Files\IIS
2017-08-24 12:01 - 2017-08-24 12:01 - 000000000 ____D C:\Program Files\dotnet
2017-08-24 12:01 - 2017-08-24 12:01 - 000000000 ____D C:\Program Files (x86)\IIS
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\3082
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\2052
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1055
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1049
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1046
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1045
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1042
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1041
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1040
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1036
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1031
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1029
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1028
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\3082
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\2052
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1055
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1049
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1046
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1045
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1042
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1041
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1040
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1036
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1033
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1031
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1029
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1028
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools
2017-08-24 11:59 - 2017-08-24 11:59 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits
2017-08-24 11:57 - 2017-08-24 11:57 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2017-08-24 11:57 - 2017-08-24 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-08-24 11:57 - 2017-08-24 11:57 - 000000000 ____D C:\Program Files\Application Verifier
2017-08-24 11:57 - 2017-08-24 11:57 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2017-08-24 11:55 - 2017-08-24 12:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2017-08-24 11:55 - 2017-08-24 12:00 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-08-24 11:55 - 2017-08-24 12:00 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-08-24 11:52 - 2017-08-24 12:03 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-08-24 11:52 - 2017-08-24 11:57 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2017-08-24 11:52 - 2017-08-24 11:52 - 000001803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2017-08-24 11:51 - 2017-08-24 11:51 - 000001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2017-08-24 11:50 - 2017-08-24 11:50 - 000001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-08-22 22:53 - 2017-08-22 22:53 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\League of Geeks
2017-08-22 21:56 - 2017-08-22 21:56 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Monomi Park
2017-08-22 21:56 - 2017-08-22 21:56 - 000000000 ____D C:\Users\Public\Documents\Steam
2017-08-20 01:07 - 2017-08-20 01:07 - 000000000 ____D C:\Users\ushe2\AppData\Local\FreedomLocomotion
2017-08-19 21:38 - 2017-08-19 21:38 - 000000000 ____D C:\Users\ushe2\AppData\Local\Insanity_Prototype
2017-08-19 01:43 - 2017-08-19 01:43 - 000000279 _____ C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papirkurv.lnk
2017-08-19 01:19 - 2017-08-19 01:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2017-08-19 01:19 - 2017-08-19 01:19 - 000000000 ____D C:\Program Files (x86)\Elaborate Bytes
2017-08-19 00:06 - 2017-08-19 00:06 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\ILLUSION_VRkanojo
2017-08-18 21:58 - 2017-08-18 21:58 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\しめなわん (Shimenawan)
2017-08-18 21:22 - 2017-08-18 21:22 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\AdultVR Games
2017-08-18 19:29 - 2017-08-18 19:29 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\MeshedVR
2017-08-17 20:47 - 2017-08-17 20:47 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Aldin
2017-08-15 13:47 - 2017-08-15 13:47 - 000000000 ____D C:\Users\ushe2\Documents\GameMakerStudio2
2017-08-15 13:47 - 2017-08-15 13:47 - 000000000 ____D C:\Users\ushe2\AppData\Local\GameMakerStudio2
2017-08-15 13:46 - 2017-08-15 13:47 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\GameMakerStudio2
2017-08-15 13:46 - 2017-08-15 13:47 - 000000000 ____D C:\ProgramData\GameMakerStudio2
2017-08-15 13:46 - 2017-08-15 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameMaker Studio 2
2017-08-14 22:52 - 2017-08-14 22:52 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-08-14 22:52 - 2017-08-14 22:52 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-08-14 22:52 - 2017-08-14 22:52 - 000000000 ____D C:\Program Files\Realtek
2017-08-14 01:31 - 2017-09-01 00:32 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\by redamz
2017-08-14 01:19 - 2017-08-14 01:19 - 000000000 ____D C:\Users\ushe2\AppData\Local\badoink
2017-08-14 01:19 - 2017-08-14 01:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BaDoinkVRPlayer
2017-08-14 01:19 - 2017-08-14 01:19 - 000000000 ____D C:\Program Files (x86)\BaDoink
2017-08-10 19:30 - 2017-08-10 19:30 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\Daum
2017-08-10 05:45 - 2017-08-10 05:45 - 072520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-08-10 05:45 - 2017-08-10 05:45 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 005897184 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-08-10 05:45 - 2017-08-10 05:45 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-08-10 05:45 - 2017-08-10 05:45 - 003517504 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 003509200 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 002211304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 001780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 001591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 001508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 001347144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000708304 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000445392 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000327456 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000253856 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000192984 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000134192 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000118592 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000105304 _____ C:\WINDOWS\system32\audioLibVc.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-08-10 02:01 - 2017-08-10 02:01 - 013064373 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-08-09 21:10 - 2017-08-09 21:10 - 000000000 ____D C:\Users\ushe2\AppData\Local\rad
2017-08-09 18:41 - 2017-08-09 18:41 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\DefaultCompany
2017-08-09 17:39 - 2017-08-09 17:39 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Unity
2017-08-09 14:45 - 2017-08-01 04:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 14:45 - 2017-08-01 04:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 14:45 - 2017-08-01 04:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 14:45 - 2017-08-01 04:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 14:45 - 2017-08-01 04:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 14:45 - 2017-08-01 04:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 14:45 - 2017-08-01 04:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 14:45 - 2017-08-01 04:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 14:45 - 2017-08-01 04:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 14:45 - 2017-08-01 04:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 14:45 - 2017-08-01 04:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 14:45 - 2017-08-01 04:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 14:45 - 2017-08-01 04:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 14:45 - 2017-08-01 04:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 14:45 - 2017-08-01 04:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 14:45 - 2017-08-01 04:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 14:45 - 2017-08-01 04:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 14:45 - 2017-08-01 04:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 14:45 - 2017-08-01 04:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 14:45 - 2017-08-01 04:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 14:45 - 2017-08-01 04:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 14:45 - 2017-08-01 04:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 14:45 - 2017-08-01 04:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 14:45 - 2017-08-01 04:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 14:45 - 2017-08-01 04:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 14:45 - 2017-08-01 04:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 14:45 - 2017-08-01 04:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 14:45 - 2017-08-01 04:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 14:45 - 2017-08-01 04:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 14:45 - 2017-08-01 04:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 14:45 - 2017-08-01 04:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 14:45 - 2017-08-01 04:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 14:45 - 2017-08-01 03:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 14:45 - 2017-08-01 03:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 14:45 - 2017-08-01 03:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 14:45 - 2017-07-28 07:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-09 14:45 - 2017-07-28 07:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 14:45 - 2017-07-28 07:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-09 14:45 - 2017-07-28 07:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 14:45 - 2017-07-28 07:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-09 14:45 - 2017-07-28 06:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 14:45 - 2017-07-28 06:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-09 14:45 - 2017-07-28 06:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-09 14:45 - 2017-07-28 06:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-09 14:45 - 2017-07-28 06:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-09 14:45 - 2017-07-28 06:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-09 14:45 - 2017-07-28 06:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-09 14:45 - 2017-07-28 06:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-09 14:45 - 2017-07-28 06:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-09 14:45 - 2017-07-28 06:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-09 14:45 - 2017-07-28 06:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-09 14:45 - 2017-07-28 06:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-09 14:45 - 2017-07-28 06:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-09 14:45 - 2017-07-28 06:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-09 14:45 - 2017-07-28 06:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-09 14:45 - 2017-07-28 06:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-09 14:45 - 2017-07-28 06:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-09 14:45 - 2017-07-28 06:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-09 14:45 - 2017-07-28 06:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-09 14:45 - 2017-07-28 06:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-09 14:45 - 2017-07-28 06:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 14:45 - 2017-07-28 06:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-09 14:45 - 2017-07-28 06:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-09 14:45 - 2017-07-28 06:18 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-08-09 14:45 - 2017-07-28 06:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-09 14:45 - 2017-07-28 06:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 14:45 - 2017-07-28 06:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-09 14:45 - 2017-07-28 06:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-09 14:45 - 2017-07-28 06:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 14:45 - 2017-07-28 06:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-09 14:45 - 2017-07-28 06:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-09 14:45 - 2017-07-28 06:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-09 14:45 - 2017-07-28 06:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 14:45 - 2017-07-28 06:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-09 14:45 - 2017-07-28 06:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-09 14:45 - 2017-07-28 06:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-09 14:45 - 2017-07-28 06:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 14:45 - 2017-07-28 06:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 14:45 - 2017-07-28 06:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-09 14:45 - 2017-07-28 06:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-09 14:45 - 2017-07-28 06:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-09 14:45 - 2017-07-28 06:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 14:45 - 2017-07-28 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-09 14:45 - 2017-07-28 06:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 14:45 - 2017-07-28 06:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 14:45 - 2017-07-28 06:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 14:45 - 2017-07-28 06:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-09 14:45 - 2017-07-28 06:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-09 14:45 - 2017-07-28 06:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-09 14:45 - 2017-07-28 06:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-09 14:45 - 2017-07-28 06:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-09 14:45 - 2017-07-28 06:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 14:45 - 2017-07-28 06:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-09 14:45 - 2017-07-28 06:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-09 14:45 - 2017-07-28 06:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 14:45 - 2017-07-28 06:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 14:45 - 2017-07-28 06:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 14:45 - 2017-07-28 06:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 14:45 - 2017-07-28 06:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 14:45 - 2017-07-28 06:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-09 14:44 - 2017-08-01 04:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 14:44 - 2017-08-01 04:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 14:44 - 2017-08-01 04:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 14:44 - 2017-08-01 04:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 14:44 - 2017-08-01 04:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 14:44 - 2017-08-01 04:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 14:44 - 2017-08-01 04:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 14:44 - 2017-08-01 04:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 14:44 - 2017-08-01 04:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 14:44 - 2017-08-01 04:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 14:44 - 2017-08-01 04:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 14:44 - 2017-08-01 04:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 14:44 - 2017-08-01 04:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 14:44 - 2017-08-01 04:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 14:44 - 2017-08-01 04:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 14:44 - 2017-08-01 04:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 14:44 - 2017-08-01 04:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 14:44 - 2017-08-01 04:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 14:44 - 2017-08-01 04:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 14:44 - 2017-08-01 03:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 14:44 - 2017-08-01 03:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 14:44 - 2017-08-01 03:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 14:44 - 2017-08-01 03:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 14:44 - 2017-08-01 03:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 14:44 - 2017-08-01 03:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 14:44 - 2017-08-01 03:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 14:44 - 2017-08-01 03:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 14:44 - 2017-08-01 03:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 14:44 - 2017-08-01 03:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 14:44 - 2017-08-01 03:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 14:44 - 2017-08-01 03:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 14:44 - 2017-08-01 03:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 14:44 - 2017-08-01 03:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 14:44 - 2017-08-01 03:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 14:44 - 2017-08-01 03:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 14:44 - 2017-08-01 03:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 14:44 - 2017-08-01 03:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 14:44 - 2017-08-01 03:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 14:44 - 2017-08-01 03:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 14:44 - 2017-08-01 03:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 14:44 - 2017-08-01 03:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 14:44 - 2017-08-01 03:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 14:44 - 2017-08-01 03:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 14:44 - 2017-08-01 03:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 14:44 - 2017-08-01 03:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 14:44 - 2017-08-01 03:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 14:44 - 2017-08-01 03:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 14:44 - 2017-08-01 03:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 14:44 - 2017-08-01 03:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 14:44 - 2017-08-01 03:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 14:44 - 2017-08-01 03:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 14:44 - 2017-08-01 03:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 14:44 - 2017-08-01 03:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 14:44 - 2017-08-01 03:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 14:44 - 2017-08-01 03:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 14:44 - 2017-08-01 03:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 14:44 - 2017-08-01 03:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 14:44 - 2017-08-01 03:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 14:44 - 2017-08-01 03:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 14:44 - 2017-08-01 03:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 14:44 - 2017-07-28 07:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-09 14:44 - 2017-07-28 07:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 14:44 - 2017-07-28 07:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 14:44 - 2017-07-28 07:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-09 14:44 - 2017-07-28 07:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-09 14:44 - 2017-07-28 07:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-09 14:44 - 2017-07-28 07:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-09 14:44 - 2017-07-28 07:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-09 14:44 - 2017-07-28 07:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-09 14:44 - 2017-07-28 07:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-09 14:44 - 2017-07-28 07:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-09 14:44 - 2017-07-28 07:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-09 14:44 - 2017-07-28 07:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-09 14:44 - 2017-07-28 07:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-09 14:44 - 2017-07-28 07:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-09 14:44 - 2017-07-28 07:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-09 14:44 - 2017-07-28 07:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 14:44 - 2017-07-28 07:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 14:44 - 2017-07-28 07:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 14:44 - 2017-07-28 07:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-09 14:44 - 2017-07-28 07:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-09 14:44 - 2017-07-28 07:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-09 14:44 - 2017-07-28 07:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-09 14:44 - 2017-07-28 07:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 14:44 - 2017-07-28 07:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-09 14:44 - 2017-07-28 07:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-09 14:44 - 2017-07-28 07:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-09 14:44 - 2017-07-28 07:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-09 14:44 - 2017-07-28 07:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-09 14:44 - 2017-07-28 07:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-09 14:44 - 2017-07-28 07:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 14:44 - 2017-07-28 06:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-09 14:44 - 2017-07-28 06:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-09 14:44 - 2017-07-28 06:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-09 14:44 - 2017-07-28 06:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-09 14:44 - 2017-07-28 06:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-09 14:44 - 2017-07-28 06:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-09 14:44 - 2017-07-28 06:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-09 14:44 - 2017-07-28 06:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-09 14:44 - 2017-07-28 06:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-09 14:44 - 2017-07-28 06:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-09 14:44 - 2017-07-28 06:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-09 14:44 - 2017-07-28 06:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-09 14:44 - 2017-07-28 06:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-09 14:44 - 2017-07-28 06:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-09 14:44 - 2017-07-28 06:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-09 14:44 - 2017-07-28 06:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 14:44 - 2017-07-28 06:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-09 14:44 - 2017-07-28 06:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 14:44 - 2017-07-28 06:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-09 14:44 - 2017-07-28 06:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-09 14:44 - 2017-07-28 06:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-09 14:44 - 2017-07-28 06:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-09 14:44 - 2017-07-28 06:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-09 14:44 - 2017-07-28 06:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-09 14:44 - 2017-07-28 06:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-09 14:44 - 2017-07-28 06:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-09 14:44 - 2017-07-28 06:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-09 14:44 - 2017-07-28 06:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-09 14:44 - 2017-07-28 06:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-09 14:44 - 2017-07-28 06:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-09 14:44 - 2017-07-28 06:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 14:44 - 2017-07-28 06:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-09 14:44 - 2017-07-28 06:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-09 14:44 - 2017-07-28 06:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-09 14:44 - 2017-07-28 06:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-09 14:44 - 2017-07-28 06:18 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-08-09 14:44 - 2017-07-28 06:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 14:44 - 2017-07-28 06:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-09 14:44 - 2017-07-28 06:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 14:44 - 2017-07-28 06:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 14:44 - 2017-07-28 06:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 14:44 - 2017-07-28 06:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-09 14:44 - 2017-07-28 06:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-09 14:44 - 2017-07-28 06:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 14:44 - 2017-07-28 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 14:44 - 2017-07-28 06:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-09 14:44 - 2017-07-28 06:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-09 14:44 - 2017-07-28 06:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-09 14:44 - 2017-07-28 06:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-09 14:44 - 2017-07-28 06:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-09 14:44 - 2017-07-28 06:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 14:44 - 2017-07-28 06:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-09 14:44 - 2017-07-28 06:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-09 14:44 - 2017-07-28 06:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 14:44 - 2017-07-28 06:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-09 14:44 - 2017-07-28 06:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 14:44 - 2017-07-28 06:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-09 14:44 - 2017-07-28 06:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 14:44 - 2017-07-28 06:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-09 14:44 - 2017-07-28 06:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-09 14:44 - 2017-07-28 06:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-09 14:44 - 2017-07-28 06:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 14:44 - 2017-07-28 06:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 14:44 - 2017-07-28 06:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-09 14:44 - 2017-07-28 06:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 14:44 - 2017-07-28 06:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-09 14:44 - 2017-07-28 06:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 14:44 - 2017-07-28 06:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 14:44 - 2017-07-28 06:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-09 14:44 - 2017-07-28 06:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-09 14:44 - 2017-07-28 06:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-09 14:44 - 2017-07-28 06:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-09 14:44 - 2017-07-28 06:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-09 14:44 - 2017-07-28 06:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 14:44 - 2017-07-28 06:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-09 14:44 - 2017-07-28 06:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-09 14:44 - 2017-07-28 06:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 14:44 - 2017-07-28 06:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-09 14:44 - 2017-07-28 06:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 14:44 - 2017-07-28 06:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 14:44 - 2017-07-28 06:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-09 10:56 - 2017-08-09 10:56 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-08 23:14 - 2017-08-08 23:14 - 000000000 ____D C:\Users\ushe2\Documents\Quill
2017-08-08 23:14 - 2017-08-08 23:14 - 000000000 ____D C:\Users\ushe2\AppData\Local\Quill
2017-08-08 21:53 - 2017-08-08 21:53 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Oculus VR
2017-08-08 18:00 - 2017-08-08 18:00 - 000000000 ____D C:\temp
2017-08-08 17:27 - 2017-08-08 17:35 - 000000000 ____D C:\Users\ushe2\Documents\Rec Room
2017-08-08 17:27 - 2017-08-08 17:27 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Against Gravity
2017-08-08 15:39 - 2017-08-08 15:39 - 000000000 ____D C:\Users\ushe2\AppData\Local\RoboRecall
2017-08-08 14:38 - 2017-08-08 14:38 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Valve
2017-08-08 14:23 - 2017-08-08 14:23 - 000000000 ____D C:\Users\ushe2\AppData\Local\TouchNUX
2017-08-08 13:46 - 2017-08-08 13:46 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Oculus
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-07 15:33 - 2017-06-26 23:06 - 001406290 _____ C:\WINDOWS\system32\perfh006.dat
2017-09-07 15:33 - 2017-06-26 23:06 - 000375962 _____ C:\WINDOWS\system32\perfc006.dat
2017-09-07 15:33 - 2017-06-26 22:39 - 003309896 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-07 15:29 - 2017-06-26 23:25 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-07 15:27 - 2017-07-19 15:26 - 000000000 ____D C:\Users\ushe2\AppData\Local\Oculus
2017-09-07 15:27 - 2017-06-27 00:37 - 000000000 ____D C:\Users\ushe2\AppData\Local\CrashDumps
2017-09-07 15:27 - 2017-06-26 23:52 - 000000000 ____D C:\MSI
2017-09-07 15:27 - 2017-06-26 23:25 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-07 15:27 - 2017-06-26 23:06 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-07 15:27 - 2017-06-26 22:30 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-07 15:27 - 2017-06-26 22:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-07 15:26 - 2017-06-26 23:02 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-09-07 15:11 - 2017-06-26 22:59 - 000000000 ____D C:\Users\ushe2
2017-09-07 12:53 - 2017-06-26 23:07 - 000000000 ____D C:\Users\ushe2\AppData\Local\Battle.net
2017-09-07 12:53 - 2017-06-26 23:07 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-09-06 23:22 - 2017-06-26 22:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-06 22:59 - 2017-06-26 23:31 - 000000000 ___RD C:\Users\ushe2\Desktop\Ahams Stuff
2017-09-06 18:35 - 2017-06-27 19:13 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\qBittorrent
2017-09-06 15:53 - 2017-06-26 23:04 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-06 15:53 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-06 13:37 - 2017-06-26 23:38 - 000000000 ____D C:\Users\ushe2\Documents\My Games
2017-09-06 12:54 - 2017-07-05 20:08 - 000000000 ____D C:\Users\ushe2\AppData\Local\Ubisoft Game Launcher
2017-09-05 15:24 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\INF
2017-09-05 11:51 - 2017-07-03 17:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-04 22:35 - 2017-06-26 23:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-04 22:05 - 2017-06-26 23:02 - 000000000 ____D C:\WINDOWS\Panther
2017-09-04 21:51 - 2017-06-26 23:00 - 000000000 ____D C:\Users\ushe2\AppData\Local\Packages
2017-09-03 17:34 - 2017-06-26 23:04 - 000000420 _____ C:\Users\ushe2\Desktop\Denne pc.lnk
2017-09-03 11:00 - 2017-06-26 23:04 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-01 10:21 - 2017-06-26 23:54 - 000000000 ____D C:\Users\ushe2\Documents\Visual Studio 2017
2017-08-30 22:56 - 2017-06-26 23:51 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\Visual Studio Setup
2017-08-30 18:19 - 2017-07-06 19:42 - 000000000 ____D C:\Users\ushe2\Documents\Overwatch
2017-08-29 12:42 - 2017-06-26 23:03 - 000002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 12:35 - 2017-06-26 23:16 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps
2017-08-24 22:35 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\rescache
2017-08-24 12:11 - 2017-06-26 23:54 - 000000000 ____D C:\Users\ushe2\AppData\Local\.IdentityService
2017-08-24 12:05 - 2017-06-26 23:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-08-24 12:05 - 2017-06-26 23:04 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-24 12:05 - 2017-06-26 23:02 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-24 11:57 - 2017-06-26 23:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-08-24 11:52 - 2017-06-26 23:06 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-08-20 01:07 - 2017-06-26 23:39 - 000000000 ____D C:\Users\ushe2\AppData\Local\UnrealEngine
2017-08-18 13:29 - 2017-06-27 00:42 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-16 14:55 - 2017-06-27 11:32 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\BetterDiscord
2017-08-14 23:46 - 2017-07-13 20:31 - 000000000 ____D C:\Users\ushe2\AppData\Local\ElevatedDiagnostics
2017-08-09 20:04 - 2017-06-27 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2017-08-09 20:04 - 2017-06-27 00:39 - 000000000 ____D C:\ProgramData\Freemake
2017-08-09 16:37 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-09 16:37 - 2017-06-26 23:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-09 16:36 - 2017-06-26 22:30 - 000425856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-09 14:46 - 2017-06-27 03:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 14:45 - 2017-06-27 03:06 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-09 10:57 - 2017-06-26 23:32 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\discord
2017-08-09 10:56 - 2017-06-26 23:32 - 000000000 ____D C:\Users\ushe2\AppData\Local\Discord
2017-08-08 18:40 - 2017-07-19 15:30 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\Oculus
2017-08-08 15:32 - 2017-07-19 15:28 - 000000000 ____D C:\Program Files\Oculus
2017-08-08 13:12 - 2017-07-19 15:30 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\OculusClient
2017-08-08 13:11 - 2017-07-12 13:17 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-08-08 13:11 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-08 13:11 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\system32\Macromed
 
==================== Files in the root of some directories =======
 
2017-08-14 22:52 - 2017-08-14 22:52 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2014-08-06 17:47 - 2014-08-06 17:47 - 000157696 _____ () C:\Users\ushe2\AppData\Local\Temp\ERUNT.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-02 23:54
 
==================== End of FRST.txt ============================


And here is my Addition log: 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Ahams (07-09-2017 15:53:38)
Running from C:\Users\ushe2\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-26 20:32:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4027789535-904595525-3014968156-500 - Administrator - Disabled)
Ahams (S-1-5-21-4027789535-904595525-3014968156-1001 - Administrator - Enabled) => C:\Users\ushe2
DefaultAccount (S-1-5-21-4027789535-904595525-3014968156-503 - Limited - Disabled)
Gæst (S-1-5-21-4027789535-904595525-3014968156-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
.NET Core SDK 1.1.0 (x64) (HKLM\...\{DF68596E-0F41-41CC-BAD9-9F30A9662D90}) (Version: 4.16.5124 - Microsoft Corporation) Hidden
.NET Core SDK 1.1.0 (x64) (HKLM-x32\...\{67d148ca-6fe2-47ec-bf5c-fbd64345d511}) (Version: 1.1.0 - Microsoft Corporation)
Active Directory Authentication Library for SQL Server (HKLM\...\{52D1FCFD-1052-4D75-B3FB-9906901AFD98}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Alien Swarm (HKLM\...\Steam App 630) (Version:  - Valve)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
Application Verifier x64 External Package (HKLM\...\{2D7C1671-6F3D-2AA7-DAA3-91C96B60B919}) (Version: 10.1.15063.468 - Microsoft) Hidden
BaDoink VR Player (HKLM-x32\...\{a09adfcb-2b62-46a2-b3b6-5601ce1f36c1}) (Version: 1.2.0.0 - CM Productions LLC)
BaDoinkVR Player (HKLM-x32\...\{5FC15826-1F69-40B2-B950-8B67B25BBD16}) (Version: 1.2.0.1 - CM Productions LLC)
Bigscreen Beta (HKLM\...\Steam App 457550) (Version:  - Bigscreen, Inc.)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Corsair Utility Engine (HKLM-x32\...\{5A1E247D-38F6-4398-991F-87619AC282A5}) (Version: 2.16.87 - Corsair)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.80.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.1 - )
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
Dead Cells (HKLM\...\Steam App 588650) (Version:  - Motion Twin)
DiagnosticsHub_CollectionService (HKLM\...\{37385261-BB10-4DE0-8822-84E1C4997ED2}) (Version: 15.0.26730 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-4027789535-904595525-3014968156-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Ellora Assets Corporation)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
icecap_collection_neutral (HKLM-x32\...\{743913D7-41D9-48C0-977D-FC87743A9BEC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{6BC73140-3CB6-486A-8350-BF35F54EFA19}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{67941F0C-2930-4C3F-983C-1089D2759B42}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{304B71E2-BA3A-419C-B632-3DFBB4AFE42B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{A54DCC30-E1EA-4912-A7F9-6C5A3AF1FB3A}) (Version: 10.0.1738 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
InMind VR (HKLM\...\Steam App 343740) (Version:  - Luden.io)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{955DB066-D013-43F3-908C-CBC851E3D4FF}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden
Killing Floor 2 (HKLM\...\Steam App 232090) (Version:  - Tripwire Interactive)
Kits Configuration Installer (HKLM-x32\...\{1704C439-1501-3446-7932-33DA822E8597}) (Version: 10.1.15063.468 - Microsoft) Hidden
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation)
Microsoft Azure PowerShell - September 2016 (HKLM-x32\...\{CB3F8A12-1570-4964-8206-17274AB9EF4D}) (Version: 2.1.0 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.1 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.1) (Version: 5.1.1760.1722 - Microsoft Corporation)
Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - da-dk (HKLM\...\O365ProPlusRetail - da-dk) (Version: 16.0.8326.2096 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.11.33287.817 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{65C71B09-C33D-4F60-93EA-DF3AD1D40600}) (Version: 10.0.1981 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Momodora: Reverie Under the Moonlight (HKLM\...\Steam App 428550) (Version:  - Bombservice)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.10 - MSI)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Grafikdriver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA HD-lyddriver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX-systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Oculus (HKLM\...\Oculus) (Version: <3 - Oculus VR, LLC)
Oculus Rift DK2 Sensor Driver (HKLM\...\{F786EF4E-73FE-4700-AC19-FFC0B2298F20}) (Version: 1.0.0.0 - Oculus VR, LLC) Hidden
Oculus Rift Monitor Driver (HKLM\...\{E932D5B4-547A-4959-B642-3816836283E3}) (Version: 1.0.1.0 - Oculus VR, LLC) Hidden
Oculus Rift Sensor Driver (HKLM\...\{E724ED40-8962-4987-901D-57AC8C9E41CD}) (Version: 1.0.20.0 - Oculus VR, LLC) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0406-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.13.6637 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version:  - Kakao Corp.)
qBittorrent 3.3.15 (HKLM-x32\...\qBittorrent) (Version: 3.3.15 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8228 - Realtek Semiconductor Corp.)
Rec Room (HKLM\...\Steam App 471710) (Version:  - Against Gravity®)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
RogueKiller version 12.11.13.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.13.0 - Adlice Software)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{CD08D2FC-15E2-4B11-A824-091CD344612E}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{6F410B16-8B46-43AF-BC73-C43EE190BFA4}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{F210BD01-6020-4406-AAE1-15B4D4C096C8}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
Starbound (HKLM\...\Steam App 211820) (Version:  - Chucklefish)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamVR (HKLM\...\Steam App 250820) (Version:  - )
TeamSpeak 3 Client (HKU\S-1-5-21-4027789535-904595525-3014968156-1001\...\TeamSpeak 3 Client) (Version: 3.1.4.2 - TeamSpeak Systems GmbH)
TEKKEN 7 (HKLM\...\Steam App 389730) (Version:  - BANDAI NAMCO Studios Inc.)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{D23DC9CD-5870-9D26-5DE9-6273CAC7DD5B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{51523D5B-FC32-CAB4-E54E-E41C0E4C1726}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{573C4B4F-B9B9-28DA-0243-D118DD3EE574}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3C75FFD3-00CF-1974-2935-7BED20381899}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{812954B8-9658-EFE2-FB5F-B422048AA053}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{05086CEC-62C1-B12C-2FEC-C58E166FA7E8}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 36.0 - Ubisoft)
vcpp_crt.redist.clickonce (HKLM-x32\...\{C36E80D0-EED5-481F-9852-1EBB0DD122B6}) (Version: 14.11.25325 - Microsoft Corporation) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VS Immersive Activate Helper (HKLM-x32\...\{FD1039C3-228B-43BB-820A-ACAED580A9D5}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{75068E51-7C37-4003-84C2-C67461C8D60A}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A9ED1B56-3819-4B14-A929-89DD3E16E216}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{EF9A8134-DF80-46A8-85AF-7FBD1E848C12}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{028492D7-855B-4018-B0A8-B5411EED541A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{DCAD4F0C-21F2-4955-9C0A-2B7CEA610A74}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{C32010D8-3E5A-4E2F-874E-9AAEB2384006}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{440B670C-9862-487A-A381-57173D344039}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_codecoveragemsi (HKLM-x32\...\{4047FD10-8010-453A-A110-EA2CF71591B9}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_codeduitestframeworkmsi (HKLM-x32\...\{768725FE-C24E-4D48-BB07-6046761C2A00}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{52100697-9C66-44F3-BA20-68F8148CDF9B}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitcommoncoremsi (HKLM-x32\...\{35804EBF-56A5-4847-848B-1A067AC6DE56}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitextensionmsi (HKLM-x32\...\{C356AA66-C6D7-43C5-9D31-9D58DFB0FE2F}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitextensionmsi_x64 (HKLM-x32\...\{EA12406A-8EED-49AB-A47B-FFA47D4F9ADE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{134E1F55-10CB-4837-9F43-C8145933AA3E}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{5A528FAB-6AD3-4F9A-9A1C-566A5C02C3D6}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{D0772A03-7FC2-4B20-AC1F-B278299AA9C7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{0F2742A7-6A64-46A2-94AE-22F19808BE2F}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_networkemulationmsi_x64 (HKLM-x32\...\{DC5A810D-6264-4280-8475-4CB6B36D84AE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5C682D5E-7168-47C6-87CD-53E2103B08AC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{032E21D1-556F-49D6-9518-CF53202AF63B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WinAppDeploy (HKLM-x32\...\{1AD35036-0E71-1C38-E4F8-14F6ED75EA98}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{E1C6F438-7C50-41F5-8B47-3CC96D397CA3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.468 (HKLM-x32\...\{0a829ae9-ca13-4f58-a168-648e80cf6739}) (Version: 10.1.15063.468 - Microsoft Corporation)
WinRAR 5.50 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.4 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{3E1718A0-E5A4-04EB-E85C-DF94790FCCF4}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{26FD6F7E-30DF-16AB-9F3B-2EC665C36498}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{B3E6FE24-A4E4-0454-5004-D8A3CCC9B0F6}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{CC57D696-D6B5-DB4D-7ABC-C373CF7E6D73}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{891DDA6A-C9D4-9C57-BC4E-B77CE28BAFC3}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{C22B0226-A0C4-B973-C0BF-24A3D66B8C3E}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{F3F1C906-9349-1B25-3680-65015218BD99}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{CB8253BF-62B4-A504-7E06-BA102F48C02B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{7E351EBA-A063-4DE6-9F95-094883AAF7DA}) (Version: 2.1.10713.0 - Microsoft Corporation) Hidden
XMedia Recode version 3.3.5.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.3.5.8 - XMedia Recode)
ロリサキュバス【エルザ】のお兄様いじめ 搾精CG&淫靡Voice (HKLM-x32\...\ロリサキュバス【エルザ】のお兄様いじめ 搾精CG&淫靡Voice_is1) (Version: 1.0 - B-bishiop)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4027789535-904595525-3014968156-1001_Classes\CLSID\{C52B9871-E5E9-41FD-B84D-C5ACADBEC7AE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-02] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-07-19] (NVIDIA Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-16] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14CD7534-E4D6-407D-8B37-9E281BCF6649} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {3656FBC4-A177-44B1-8D1E-79D85B780B58} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {3B725185-3EFB-4BE4-ACB7-5C86C978E976} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {471304DF-CA69-47D9-92E5-F5BC9446EE59} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {4BD64850-DC65-4547-AFE8-15E18BABC544} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {612F426D-2C61-445C-B1A0-F8A68AD06EE4} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {65326D28-C6AB-46B4-9DBF-8C08D51DC4D2} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation)
Task: {764A9C1C-32F6-4438-A7ED-6EF639AC8D30} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation)
Task: {7F0CF1B7-0A28-4909-9B55-699235AE1DB7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-03] ()
Task: {88A8D303-4221-4689-AF64-EDD0454C85F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-26] (Google Inc.)
Task: {89D71AF6-3C8C-4A48-A932-721C1CDA2B93} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-03] ()
Task: {9E428023-A99C-447D-B8E9-13CF78E7F067} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-03] (Microsoft Corporation)
Task: {A66A6973-6E07-459C-A5D7-0FF16F714345} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-03] (Microsoft Corporation)
Task: {B3E900B9-BEB6-4EED-A742-B0EA6C25A8DB} - System32\Tasks\Microsoft Advanced Identity Protection Service => C:\WINDOWS\system32\wusa.exe [2017-03-18] (Microsoft Corporation)
Task: {B4A04760-6CBA-4FD6-AB79-C739A911FB26} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation)
Task: {B6A49BC8-28F2-4A00-8230-1FA05196AA26} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {C96C355F-89A5-48C0-A32B-E1B219CD45B0} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {C9F879D5-0C51-4EDB-ABD3-6EE062E93399} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {D3D6F265-0BEB-4054-8C09-FBE457FC9D85} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {D616B1FC-739C-4B0B-8A4F-2BCE8A17FE7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-26] (Google Inc.)
Task: {F2C12946-B826-4694-9338-F32190B36FEE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-03] (Microsoft Corporation)
Task: {F59B2BE7-CAD6-45BC-AEE6-B0D7CB973A58} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {F68A910E-E50E-4673-B6B8-C6EFABDB4776} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {F786304B-2136-4F46-85FD-9576770CA98A} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [2017-01-19] (Micro-Star INT'L CO., LTD.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps\mydlink services plugin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ldibdoepbjbkkcbgndfljnphngpglhbb
ShortcutWithArgument: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-06-26 23:25 - 2017-06-21 09:02 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-02 13:00 - 2017-09-02 13:03 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-26 23:53 - 2016-06-14 16:35 - 000187392 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\D3D11FontDraw.dll
2017-03-18 22:59 - 2017-03-20 06:44 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-29 12:42 - 2017-08-23 10:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-29 12:42 - 2017-08-23 10:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-09-07 15:37 - 2017-09-07 15:37 - 000797760 _____ () C:\Users\ushe2\Desktop\delfix_1.013.exe
2017-06-26 23:54 - 2016-04-20 14:12 - 000772608 _____ () C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\Lib\USB_DLL.dll
2017-07-05 20:17 - 2017-07-05 20:17 - 002493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2017-06-26 23:25 - 2017-06-21 09:02 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-06-26 23:53 - 2016-06-14 16:35 - 000163328 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\D3D11FontDraw.dll
2017-06-26 23:07 - 2017-08-04 23:19 - 000678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-06-26 23:07 - 2016-09-01 03:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-06-26 23:07 - 2017-08-28 22:05 - 002505504 _____ () C:\Program Files (x86)\Steam\video.dll
2017-06-26 23:07 - 2016-09-01 03:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-06-26 23:07 - 2016-09-01 03:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-06-26 23:07 - 2016-01-27 09:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-06-26 23:07 - 2016-01-27 09:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-06-26 23:07 - 2016-01-27 09:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-06-26 23:07 - 2016-01-27 09:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-06-26 23:07 - 2016-01-27 09:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-06-26 23:07 - 2017-08-28 22:05 - 000885024 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-06-26 23:07 - 2016-07-05 00:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-08-09 10:56 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\ushe2\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-09 10:57 - 2017-08-09 10:57 - 001577976 _____ () \\?\C:\Users\ushe2\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-06-26 23:07 - 2017-07-18 00:50 - 073115424 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-26 23:07 - 2017-05-17 03:54 - 000678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-06-26 23:07 - 2015-09-25 01:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-08-09 10:56 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\ushe2\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-09 10:56 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\ushe2\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-08-04 12:18 - 2017-08-04 12:18 - 000199680 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2017-08-04 12:16 - 2017-08-04 12:16 - 000044544 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2017-08-04 12:31 - 2017-08-04 12:31 - 000151040 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairAudioDevice.dll
2017-08-04 12:15 - 2017-08-04 12:15 - 000097280 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2016-12-01 13:28 - 2016-12-01 13:28 - 001983488 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
2016-12-01 13:28 - 2016-12-01 13:28 - 000013824 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL
2017-06-26 23:52 - 2016-06-01 15:50 - 000785360 _____ () C:\Program Files (x86)\MSI\Gaming APP\Lib\USB_DLL.dll
2017-08-09 10:57 - 2017-08-31 12:34 - 009622008 _____ () \\?\C:\Users\ushe2\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-09 10:57 - 2017-08-09 10:57 - 001440248 _____ () \\?\C:\Users\ushe2\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-08-16 14:55 - 2017-08-16 14:55 - 000148992 _____ () \\?\C:\Users\ushe2\AppData\Local\Discord\app-0.0.298\resources\app\node_modules\erlpack\build\Release\erlpack.node
2017-08-09 10:56 - 2017-08-09 10:56 - 002658296 _____ () \\?\C:\Users\ushe2\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-09 10:57 - 2017-08-09 10:57 - 002673656 _____ () \\?\C:\Users\ushe2\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\ushe2\AppData\Local\Temp:$DATA [16]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-06-26 23:04 - 2017-09-04 22:15 - 000000880 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0                   telemetry.malwarebytes.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4027789535-904595525-3014968156-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ushe2\Desktop\Ahams Stuff\Wallpaper collection\Made in Abyss\Reg and Riku.png
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{13FF2F62-1EA0-41FA-A195-12A33BAD5E5A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9A1F6266-3837-4793-86EC-BB18CE0DD4CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1290C247-7DC9-44BA-9AE3-65654AB7AAD0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DB04844E-ED17-408F-9AD1-1821CA35F251}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9E9D825F-F20E-4AF7-96D5-8C283F861879}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{148D6F89-9A0B-4934-9CDF-68A614E04FF0}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{181A09A2-52C7-43F3-B470-D0059B34FA7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2925094D-B6C4-41F6-A418-BC5F6D1D1382}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{178232D4-4829-4235-BF09-49618486102A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D276E570-4FF4-43C8-BA9F-9C35C4D0D74A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8E85968F-8F8E-47B0-BFB6-1B5D57473D7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{D7223FF2-19EF-4413-886E-BEEDD7DD4ADA}D:\steamlibrary\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe
FirewallRules: [UDP Query User{6916C17A-5578-4A38-A848-29FABB4910CE}D:\steamlibrary\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe
FirewallRules: [{94C3DF8E-387D-4B31-8486-E63AF86847F3}] => (Allow) D:\SteamLibrary\steamapps\common\TEKKEN 7\TEKKEN 7.exe
FirewallRules: [{3933F6F4-3A9B-4DF0-87D6-F8F10E586776}] => (Allow) D:\SteamLibrary\steamapps\common\TEKKEN 7\TEKKEN 7.exe
FirewallRules: [{2FA20C36-6B40-4ABC-BA67-DD988BFB0959}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Cells\deadcells.exe
FirewallRules: [{2791DC8E-368E-4B2E-ACD2-5AEFDDE77AB5}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Cells\deadcells.exe
FirewallRules: [{D534D42F-87FD-46A7-AE20-034C86765F2A}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{A08B395A-8C54-4E33-81C1-B5130B2BEA45}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{A3DA6755-5BE0-48DB-A8C3-78D6EF452BD9}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{0E0C458A-0188-474D-9267-6877298097A0}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{B9449074-CF83-4734-89C6-727C07DE60D3}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{57E99826-4FEB-4CBA-B725-29E03D9BF666}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{C494B164-F227-4FF2-BC23-0359225820A6}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{6DC956F6-A328-4601-8647-E82AE86D807E}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{80CDF168-ECEE-49D1-9C3A-A9EAB031988A}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{7CC022AC-3862-49A5-A420-950BA5625D91}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{39A4CF98-EF56-4F6A-B6A4-98B8C1D5E8E4}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{2C3677CD-00E4-49D3-82A1-27B6BFBF585E}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{59C92D98-FD6B-4D2A-9140-955E15A03A53}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{3170BDBD-DE84-4792-8718-67A200F46438}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{E96EFD05-2C6B-4809-A0A0-69FA58302378}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{A3501A3E-CB76-4213-B11A-9B1226B5B9A1}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{C1FA34E9-161F-4806-8E0D-74429CF15783}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8E16CB1B-0B48-44D6-84E7-1BB65F422073}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A746AF39-DB76-4E60-A9BB-F25D99F566BB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AE3A9C4E-E3D6-43BD-BE15-9A79687B4DC6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A638BD9B-1C8B-44E5-B5CB-24460B088396}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{05F44E1E-9BC1-44FD-B111-B6800F1F4AE0}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{C83C9A4A-65A7-4D17-8EC7-E9A119D7848F}D:\overwatch test\overwatch.exe] => (Allow) D:\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{A22BE01D-8E77-492D-9A3F-FA7A6D5A9D3E}D:\overwatch test\overwatch.exe] => (Allow) D:\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{46D6A391-A4F4-4104-8B98-A62F15038BE6}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{1B444605-9747-48CA-9C2E-E5190CD80AA1}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [{4E335E3C-79D9-4230-9A4B-E63CF44EA2A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{851AC23F-17D2-4C95-A591-79FEFC7C50D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{210481C3-B6E5-467E-B629-033BE759CF80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe
FirewallRules: [{BD887F2E-21DE-44A1-AA33-A9285696F4A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe
FirewallRules: [{5FAA91D7-DA8A-4AAE-902C-E17CFA81F5D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe
FirewallRules: [{157E6C1F-EADF-4CE0-A3C1-811F770DB686}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe
FirewallRules: [{371E49EA-E7CD-42F2-8AD6-72102EC7BA63}] => (Allow) D:\SteamLibrary\steamapps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{D5A0E12A-DF0A-4FC0-BB9B-573315176233}] => (Allow) D:\SteamLibrary\steamapps\common\RecRoom\Recroom_Release.exe
FirewallRules: [TCP Query User{3BFE343F-E8B4-4E2A-8FA1-B767F8D761FC}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E64CE11F-30CB-4637-A543-2AFD1DE8605C}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [{8DB6AD75-BF1F-4B45-BA5C-1D0B01612AB7}] => (Allow) D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{4159323A-EC3E-4FAD-B55E-E309A16B9DD7}] => (Allow) D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{9680347F-947A-453D-9767-6FB0F6550FF5}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{D53B8284-FF57-4140-8325-BF54AF0CE020}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{AABC88F1-E6B4-4370-B091-E94BA12DCAF0}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{75B2308A-0357-4554-9B9F-2F2026DA6EED}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{7F8AE94C-07F5-4C65-8995-0A88EE50E1C4}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{80603280-35B6-48B3-9D41-45A31F019F93}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{224C7010-D1AE-4EB7-B9A4-FB4AC82685D1}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{DC724474-A65E-4E04-BF2F-1529D3E6856F}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{E9BF00CD-8A67-4AD5-9E95-B314EF5A0E9F}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
FirewallRules: [{E38211B5-537D-4C30-8D25-FCB4C2AC161C}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
FirewallRules: [{963C8365-0354-495F-BC7F-5DD2315794D1}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\DirectDisplayConfig.exe
FirewallRules: [{772D8B13-72BA-4433-B778-1BC628226923}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\DirectDisplayConfig.exe
FirewallRules: [{4AE0B1F9-5CDB-4639-AF2E-89DF5EB83966}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe
FirewallRules: [{32B8DFA1-0A7A-44A4-8A06-2E05523EAD4B}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe
FirewallRules: [{102628F3-4937-4D3B-9EC9-7818F4718DBE}] => (Allow) C:\Program Files\Oculus\Support\oculus-home\OculusVR.exe
FirewallRules: [{7DD0E91E-89EF-4224-80D0-8DDC2F6069A3}] => (Allow) C:\Program Files\Oculus\Support\oculus-home\OculusVR.exe
FirewallRules: [{D6B0DE9E-246F-425B-B584-6D6F896CA668}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe
FirewallRules: [{D8B5CCE4-B3CF-4240-ADFE-01B429DD26CD}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe
FirewallRules: [TCP Query User{1F651F2C-2E56-4CAD-8640-3CB207E5DB42}D:\overwatch test\overwatch.exe] => (Allow) D:\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{1D6AC70E-1647-4901-AC97-89130BC16B1C}D:\overwatch test\overwatch.exe] => (Allow) D:\overwatch test\overwatch.exe
FirewallRules: [{712B4036-8774-4CCB-BEDB-31CEA5AB876D}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{5DCC2808-7A54-4088-ABED-AD3EF31C4D38}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{3D9E2987-54FC-4385-B82D-1518A140E4F7}] => (Allow) D:\Oculus Home\Software\ready-at-dawn-echo-arena\bin\win7\BsSndRpt64.exe
FirewallRules: [{F98ED620-5804-4E72-85EC-AEB3E2814699}] => (Allow) D:\Oculus Home\Software\ready-at-dawn-echo-arena\bin\win7\BsSndRpt64.exe
FirewallRules: [{34508FB2-1A3F-488D-9547-368FB4E1EF01}] => (Allow) D:\Oculus Home\Software\ready-at-dawn-echo-arena\bin\win7\EchoArena.exe
FirewallRules: [{829C0471-A382-4777-AB9D-A410861E0D5D}] => (Allow) D:\Oculus Home\Software\ready-at-dawn-echo-arena\bin\win7\EchoArena.exe
FirewallRules: [{D109122D-5FDA-40D7-805C-4BBE1AC327C4}] => (Allow) D:\Oculus Home\Software\oculus-dead-and-buried\DeadAndBuried\DeadAndBuried.exe
FirewallRules: [{2FDA6135-0D5C-46A9-B5F6-6A1888034D21}] => (Allow) D:\Oculus Home\Software\oculus-dead-and-buried\DeadAndBuried\DeadAndBuried.exe
FirewallRules: [{65D6C98E-3A9D-4B29-963E-B1CB124955CF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{407E737F-4F56-4FBB-AB9D-59D7C9F7C0BE}] => (Allow) D:\SteamLibrary\steamapps\common\Bigscreen\Bigscreen.exe
FirewallRules: [{F96C9247-D0D4-4E53-AEC6-943691D995D4}] => (Allow) D:\SteamLibrary\steamapps\common\Bigscreen\Bigscreen.exe
FirewallRules: [{5A230682-9DE6-44B5-BB04-AB5D1117D91B}] => (Allow) LPort=12292
FirewallRules: [{ECD6D0D9-786E-4172-98B4-7019BE9C2249}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4138CA9D-6ECD-4E8F-8E77-9F22E6086E59}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{FA9B6CB3-3F3D-4E20-8EBB-4C6732129F1B}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{7EBC6BF1-B742-4AA6-97DB-A5371E39AD51}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{980E90F2-D2A0-4234-8E4C-75D793C748FE}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{563856A9-58F3-4BFB-99C2-5909BE3B281B}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{193BB335-17DA-4D56-95E0-3315FAFAAE91}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{0FDB2274-404D-4C5D-8BD3-150EDF3A5A41}] => (Allow) D:\SteamLibrary\steamapps\common\Momodora RUtM\MomodoraRUtM.exe
FirewallRules: [{B030AB25-B0BE-425A-B6E1-BCE866EF85A5}] => (Allow) D:\SteamLibrary\steamapps\common\Momodora RUtM\MomodoraRUtM.exe
FirewallRules: [{FFF9FD43-CF95-4C17-BF8D-12C091DEFA9B}] => (Allow) D:\SteamLibrary\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [{DE8564F4-0197-4FF4-B3B8-1D10C724C59B}] => (Allow) D:\SteamLibrary\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [{BCC5A095-DA89-4E47-A61B-45E8108BBA2C}] => (Allow) D:\SteamLibrary\steamapps\common\InMind\InMind.exe
FirewallRules: [{8B7531B7-7903-45A6-80B9-30C11D93937C}] => (Allow) D:\SteamLibrary\steamapps\common\InMind\InMind.exe
FirewallRules: [TCP Query User{ACD466C8-19A0-46AF-9A43-132BE96DD5F5}D:\steamlibrary\steamapps\common\gigantic\arc\arcchat.exe] => (Allow) D:\steamlibrary\steamapps\common\gigantic\arc\arcchat.exe
FirewallRules: [UDP Query User{1F91C654-99D5-4A0D-AF91-3C5A36836B5E}D:\steamlibrary\steamapps\common\gigantic\arc\arcchat.exe] => (Allow) D:\steamlibrary\steamapps\common\gigantic\arc\arcchat.exe
FirewallRules: [{516595AF-5836-4037-B90C-8CB59A5B3733}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8DE54FC7-E971-4181-B1D7-CD7D498D5F70}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5A2BF8ED-EC3D-49CD-A9B4-5985750F7FBE}] => (Allow) LPort=26789
 
==================== Restore Points =========================
 
06-09-2017 19:39:55 Removed Gigantic Launcher
07-09-2017 15:09:42 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/07/2017 03:30:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm\signtool.exe.Manifest".
Afhængig samling Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" blev ikke fundet.
Anvend sxstrace.exe til detaljeret diagnose.
 
Error: (09/07/2017 03:30:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm64\signtool.exe.Manifest".
Afhængig samling Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" blev ikke fundet.
Anvend sxstrace.exe til detaljeret diagnose.
 
Error: (09/07/2017 03:29:52 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Der er en fejl i manifestet eller politikfilen "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" i linje 1.
Den komponentidentitet, der blev fundet i manifestet, stemmer ikke overens med den anmodede komponents identitet.
Reference er UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition er UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Anvend sxstrace.exe til detaljeret diagnose.
 
Error: (09/07/2017 03:27:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-8HO2H5Q)
Description: Aktivering af app‘en Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI mislykkedes med fejlen: -2147023170 Du kan finde flere oplysninger i loggen Microsoft-Windows-TWinUI/Operational.
 
Error: (09/07/2017 03:27:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Navn på program med fejl: SearchUI.exe, version: 10.0.15063.332, tidsstempel: 0x591fdafc
Navn på modul med fejl: SearchUI.exe, version: 10.0.15063.332, tidsstempel: 0x591fdafc
Undtagelseskode: 0xc000027b
Forskydning med fejl 0x00000000001ae3e1
Proces-id 0x1948
Programmets starttidspunkt 0x01d327dd0671a331
Programsti: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Modulsti: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Rapport-id: 342b3143-d948-4ab6-bc82-5cf3ac4d35b8
Fuldt navn på program med fejl: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Relativt program-id for program med fejl: CortanaUI
 
Error: (09/07/2017 03:27:13 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/07/2017 03:27:08 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/07/2017 03:21:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm\signtool.exe.Manifest".
Afhængig samling Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" blev ikke fundet.
Anvend sxstrace.exe til detaljeret diagnose.
 
Error: (09/07/2017 03:21:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm64\signtool.exe.Manifest".
Afhængig samling Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" blev ikke fundet.
Anvend sxstrace.exe til detaljeret diagnose.
 
Error: (09/07/2017 03:20:05 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Der er en fejl i manifestet eller politikfilen "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" i linje 1.
Den komponentidentitet, der blev fundet i manifestet, stemmer ikke overens med den anmodede komponents identitet.
Reference er UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition er UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Anvend sxstrace.exe til detaljeret diagnose.
 
 
System errors:
=============
Error: (09/07/2017 03:38:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten eapihdrv kunne ikke starte pga. følgende fejl: 
Indlæsningen af driveren blev blokeret.
 
Error: (09/07/2017 03:38:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ushe2\AppData\Local\Temp\ehdrv.sys
 
Error: (09/07/2017 03:38:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten eapihdrv kunne ikke starte pga. følgende fejl: 
Indlæsningen af driveren blev blokeret.
 
Error: (09/07/2017 03:38:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ushe2\AppData\Local\Temp\ehdrv.sys
 
Error: (09/07/2017 03:38:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten eapihdrv kunne ikke starte pga. følgende fejl: 
Indlæsningen af driveren blev blokeret.
 
Error: (09/07/2017 03:38:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ushe2\AppData\Local\Temp\ehdrv.sys
 
Error: (09/07/2017 03:38:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten eapihdrv kunne ikke starte pga. følgende fejl: 
Indlæsningen af driveren blev blokeret.
 
Error: (09/07/2017 03:38:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ushe2\AppData\Local\Temp\ehdrv.sys
 
Error: (09/07/2017 03:38:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten eapihdrv kunne ikke starte pga. følgende fejl: 
Indlæsningen af driveren blev blokeret.
 
Error: (09/07/2017 03:38:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ushe2\AppData\Local\Temp\ehdrv.sys
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 30%
Total physical RAM: 16245.45 MB
Available physical RAM: 11360.25 MB
Total Virtual: 17269.45 MB
Available Virtual: 11738.04 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.33 GB) (Free:149.18 GB) NTFS
Drive d: (Data) (Fixed) (Total:698.51 GB) (Free:302.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:55 AM

Posted 07 September 2017 - 02:02 PM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Copy and paste the contents of that logfile in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Ahams

Ahams
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 AM

Posted 07 September 2017 - 02:47 PM

SALog.txt:

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 28th August, 2017

Running from:C:\Users\ushe2\Desktop (21:23:41 - 09/07/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
Malwarebytes (Disabled - up to Date)
Malwarebytes (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (26.0.0.151)
CCleaner (5.33)
Google Chrome (60.0.3112.113)
Malwarebytes (3.2.2.2018)
 
***----------------Analysis Complete-------------------------***
 
 
 
MBAR-log-***.txt:
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.09.07.07
  rootkit: v2017.08.02.01
 
Windows 10 x64 NTFS
Internet Explorer 11.540.15063.0
Ahams :: DESKTOP-8HO2H5Q [administrator]
 
07-09-2017 21:25:58
mbar-log-2017-09-07 (21-25-58).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 334418
Time elapsed: 6 minute(s), 42 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
There was no malware found in the scan.
------------------------------------------------------
 
AdwCleaner:
 
# AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 07 19:37:19 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 09-01-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\freemake shared                (I know for a fact that this program has nothing to do with it. Therefore i want to keep this program.)
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
------------------------------------------------------------
 
MiniToolBox:
 
MTB.txt:
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Ahams (administrator) on 07-09-2017 at 21:40:41
Running from "C:\Users\ushe2\Desktop"
Microsoft Windows 10 Home  (X64)
Model: Z97-HD3 Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
0.0.0.0                   telemetry.malwarebytes.com
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Ethernet (kernefejlfinding)" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DESKTOP-8HO2H5Q
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : FC-AA-14-0E-59-FA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8175:f620:d539:4a0d%5(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.100.104(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 7. september 2017 15:27:07
   Lease Expires . . . . . . . . . . : 14. september 2017 15:36:10
   Default Gateway . . . . . . . . . : 192.168.100.1
   DHCP Server . . . . . . . . . . . : 192.168.100.1
   DHCPv6 IAID . . . . . . . . . . . : 50113044
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-E3-27-A1-FC-AA-14-0E-59-FA
   DNS Servers . . . . . . . . . . . : 192.168.100.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:30aa:2876:438d:5190(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::30aa:2876:438d:5190%10(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 117440512
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-E3-27-A1-FC-AA-14-0E-59-FA
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dlinkrouter
Address:  192.168.100.1
 
Name:    google.com
Addresses:  2a00:1450:400e:806::200e
 172.217.17.110
 
 
Pinging google.com [172.217.17.110] with 32 bytes of data:
Reply from 172.217.17.110: bytes=32 time=15ms TTL=54
Reply from 172.217.17.110: bytes=32 time=15ms TTL=54
 
Ping statistics for 172.217.17.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 15ms, Average = 15ms
Server:  dlinkrouter
Address:  192.168.100.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 206.190.36.45
 98.138.253.109
 98.139.180.149
 
 
Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
Reply from 98.139.180.149: bytes=32 time=99ms TTL=50
Reply from 98.139.180.149: bytes=32 time=98ms TTL=50
 
Ping statistics for 98.139.180.149:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 98ms, Maximum = 99ms, Average = 98ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...fc aa 14 0e 59 fa ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.100.1  192.168.100.104     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
    192.168.100.0    255.255.255.0         On-link   192.168.100.104    281
  192.168.100.104  255.255.255.255         On-link   192.168.100.104    281
  192.168.100.255  255.255.255.255         On-link   192.168.100.104    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link   192.168.100.104    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link   192.168.100.104    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    331 ::/0                     On-link
  1    331 ::1/128                  On-link
 10    331 2001::/32                On-link
 10    331 2001:0:5ef5:79fb:30aa:2876:438d:5190/128
                                    On-link
  5    281 fe80::/64                On-link
 10    331 fe80::/64                On-link
 10    331 fe80::30aa:2876:438d:5190/128
                                    On-link
  5    281 fe80::8175:f620:d539:4a0d/128
                                    On-link
  1    331 ff00::/8                 On-link
  5    281 ff00::/8                 On-link
 10    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/07/2017 03:30:57 PM) (Source: SideBySide) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0"1".
Afhængig samling Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" blev ikke fundet.
Anvend sxstrace.exe til detaljeret diagnose.
 
Error: (09/07/2017 03:30:57 PM) (Source: SideBySide) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0"1".
Afhængig samling Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" blev ikke fundet.
Anvend sxstrace.exe til detaljeret diagnose.
 
Error: (09/07/2017 03:29:52 PM) (Source: SideBySide) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1". Der er en fejl i manifestet eller politikfilen "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" i linje UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Den komponentidentitet, der blev fundet i manifestet, stemmer ikke overens med den anmodede komponents identitet.
Reference er UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition er UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Anvend sxstrace.exe til detaljeret diagnose.
 
Error: (09/07/2017 03:27:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-8HO2H5Q)
Description: Aktivering af app‘en Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI mislykkedes med fejlen: -2147023170 Du kan finde flere oplysninger i loggen Microsoft-Windows-TWinUI/Operational.
 
Error: (09/07/2017 03:27:17 PM) (Source: Application Error) (User: )
Description: Navn på program med fejl: SearchUI.exe, version: 10.0.15063.332, tidsstempel: 0x591fdafc
Navn på modul med fejl: SearchUI.exe, version: 10.0.15063.332, tidsstempel: 0x591fdafc
Undtagelseskode: 0xc000027b
Forskydning med fejl 0x00000000001ae3e1
Proces-id 0x1948
Programmets starttidspunkt 0xSearchUI.exe0
Programsti: SearchUI.exe1
Modulsti: SearchUI.exe2
Rapport-id: SearchUI.exe3
Fuldt navn på program med fejl: SearchUI.exe4
Relativt program-id for program med fejl: SearchUI.exe5
 
Error: (09/07/2017 03:27:13 PM) (Source: OVRServiceLauncher) (User: )
Description: [LauncherService] Unable to launch: Application 'C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe' is not code signed.
 
Error: (09/07/2017 03:27:08 PM) (Source: OVRServiceLauncher) (User: )
Description: [LauncherService] Unable to launch: There is no active interactive user session.
 
Error: (09/07/2017 03:21:05 PM) (Source: SideBySide) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0"1".
Afhængig samling Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" blev ikke fundet.
Anvend sxstrace.exe til detaljeret diagnose.
 
Error: (09/07/2017 03:21:05 PM) (Source: SideBySide) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0"1".
Afhængig samling Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" blev ikke fundet.
Anvend sxstrace.exe til detaljeret diagnose.
 
Error: (09/07/2017 03:20:05 PM) (Source: SideBySide) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1". Der er en fejl i manifestet eller politikfilen "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" i linje UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Den komponentidentitet, der blev fundet i manifestet, stemmer ikke overens med den anmodede komponents identitet.
Reference er UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition er UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Anvend sxstrace.exe til detaljeret diagnose.
 
 
System errors:
=============
Error: (09/07/2017 03:38:12 PM) (Source: Service Control Manager) (User: )
Description: Tjenesten eapihdrv kunne ikke starte pga. følgende fejl: 
%%1275 = Indlæsningen af driveren blev blokeret.
 
 
Error: (09/07/2017 03:38:12 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\ushe2\AppData\Local\Temp\ehdrv.sys
 
Error: (09/07/2017 03:38:12 PM) (Source: Service Control Manager) (User: )
Description: Tjenesten eapihdrv kunne ikke starte pga. følgende fejl: 
%%1275 = Indlæsningen af driveren blev blokeret.
 
 
Error: (09/07/2017 03:38:12 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\ushe2\AppData\Local\Temp\ehdrv.sys
 
Error: (09/07/2017 03:38:12 PM) (Source: Service Control Manager) (User: )
Description: Tjenesten eapihdrv kunne ikke starte pga. følgende fejl: 
%%1275 = Indlæsningen af driveren blev blokeret.
 
 
Error: (09/07/2017 03:38:12 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\ushe2\AppData\Local\Temp\ehdrv.sys
 
Error: (09/07/2017 03:38:11 PM) (Source: Service Control Manager) (User: )
Description: Tjenesten eapihdrv kunne ikke starte pga. følgende fejl: 
%%1275 = Indlæsningen af driveren blev blokeret.
 
 
Error: (09/07/2017 03:38:11 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\ushe2\AppData\Local\Temp\ehdrv.sys
 
Error: (09/07/2017 03:38:11 PM) (Source: Service Control Manager) (User: )
Description: Tjenesten eapihdrv kunne ikke starte pga. følgende fejl: 
%%1275 = Indlæsningen af driveren blev blokeret.
 
 
Error: (09/07/2017 03:38:11 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\ushe2\AppData\Local\Temp\ehdrv.sys
 
 
Microsoft Office Sessions:
=========================
Error: (09/07/2017 03:30:57 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0"C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm\signtool.exe.Manifest
 
Error: (09/07/2017 03:30:57 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0"C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm64\signtool.exe.Manifest
 
Error: (09/07/2017 03:29:52 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL1
 
Error: (09/07/2017 03:27:31 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-8HO2H5Q)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2147023170
 
Error: (09/07/2017 03:27:17 PM) (Source: Application Error)(User: )
Description: SearchUI.exe10.0.15063.332591fdafcSearchUI.exe10.0.15063.332591fdafcc000027b00000000001ae3e1194801d327dd0671a331C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe342b3143-d948-4ab6-bc82-5cf3ac4d35b8Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewyCortanaUI
 
Error: (09/07/2017 03:27:13 PM) (Source: OVRServiceLauncher)(User: )
Description: [LauncherService] Unable to launch: Application 'C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe' is not code signed.
 
Error: (09/07/2017 03:27:08 PM) (Source: OVRServiceLauncher)(User: )
Description: [LauncherService] Unable to launch: There is no active interactive user session.
 
Error: (09/07/2017 03:21:05 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0"C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm\signtool.exe.Manifest
 
Error: (09/07/2017 03:21:05 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0"C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm64\signtool.exe.Manifest
 
Error: (09/07/2017 03:20:05 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL1
 
 
=========================== Installed Programs ============================
 
.NET Core SDK 1.1.0 (x64) (HKLM\...\{DF68596E-0F41-41CC-BAD9-9F30A9662D90}) (Version: 4.16.5124 - Microsoft Corporation) Hidden
.NET Core SDK 1.1.0 (x64) (HKLM-x32\...\{67d148ca-6fe2-47ec-bf5c-fbd64345d511}) (Version: 1.1.0 - Microsoft Corporation)
Active Directory Authentication Library for SQL Server (HKLM\...\{52D1FCFD-1052-4D75-B3FB-9906901AFD98}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Alien Swarm (HKLM\...\Steam App 630) (Version:  - Valve)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
Application Verifier x64 External Package (HKLM\...\{2D7C1671-6F3D-2AA7-DAA3-91C96B60B919}) (Version: 10.1.15063.468 - Microsoft) Hidden
BaDoink VR Player (HKLM-x32\...\{a09adfcb-2b62-46a2-b3b6-5601ce1f36c1}) (Version: 1.2.0.0 - CM Productions LLC)
BaDoinkVR Player (HKLM-x32\...\{5FC15826-1F69-40B2-B950-8B67B25BBD16}) (Version: 1.2.0.1 - CM Productions LLC)
Bigscreen Beta (HKLM\...\Steam App 457550) (Version:  - Bigscreen, Inc.)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Corsair Utility Engine (HKLM-x32\...\{5A1E247D-38F6-4398-991F-87619AC282A5}) (Version: 2.16.87 - Corsair)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.80.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.1 - )
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
Dead Cells (HKLM\...\Steam App 588650) (Version:  - Motion Twin)
DiagnosticsHub_CollectionService (HKLM\...\{37385261-BB10-4DE0-8822-84E1C4997ED2}) (Version: 15.0.26730 - Microsoft Corporation) Hidden
Discord (HKCU\...\Discord) (Version: 0.0.298 - Discord Inc.)
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Ellora Assets Corporation)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
icecap_collection_neutral (HKLM-x32\...\{743913D7-41D9-48C0-977D-FC87743A9BEC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{6BC73140-3CB6-486A-8350-BF35F54EFA19}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{67941F0C-2930-4C3F-983C-1089D2759B42}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{304B71E2-BA3A-419C-B632-3DFBB4AFE42B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{A54DCC30-E1EA-4912-A7F9-6C5A3AF1FB3A}) (Version: 10.0.1738 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
InMind VR (HKLM\...\Steam App 343740) (Version:  - Luden.io)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{955DB066-D013-43F3-908C-CBC851E3D4FF}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden
Killing Floor 2 (HKLM\...\Steam App 232090) (Version:  - Tripwire Interactive)
Kits Configuration Installer (HKLM-x32\...\{1704C439-1501-3446-7932-33DA822E8597}) (Version: 10.1.15063.468 - Microsoft) Hidden
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation)
Microsoft Azure PowerShell - September 2016 (HKLM-x32\...\{CB3F8A12-1570-4964-8206-17274AB9EF4D}) (Version: 2.1.0 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.1 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.1) (Version: 5.1.1760.1722 - Microsoft Corporation)
Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - da-dk (HKLM\...\O365ProPlusRetail - da-dk) (Version: 16.0.8326.2096 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.11.33287.817 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{65C71B09-C33D-4F60-93EA-DF3AD1D40600}) (Version: 10.0.1981 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Momodora: Reverie Under the Moonlight (HKLM\...\Steam App 428550) (Version:  - Bombservice)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.10 - MSI)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Grafikdriver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA HD-lyddriver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX-systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Oculus (HKLM\...\Oculus) (Version: <3 - Oculus VR, LLC)
Oculus Rift DK2 Sensor Driver (HKLM\...\{F786EF4E-73FE-4700-AC19-FFC0B2298F20}) (Version: 1.0.0.0 - Oculus VR, LLC) Hidden
Oculus Rift Monitor Driver (HKLM\...\{E932D5B4-547A-4959-B642-3816836283E3}) (Version: 1.0.1.0 - Oculus VR, LLC) Hidden
Oculus Rift Sensor Driver (HKLM\...\{E724ED40-8962-4987-901D-57AC8C9E41CD}) (Version: 1.0.20.0 - Oculus VR, LLC) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0406-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.13.6637 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version:  - Kakao Corp.)
qBittorrent 3.3.15 (HKLM-x32\...\qBittorrent) (Version: 3.3.15 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8228 - Realtek Semiconductor Corp.)
Rec Room (HKLM\...\Steam App 471710) (Version:  - Against Gravity®)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
RogueKiller version 12.11.13.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.13.0 - Adlice Software)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{CD08D2FC-15E2-4B11-A824-091CD344612E}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{6F410B16-8B46-43AF-BC73-C43EE190BFA4}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{F210BD01-6020-4406-AAE1-15B4D4C096C8}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
Starbound (HKLM\...\Steam App 211820) (Version:  - Chucklefish)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamVR (HKLM\...\Steam App 250820) (Version:  - )
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.1.4.2 - TeamSpeak Systems GmbH)
TEKKEN 7 (HKLM\...\Steam App 389730) (Version:  - BANDAI NAMCO Studios Inc.)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{D23DC9CD-5870-9D26-5DE9-6273CAC7DD5B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{51523D5B-FC32-CAB4-E54E-E41C0E4C1726}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{573C4B4F-B9B9-28DA-0243-D118DD3EE574}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3C75FFD3-00CF-1974-2935-7BED20381899}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{812954B8-9658-EFE2-FB5F-B422048AA053}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{05086CEC-62C1-B12C-2FEC-C58E166FA7E8}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 36.0 - Ubisoft)
vcpp_crt.redist.clickonce (HKLM-x32\...\{C36E80D0-EED5-481F-9852-1EBB0DD122B6}) (Version: 14.11.25325 - Microsoft Corporation) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VS Immersive Activate Helper (HKLM-x32\...\{FD1039C3-228B-43BB-820A-ACAED580A9D5}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{75068E51-7C37-4003-84C2-C67461C8D60A}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A9ED1B56-3819-4B14-A929-89DD3E16E216}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{EF9A8134-DF80-46A8-85AF-7FBD1E848C12}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{028492D7-855B-4018-B0A8-B5411EED541A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{DCAD4F0C-21F2-4955-9C0A-2B7CEA610A74}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{C32010D8-3E5A-4E2F-874E-9AAEB2384006}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{440B670C-9862-487A-A381-57173D344039}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_codecoveragemsi (HKLM-x32\...\{4047FD10-8010-453A-A110-EA2CF71591B9}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_codeduitestframeworkmsi (HKLM-x32\...\{768725FE-C24E-4D48-BB07-6046761C2A00}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{52100697-9C66-44F3-BA20-68F8148CDF9B}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitcommoncoremsi (HKLM-x32\...\{35804EBF-56A5-4847-848B-1A067AC6DE56}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitextensionmsi (HKLM-x32\...\{C356AA66-C6D7-43C5-9D31-9D58DFB0FE2F}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitextensionmsi_x64 (HKLM-x32\...\{EA12406A-8EED-49AB-A47B-FFA47D4F9ADE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{134E1F55-10CB-4837-9F43-C8145933AA3E}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{5A528FAB-6AD3-4F9A-9A1C-566A5C02C3D6}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{D0772A03-7FC2-4B20-AC1F-B278299AA9C7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{0F2742A7-6A64-46A2-94AE-22F19808BE2F}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_networkemulationmsi_x64 (HKLM-x32\...\{DC5A810D-6264-4280-8475-4CB6B36D84AE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5C682D5E-7168-47C6-87CD-53E2103B08AC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{032E21D1-556F-49D6-9518-CF53202AF63B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WinAppDeploy (HKLM-x32\...\{1AD35036-0E71-1C38-E4F8-14F6ED75EA98}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{E1C6F438-7C50-41F5-8B47-3CC96D397CA3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.468 (HKLM-x32\...\{0a829ae9-ca13-4f58-a168-648e80cf6739}) (Version: 10.1.15063.468 - Microsoft Corporation)
WinRAR 5.50 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.4 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{3E1718A0-E5A4-04EB-E85C-DF94790FCCF4}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{26FD6F7E-30DF-16AB-9F3B-2EC665C36498}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{B3E6FE24-A4E4-0454-5004-D8A3CCC9B0F6}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{CC57D696-D6B5-DB4D-7ABC-C373CF7E6D73}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{891DDA6A-C9D4-9C57-BC4E-B77CE28BAFC3}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{C22B0226-A0C4-B973-C0BF-24A3D66B8C3E}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{F3F1C906-9349-1B25-3680-65015218BD99}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{CB8253BF-62B4-A504-7E06-BA102F48C02B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{7E351EBA-A063-4DE6-9F95-094883AAF7DA}) (Version: 2.1.10713.0 - Microsoft Corporation) Hidden
XMedia Recode version 3.3.5.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.3.5.8 - XMedia Recode)
ロリサキュバス【エルザ】のお兄様いじめ 搾精CG&淫靡Voice (HKLM-x32\...\ロリサキュバス【エルザ】のお兄様いじめ 搾精CG&淫靡Voice_is1) (Version: 1.0 - B-bishiop)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 28%
Total physical RAM: 16245.45 MB
Available physical RAM: 11665.13 MB
Total Virtual: 17269.45 MB
Available Virtual: 11254.5 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:232.33 GB) (Free:149.58 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:698.51 GB) (Free:302.41 GB) NTFS
 
========================= Users: ========================================
 
Brugerkonti for \\DESKTOP-8HO2H5Q
 
Administrator            Ahams                    DefaultAccount           
G‘st                     
Kommandoen blev udf›rt.
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
06-09-2017 17:39:55 Removed Gigantic Launcher
07-09-2017 13:09:42 JRT Pre-Junkware Removal
 
**** End of log ****
----------------------------------------------------------------------------------------------------------------------------
 
Result.txt:
 
(I could not find the Result.txt file. I ran the program from the desktop, and i can only see the "MTB.txt" file. There is nothing on my desktop called "Result.txt")
----------------------------------------------------------------------------------------------------------------------------
Also a little side note: Malwarebytes have put the zed.exe in quarantine automatically everytime it appears. Right now there are 3 copies of the zed.exe in quarantine in malwarebytes.
 
EDIT: misspelled some words ;)

Edited by Ahams, 07 September 2017 - 02:51 PM.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:55 AM

Posted 07 September 2017 - 02:55 PM

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.



***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the boxes next to Addition.txt and Shortcut.txt. Then press the Scan button.
  • When finished, it will produce logs called FRST.txt, Shortcut.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Ahams

Ahams
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 AM

Posted 07 September 2017 - 03:02 PM

JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by Ahams (Administrator) on 07-09-2017 at 21:57:11,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07-09-2017 at 21:58:13,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Shortcut.txt:
 
Users shortcut scan result (x64) Version: 20-08-2017
Ran by Ahams (07-09-2017 22:01:30)
Running from C:\Users\ushe2\Desktop
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\ushe2\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\ushe2\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\ushe2\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\ushe2\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\ushe2\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\ushe2 ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\Blend.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\devenv.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode\Uninstall XMedia Recode.lnk -> C:\Program Files (x86)\XMedia Recode\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode\XMedia Recode.lnk -> C:\Program Files (x86)\XMedia Recode\XMedia Recode.exe (XMedia Recode)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Documentation for Desktop Apps.lnk -> C:\Program Files (x86)\Windows Kits\10\Shortcuts\DesktopDevCenterLearn.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Documentation for Windows Store Apps.lnk -> C:\Program Files (x86)\Windows Kits\10\Shortcuts\WindowsStoreAppDevCenterLearn.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Samples for Desktop Apps.lnk -> C:\Program Files (x86)\Windows Kits\10\Shortcuts\DesktopDevCenterSamples.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Samples for Windows Store Apps.lnk -> C:\Program Files (x86)\Windows Kits\10\Shortcuts\WindowsStoreAppDevCenterSamples.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Tools for Desktop Apps.lnk -> C:\Program Files (x86)\Windows Kits\10\Shortcuts\DesktopDevCenterToolsDocumentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Tools for Windows Store Apps.lnk -> C:\Program Files (x86)\Windows Kits\10\Shortcuts\WindowsStoreAppDevCenterToolsDocumentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows App Certification Kit\Windows App Cert Kit.lnk -> C:\Program Files (x86)\Windows Kits\10\App Certification Kit\appcertui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Application Verifier (X86)\Application Verifier (WOW).lnk -> C:\Windows\syswow64\appverif.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Application Verifier (X64)\Application Verifier (X64).lnk -> C:\Windows\System32\appverif.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Application Verifier (X64)\Application Verifier Help.lnk -> C:\Windows\System32\appverif.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Download Visual Studio Modeling SDK.lnk -> hxxps:\go.microsoft.com\fwlink\
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Getting Started with the Microsoft Visual Studio 2017 SDK.lnk -> hxxps:\go.microsoft.com\fwlink\
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Microsoft Visual Studio 2017 SDK Documentation.lnk -> hxxps:\go.microsoft.com\fwlink\
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Visual Studio Gallery.lnk -> hxxps:\go.microsoft.com\fwlink\
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\VSX Developer Center.lnk -> hxxps:\go.microsoft.com\fwlink\
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\VSX Samples on Code Gallery.lnk -> hxxps:\go.microsoft.com\fwlink\
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Speccy.lnk -> C:\Program Files\Speccy\Speccy64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent\qBittorrent.lnk -> C:\Program Files\qBittorrent\qbittorrent.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent\Uninstall.lnk -> C:\Program Files\qBittorrent\uninst.exe (The qBittorrent project)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch Test\Overwatch Test.lnk -> D:\Overwatch Test\Overwatch Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch\Overwatch.lnk -> D:\Overwatch\Overwatch Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Afinstallér Origin..lnk -> C:\Program Files (x86)\Origin\OriginUninstall.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Fejlrapporteringsredskab til Origin.lnk -> C:\Program Files (x86)\Origin\OriginER.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\MSI OC Kit\Afinstaller (fjern) MSI OC Kit.lnk -> C:\Program Files (x86)\MSI\MSI OC Kit\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\Gaming APP\Gaming APP.lnk -> C:\Program Files (x86)\MSI\Gaming APP\SGamingApp.exe (Micro-Star Int'l Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\Gaming APP\Uninstall Gaming APP.lnk -> C:\Program Files (x86)\MSI\Gaming APP\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-værktøjer\Skype for Business Optagelsesstyring.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-værktøjer\Sprogindstillinger i Office 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-værktøjer\Telemetridashboard til Office 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msotd.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-værktøjer\Telemetrilog til Office 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Storage Emulator\Microsoft Azure Storage Emulator - v5.1.lnk -> C:\Windows\Installer\{B3C44E2A-BC4A-48D9-9AEF-6223C8775B7C}\AzureStorageEmulator.exe (Microsoft Azure)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Microsoft Azure SDK for .NET\v2.9\Documentation.lnk -> C:\Windows\Installer\{086C537B-DE1A-4A11-8441-6AAF076174B8}\HLPIcon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Microsoft Azure SDK for .NET\v2.9\Microsoft Azure HPC Scheduler SDK Content.lnk -> C:\Windows\Installer\{086C537B-DE1A-4A11-8441-6AAF076174B8}\WAIcon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Microsoft Azure SDK for .NET\v2.9\Release Notes.lnk -> C:\Windows\Installer\{086C537B-DE1A-4A11-8441-6AAF076174B8}\RELNIcon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Microsoft Azure SDK for .NET\v2.9\Samples.lnk -> C:\Windows\Installer\{086C537B-DE1A-4A11-8441-6AAF076174B8}\WAIcon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader\MegaDownloader.lnk -> C:\Program Files\MegaDownloader\MegaDownloader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader\Uninstall MegaDownloader.lnk -> C:\Program Files\MegaDownloader\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameMaker Studio 2\GameMaker Studio 2.lnk -> C:\Program Files\GameMaker Studio 2\GameMakerStudio.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameMaker Studio 2\Uninstall.lnk -> C:\Program Files\GameMaker Studio 2\uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe (Freemake)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Manual.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\HelpLauncher.exe (Elaborate Bytes AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Uninstall.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Virtual CloneDrive Revision History.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\manual\changes_vcd.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Virtual CloneDrive.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDPrefs.exe (Elaborate Bytes AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\PotPlayer 64 bit\PotPlayer 64 bit.lnk -> C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe (Kakao)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\PotPlayer 64 bit\Uninstall PotPlayer-64 bit.lnk -> C:\Program Files\DAUM\PotPlayer\uninstall.exe (Kakao)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.ini ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blizzard App\Blizzard App.lnk -> C:\Program Files (x86)\Blizzard App\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BaDoinkVRPlayer\BaDoinkVRPlayer.lnk -> C:\Program Files (x86)\BaDoink\BaDoinkVR Player\BaDoinkVRPlayer.exe (CM Productions LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B-bishiop\ロリサキュバス【エルザ】のお兄様いじめ 搾精CG淫靡Voice.lnk -> C:\Program Files (x86)\Elsa\Elsa.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\syswow64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Oculus\Oculus Support.lnk -> C:\Program Files\Oculus\Oculus.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Oculus\Oculus.lnk -> C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe (Oculus VR, LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine\Corsair Utility Engine.lnk -> C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe (Corsair Components, Inc.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\Links\Desktop.lnk -> C:\Users\ushe2\Desktop ()
Shortcut: C:\Users\ushe2\Links\Downloads.lnk -> C:\Users\ushe2\Downloads ()
Shortcut: C:\Users\ushe2\Links\OneDrive.lnk -> C:\Users\ushe2\OneDrive ()
Shortcut: C:\Users\ushe2\Desktop\Denne pc.lnk -> [LFPO :i+00<j1SPS0%G`%Denne pc)Systemmappe1SPSjc(=Oe)::{20D04FE0-3AEA-1069-A2D8-08002B30309D}E1SPSOh+')Computer]
Shortcut: C:\Users\ushe2\Desktop\Ahams Stuff\Far\Privat\Genvej til DSCN1364.lnk -> D:\Ahams stuff\Far\Privat\DSCN1364.JPG (No File)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papirkurv.lnk -> [LFx@_dP/N1SPSU(Ly9K-e)::{645FF040-5081-101B-9F08-00AA002F954E}]
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk -> C:\Users\ushe2\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe (Ubisoft)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\unins000.exe ()
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-filoverførsel.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PotPlayer 64 bit.lnk -> C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe (Kakao)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Blizzard App.lnk -> C:\Program Files (x86)\Blizzard App\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\ushe2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\League of Legends.lnk -> D:\Cancer game\LeagueClient.exe ()
Shortcut: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\Developer Command Prompt for VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\Tools\VsDevCmd.bat"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\VC\x64 Native Tools Command Prompt for VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\VC\x64_x86 Cross Tools Command Prompt for VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvarsamd64_x86.bat"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\VC\x86 Native Tools Command Prompt for VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvars32.bat"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\VC\x86_x64 Cross Tools Command Prompt for VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvarsx86_amd64.bat"
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Windows Software Development Kit.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Windows Kits\10\"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\Debuggable Package Manager.lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -Command "& { Import-Module Appx; Import-Module .\AppxDebug.dll; Show-AppxDebug}"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Tools\Reset the Visual Studio 2017 Experimental Instance.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /C "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VSSDK\VisualStudioIntegration\Tools\Bin\CreateExpInstance.exe" /Reset /VSInstance=15.0_0d20e639 /RootSuffix=Exp && PAUSE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Microsoft Visual Studio SDK\Tools\Start Experimental Instance of Visual Studio 2017.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\devenv.exe (Microsoft Corporation) -> /rootSuffix Exp
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-værktøjer\Database Compare 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-værktøjer\Overførselscenter til Office 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-værktøjer\Spreadsheet Compare 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Microsoft Azure SDK for .NET\v2.9\Microsoft Azure Command Prompt - v2.9.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /V:ON /K "C:\Program Files\Microsoft SDKs\Azure\.NET SDK\v2.9\\bin\setenv.cmd"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure\Emulator\Microsoft Azure Compute Emulator - v2.9.lnk -> C:\Windows\Installer\{BB44C8F9-C555-45CF-B6DA-80131B139165}\DFIcon.exe () -> /devfabric:start
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () ->  /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameMaker Studio 2\GameMaker Studio 2 License.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) -> C:\Program Files\GameMaker Studio 2\License.txt
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Oculus\Uninstall Oculus.lnk -> C:\Program Files\Oculus\OculusSetup.exe (Oculus VR, LLC) -> /uninstall
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\OVRLibraryService\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\OVRLibraryService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\ushe2\AppData\Roaming\Microsoft\Word\Forløbsplan%20Obligatorisk%20Uddannelseselement%20306112804059968279\Forløbsplan%20Obligatorisk%20Uddannelseselement%20Programmering%20og%20Teknologi.docx.lnk -> C:\Users\ushe2\Desktop\Ahams Stuff\Datamatik\Forløbsplan Obligatorisk Uddannelseselement Programmering og Teknologi.docx () -> 14
ShortcutWithArgument: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc\Discord.lnk -> C:\Users\ushe2\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps\mydlink services plugin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ldibdoepbjbkkcbgndfljnphngpglhbb
ShortcutWithArgument: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
ShortcutWithArgument: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\ushe2\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode\XMedia Recode on the Web.url -> URL: hxxp://www.xmedia-recode.de/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Speccy Homepage.url -> URL: hxxp://www.piriform.com/speccy
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\Gaming APP\MSI Website.url -> URL: hxxp://www.msi.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\ushe2\OneDrive\Dokumenter\Matematik vækstmodeller.url -> URL: hxxps://onedrive.live.com/redir.aspx?cid=0a7c90c2074d8157&resid=A7C90C2074D8157!1295&type=3
InternetURL: C:\Users\ushe2\OneDrive\Dokumenter\Personlig (web).url -> URL: hxxps://onedrive.live.com/redir.aspx?cid=0a7c90c2074d8157&resid=A7C90C2074D8157!115&type=3
InternetURL: C:\Users\ushe2\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\ushe2\Favorites\Acer\Acer.url -> URL: hxxp://www.acer.com/
InternetURL: C:\Users\ushe2\Desktop\Ahams Stuff\Nvidia inspector\guru3d.url -> BASEURL: hxxp://www.guru3d.com/ URL: hxxp://www.guru3d.com/
InternetURL: C:\Users\ushe2\Desktop\Ahams Stuff\Music\Shinsekai Yori Original Soundtrack CD2\Anime OST Join Today!.url -> BASEURL: hxxp://animeost.info/ URL: hxxp://animeost.info/
InternetURL: C:\Users\ushe2\Desktop\Ahams Stuff\Music\Shinsekai Yori Original Soundtrack CD1\Anime OST Join Today!.url -> BASEURL: hxxp://animeost.info/ URL: hxxp://animeost.info/
InternetURL: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tom Clancy's Rainbow Six Siege.url -> URL: uplay://launch/635/0
 
==================== End of Shortcut.txt =============================
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Ahams (07-09-2017 22:01:24)
Running from C:\Users\ushe2\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-26 20:32:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4027789535-904595525-3014968156-500 - Administrator - Disabled)
Ahams (S-1-5-21-4027789535-904595525-3014968156-1001 - Administrator - Enabled) => C:\Users\ushe2
DefaultAccount (S-1-5-21-4027789535-904595525-3014968156-503 - Limited - Disabled)
Gæst (S-1-5-21-4027789535-904595525-3014968156-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
.NET Core SDK 1.1.0 (x64) (HKLM\...\{DF68596E-0F41-41CC-BAD9-9F30A9662D90}) (Version: 4.16.5124 - Microsoft Corporation) Hidden
.NET Core SDK 1.1.0 (x64) (HKLM-x32\...\{67d148ca-6fe2-47ec-bf5c-fbd64345d511}) (Version: 1.1.0 - Microsoft Corporation)
Active Directory Authentication Library for SQL Server (HKLM\...\{52D1FCFD-1052-4D75-B3FB-9906901AFD98}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Alien Swarm (HKLM\...\Steam App 630) (Version:  - Valve)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
Application Verifier x64 External Package (HKLM\...\{2D7C1671-6F3D-2AA7-DAA3-91C96B60B919}) (Version: 10.1.15063.468 - Microsoft) Hidden
BaDoink VR Player (HKLM-x32\...\{a09adfcb-2b62-46a2-b3b6-5601ce1f36c1}) (Version: 1.2.0.0 - CM Productions LLC)
BaDoinkVR Player (HKLM-x32\...\{5FC15826-1F69-40B2-B950-8B67B25BBD16}) (Version: 1.2.0.1 - CM Productions LLC)
Bigscreen Beta (HKLM\...\Steam App 457550) (Version:  - Bigscreen, Inc.)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Corsair Utility Engine (HKLM-x32\...\{5A1E247D-38F6-4398-991F-87619AC282A5}) (Version: 2.16.87 - Corsair)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.80.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.1 - )
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
Dead Cells (HKLM\...\Steam App 588650) (Version:  - Motion Twin)
DiagnosticsHub_CollectionService (HKLM\...\{37385261-BB10-4DE0-8822-84E1C4997ED2}) (Version: 15.0.26730 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-4027789535-904595525-3014968156-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Ellora Assets Corporation)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
icecap_collection_neutral (HKLM-x32\...\{743913D7-41D9-48C0-977D-FC87743A9BEC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{6BC73140-3CB6-486A-8350-BF35F54EFA19}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{67941F0C-2930-4C3F-983C-1089D2759B42}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{304B71E2-BA3A-419C-B632-3DFBB4AFE42B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{A54DCC30-E1EA-4912-A7F9-6C5A3AF1FB3A}) (Version: 10.0.1738 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
InMind VR (HKLM\...\Steam App 343740) (Version:  - Luden.io)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{955DB066-D013-43F3-908C-CBC851E3D4FF}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden
Killing Floor 2 (HKLM\...\Steam App 232090) (Version:  - Tripwire Interactive)
Kits Configuration Installer (HKLM-x32\...\{1704C439-1501-3446-7932-33DA822E8597}) (Version: 10.1.15063.468 - Microsoft) Hidden
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation)
Microsoft Azure PowerShell - September 2016 (HKLM-x32\...\{CB3F8A12-1570-4964-8206-17274AB9EF4D}) (Version: 2.1.0 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.1 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.1) (Version: 5.1.1760.1722 - Microsoft Corporation)
Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - da-dk (HKLM\...\O365ProPlusRetail - da-dk) (Version: 16.0.8326.2096 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.11.33287.817 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{65C71B09-C33D-4F60-93EA-DF3AD1D40600}) (Version: 10.0.1981 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Momodora: Reverie Under the Moonlight (HKLM\...\Steam App 428550) (Version:  - Bombservice)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.10 - MSI)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Grafikdriver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA HD-lyddriver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX-systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Oculus (HKLM\...\Oculus) (Version: <3 - Oculus VR, LLC)
Oculus Rift DK2 Sensor Driver (HKLM\...\{F786EF4E-73FE-4700-AC19-FFC0B2298F20}) (Version: 1.0.0.0 - Oculus VR, LLC) Hidden
Oculus Rift Monitor Driver (HKLM\...\{E932D5B4-547A-4959-B642-3816836283E3}) (Version: 1.0.1.0 - Oculus VR, LLC) Hidden
Oculus Rift Sensor Driver (HKLM\...\{E724ED40-8962-4987-901D-57AC8C9E41CD}) (Version: 1.0.20.0 - Oculus VR, LLC) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0406-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.13.6637 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version:  - Kakao Corp.)
qBittorrent 3.3.15 (HKLM-x32\...\qBittorrent) (Version: 3.3.15 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8228 - Realtek Semiconductor Corp.)
Rec Room (HKLM\...\Steam App 471710) (Version:  - Against Gravity®)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
RogueKiller version 12.11.13.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.13.0 - Adlice Software)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{CD08D2FC-15E2-4B11-A824-091CD344612E}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{6F410B16-8B46-43AF-BC73-C43EE190BFA4}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{F210BD01-6020-4406-AAE1-15B4D4C096C8}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
Starbound (HKLM\...\Steam App 211820) (Version:  - Chucklefish)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamVR (HKLM\...\Steam App 250820) (Version:  - )
TeamSpeak 3 Client (HKU\S-1-5-21-4027789535-904595525-3014968156-1001\...\TeamSpeak 3 Client) (Version: 3.1.4.2 - TeamSpeak Systems GmbH)
TEKKEN 7 (HKLM\...\Steam App 389730) (Version:  - BANDAI NAMCO Studios Inc.)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{D23DC9CD-5870-9D26-5DE9-6273CAC7DD5B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{51523D5B-FC32-CAB4-E54E-E41C0E4C1726}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{573C4B4F-B9B9-28DA-0243-D118DD3EE574}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3C75FFD3-00CF-1974-2935-7BED20381899}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{812954B8-9658-EFE2-FB5F-B422048AA053}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{05086CEC-62C1-B12C-2FEC-C58E166FA7E8}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 36.0 - Ubisoft)
vcpp_crt.redist.clickonce (HKLM-x32\...\{C36E80D0-EED5-481F-9852-1EBB0DD122B6}) (Version: 14.11.25325 - Microsoft Corporation) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VS Immersive Activate Helper (HKLM-x32\...\{FD1039C3-228B-43BB-820A-ACAED580A9D5}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{75068E51-7C37-4003-84C2-C67461C8D60A}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A9ED1B56-3819-4B14-A929-89DD3E16E216}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{EF9A8134-DF80-46A8-85AF-7FBD1E848C12}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{028492D7-855B-4018-B0A8-B5411EED541A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{DCAD4F0C-21F2-4955-9C0A-2B7CEA610A74}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{C32010D8-3E5A-4E2F-874E-9AAEB2384006}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{440B670C-9862-487A-A381-57173D344039}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_codecoveragemsi (HKLM-x32\...\{4047FD10-8010-453A-A110-EA2CF71591B9}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_codeduitestframeworkmsi (HKLM-x32\...\{768725FE-C24E-4D48-BB07-6046761C2A00}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{52100697-9C66-44F3-BA20-68F8148CDF9B}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitcommoncoremsi (HKLM-x32\...\{35804EBF-56A5-4847-848B-1A067AC6DE56}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitextensionmsi (HKLM-x32\...\{C356AA66-C6D7-43C5-9D31-9D58DFB0FE2F}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitextensionmsi_x64 (HKLM-x32\...\{EA12406A-8EED-49AB-A47B-FFA47D4F9ADE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{134E1F55-10CB-4837-9F43-C8145933AA3E}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{5A528FAB-6AD3-4F9A-9A1C-566A5C02C3D6}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{D0772A03-7FC2-4B20-AC1F-B278299AA9C7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{0F2742A7-6A64-46A2-94AE-22F19808BE2F}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_networkemulationmsi_x64 (HKLM-x32\...\{DC5A810D-6264-4280-8475-4CB6B36D84AE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5C682D5E-7168-47C6-87CD-53E2103B08AC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{032E21D1-556F-49D6-9518-CF53202AF63B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WinAppDeploy (HKLM-x32\...\{1AD35036-0E71-1C38-E4F8-14F6ED75EA98}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{E1C6F438-7C50-41F5-8B47-3CC96D397CA3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.468 (HKLM-x32\...\{0a829ae9-ca13-4f58-a168-648e80cf6739}) (Version: 10.1.15063.468 - Microsoft Corporation)
WinRAR 5.50 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.4 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{3E1718A0-E5A4-04EB-E85C-DF94790FCCF4}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{26FD6F7E-30DF-16AB-9F3B-2EC665C36498}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{B3E6FE24-A4E4-0454-5004-D8A3CCC9B0F6}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{CC57D696-D6B5-DB4D-7ABC-C373CF7E6D73}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{891DDA6A-C9D4-9C57-BC4E-B77CE28BAFC3}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{C22B0226-A0C4-B973-C0BF-24A3D66B8C3E}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{F3F1C906-9349-1B25-3680-65015218BD99}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{CB8253BF-62B4-A504-7E06-BA102F48C02B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{7E351EBA-A063-4DE6-9F95-094883AAF7DA}) (Version: 2.1.10713.0 - Microsoft Corporation) Hidden
XMedia Recode version 3.3.5.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.3.5.8 - XMedia Recode)
ロリサキュバス【エルザ】のお兄様いじめ 搾精CG淫靡Voice (HKLM-x32\...\ロリサキュバス【エルザ】のお兄様いじめ 搾精CG淫靡Voice_is1) (Version: 1.0 - B-bishiop)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4027789535-904595525-3014968156-1001_Classes\CLSID\{C52B9871-E5E9-41FD-B84D-C5ACADBEC7AE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-02] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-07-19] (NVIDIA Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-16] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14CD7534-E4D6-407D-8B37-9E281BCF6649} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {3656FBC4-A177-44B1-8D1E-79D85B780B58} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {3B725185-3EFB-4BE4-ACB7-5C86C978E976} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {471304DF-CA69-47D9-92E5-F5BC9446EE59} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {4BD64850-DC65-4547-AFE8-15E18BABC544} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {612F426D-2C61-445C-B1A0-F8A68AD06EE4} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {65326D28-C6AB-46B4-9DBF-8C08D51DC4D2} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation)
Task: {764A9C1C-32F6-4438-A7ED-6EF639AC8D30} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation)
Task: {7F0CF1B7-0A28-4909-9B55-699235AE1DB7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-03] ()
Task: {88A8D303-4221-4689-AF64-EDD0454C85F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-26] (Google Inc.)
Task: {89D71AF6-3C8C-4A48-A932-721C1CDA2B93} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-03] ()
Task: {9E428023-A99C-447D-B8E9-13CF78E7F067} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-03] (Microsoft Corporation)
Task: {A66A6973-6E07-459C-A5D7-0FF16F714345} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-03] (Microsoft Corporation)
Task: {B3E900B9-BEB6-4EED-A742-B0EA6C25A8DB} - System32\Tasks\Microsoft Advanced Identity Protection Service => C:\WINDOWS\system32\wusa.exe [2017-03-18] (Microsoft Corporation)
Task: {B4A04760-6CBA-4FD6-AB79-C739A911FB26} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation)
Task: {B6A49BC8-28F2-4A00-8230-1FA05196AA26} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {C96C355F-89A5-48C0-A32B-E1B219CD45B0} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {C9F879D5-0C51-4EDB-ABD3-6EE062E93399} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {D3D6F265-0BEB-4054-8C09-FBE457FC9D85} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {D616B1FC-739C-4B0B-8A4F-2BCE8A17FE7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-26] (Google Inc.)
Task: {F2C12946-B826-4694-9338-F32190B36FEE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-03] (Microsoft Corporation)
Task: {F59B2BE7-CAD6-45BC-AEE6-B0D7CB973A58} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {F68A910E-E50E-4673-B6B8-C6EFABDB4776} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {F786304B-2136-4F46-85FD-9576770CA98A} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [2017-01-19] (Micro-Star INT'L CO., LTD.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps\mydlink services plugin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ldibdoepbjbkkcbgndfljnphngpglhbb
ShortcutWithArgument: C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-20 06:44 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-26 23:25 - 2017-06-21 09:02 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-08-29 12:42 - 2017-08-23 10:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-29 12:42 - 2017-08-23 10:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-09-02 13:00 - 2017-09-02 13:03 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-06-26 23:54 - 2016-04-20 14:12 - 000772608 _____ () C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\Lib\USB_DLL.dll
2017-07-05 20:17 - 2017-07-05 20:17 - 002493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2017-06-26 23:25 - 2017-06-21 09:02 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\ushe2\AppData\Local\Temp:$DATA [16]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-06-26 23:04 - 2017-09-04 22:15 - 000000880 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0                   telemetry.malwarebytes.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4027789535-904595525-3014968156-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ushe2\Desktop\Ahams Stuff\Wallpaper collection\Made in Abyss\Reg and Riku.png
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{13FF2F62-1EA0-41FA-A195-12A33BAD5E5A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9A1F6266-3837-4793-86EC-BB18CE0DD4CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1290C247-7DC9-44BA-9AE3-65654AB7AAD0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DB04844E-ED17-408F-9AD1-1821CA35F251}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9E9D825F-F20E-4AF7-96D5-8C283F861879}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{148D6F89-9A0B-4934-9CDF-68A614E04FF0}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{181A09A2-52C7-43F3-B470-D0059B34FA7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2925094D-B6C4-41F6-A418-BC5F6D1D1382}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{178232D4-4829-4235-BF09-49618486102A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D276E570-4FF4-43C8-BA9F-9C35C4D0D74A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8E85968F-8F8E-47B0-BFB6-1B5D57473D7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{D7223FF2-19EF-4413-886E-BEEDD7DD4ADA}D:\steamlibrary\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe
FirewallRules: [UDP Query User{6916C17A-5578-4A38-A848-29FABB4910CE}D:\steamlibrary\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe
FirewallRules: [{94C3DF8E-387D-4B31-8486-E63AF86847F3}] => (Allow) D:\SteamLibrary\steamapps\common\TEKKEN 7\TEKKEN 7.exe
FirewallRules: [{3933F6F4-3A9B-4DF0-87D6-F8F10E586776}] => (Allow) D:\SteamLibrary\steamapps\common\TEKKEN 7\TEKKEN 7.exe
FirewallRules: [{2FA20C36-6B40-4ABC-BA67-DD988BFB0959}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Cells\deadcells.exe
FirewallRules: [{2791DC8E-368E-4B2E-ACD2-5AEFDDE77AB5}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Cells\deadcells.exe
FirewallRules: [{D534D42F-87FD-46A7-AE20-034C86765F2A}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{A08B395A-8C54-4E33-81C1-B5130B2BEA45}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{A3DA6755-5BE0-48DB-A8C3-78D6EF452BD9}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{0E0C458A-0188-474D-9267-6877298097A0}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{B9449074-CF83-4734-89C6-727C07DE60D3}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{57E99826-4FEB-4CBA-B725-29E03D9BF666}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{C494B164-F227-4FF2-BC23-0359225820A6}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{6DC956F6-A328-4601-8647-E82AE86D807E}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{80CDF168-ECEE-49D1-9C3A-A9EAB031988A}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{7CC022AC-3862-49A5-A420-950BA5625D91}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{39A4CF98-EF56-4F6A-B6A4-98B8C1D5E8E4}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{2C3677CD-00E4-49D3-82A1-27B6BFBF585E}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{59C92D98-FD6B-4D2A-9140-955E15A03A53}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{3170BDBD-DE84-4792-8718-67A200F46438}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{E96EFD05-2C6B-4809-A0A0-69FA58302378}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{A3501A3E-CB76-4213-B11A-9B1226B5B9A1}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{C1FA34E9-161F-4806-8E0D-74429CF15783}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8E16CB1B-0B48-44D6-84E7-1BB65F422073}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A746AF39-DB76-4E60-A9BB-F25D99F566BB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AE3A9C4E-E3D6-43BD-BE15-9A79687B4DC6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A638BD9B-1C8B-44E5-B5CB-24460B088396}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{05F44E1E-9BC1-44FD-B111-B6800F1F4AE0}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{C83C9A4A-65A7-4D17-8EC7-E9A119D7848F}D:\overwatch test\overwatch.exe] => (Allow) D:\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{A22BE01D-8E77-492D-9A3F-FA7A6D5A9D3E}D:\overwatch test\overwatch.exe] => (Allow) D:\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{46D6A391-A4F4-4104-8B98-A62F15038BE6}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{1B444605-9747-48CA-9C2E-E5190CD80AA1}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [{4E335E3C-79D9-4230-9A4B-E63CF44EA2A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{851AC23F-17D2-4C95-A591-79FEFC7C50D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{210481C3-B6E5-467E-B629-033BE759CF80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe
FirewallRules: [{BD887F2E-21DE-44A1-AA33-A9285696F4A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe
FirewallRules: [{5FAA91D7-DA8A-4AAE-902C-E17CFA81F5D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe
FirewallRules: [{157E6C1F-EADF-4CE0-A3C1-811F770DB686}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe
FirewallRules: [{371E49EA-E7CD-42F2-8AD6-72102EC7BA63}] => (Allow) D:\SteamLibrary\steamapps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{D5A0E12A-DF0A-4FC0-BB9B-573315176233}] => (Allow) D:\SteamLibrary\steamapps\common\RecRoom\Recroom_Release.exe
FirewallRules: [TCP Query User{3BFE343F-E8B4-4E2A-8FA1-B767F8D761FC}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E64CE11F-30CB-4637-A543-2AFD1DE8605C}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [{8DB6AD75-BF1F-4B45-BA5C-1D0B01612AB7}] => (Allow) D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{4159323A-EC3E-4FAD-B55E-E309A16B9DD7}] => (Allow) D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{9680347F-947A-453D-9767-6FB0F6550FF5}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{D53B8284-FF57-4140-8325-BF54AF0CE020}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{AABC88F1-E6B4-4370-B091-E94BA12DCAF0}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{75B2308A-0357-4554-9B9F-2F2026DA6EED}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{7F8AE94C-07F5-4C65-8995-0A88EE50E1C4}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{80603280-35B6-48B3-9D41-45A31F019F93}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{224C7010-D1AE-4EB7-B9A4-FB4AC82685D1}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{DC724474-A65E-4E04-BF2F-1529D3E6856F}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{E9BF00CD-8A67-4AD5-9E95-B314EF5A0E9F}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
FirewallRules: [{E38211B5-537D-4C30-8D25-FCB4C2AC161C}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
FirewallRules: [{963C8365-0354-495F-BC7F-5DD2315794D1}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\DirectDisplayConfig.exe
FirewallRules: [{772D8B13-72BA-4433-B778-1BC628226923}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\DirectDisplayConfig.exe
FirewallRules: [{4AE0B1F9-5CDB-4639-AF2E-89DF5EB83966}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe
FirewallRules: [{32B8DFA1-0A7A-44A4-8A06-2E05523EAD4B}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe
FirewallRules: [{102628F3-4937-4D3B-9EC9-7818F4718DBE}] => (Allow) C:\Program Files\Oculus\Support\oculus-home\OculusVR.exe
FirewallRules: [{7DD0E91E-89EF-4224-80D0-8DDC2F6069A3}] => (Allow) C:\Program Files\Oculus\Support\oculus-home\OculusVR.exe
FirewallRules: [{D6B0DE9E-246F-425B-B584-6D6F896CA668}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe
FirewallRules: [{D8B5CCE4-B3CF-4240-ADFE-01B429DD26CD}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe
FirewallRules: [TCP Query User{1F651F2C-2E56-4CAD-8640-3CB207E5DB42}D:\overwatch test\overwatch.exe] => (Allow) D:\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{1D6AC70E-1647-4901-AC97-89130BC16B1C}D:\overwatch test\overwatch.exe] => (Allow) D:\overwatch test\overwatch.exe
FirewallRules: [{712B4036-8774-4CCB-BEDB-31CEA5AB876D}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{5DCC2808-7A54-4088-ABED-AD3EF31C4D38}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{3D9E2987-54FC-4385-B82D-1518A140E4F7}] => (Allow) D:\Oculus Home\Software\ready-at-dawn-echo-arena\bin\win7\BsSndRpt64.exe
FirewallRules: [{F98ED620-5804-4E72-85EC-AEB3E2814699}] => (Allow) D:\Oculus Home\Software\ready-at-dawn-echo-arena\bin\win7\BsSndRpt64.exe
FirewallRules: [{34508FB2-1A3F-488D-9547-368FB4E1EF01}] => (Allow) D:\Oculus Home\Software\ready-at-dawn-echo-arena\bin\win7\EchoArena.exe
FirewallRules: [{829C0471-A382-4777-AB9D-A410861E0D5D}] => (Allow) D:\Oculus Home\Software\ready-at-dawn-echo-arena\bin\win7\EchoArena.exe
FirewallRules: [{D109122D-5FDA-40D7-805C-4BBE1AC327C4}] => (Allow) D:\Oculus Home\Software\oculus-dead-and-buried\DeadAndBuried\DeadAndBuried.exe
FirewallRules: [{2FDA6135-0D5C-46A9-B5F6-6A1888034D21}] => (Allow) D:\Oculus Home\Software\oculus-dead-and-buried\DeadAndBuried\DeadAndBuried.exe
FirewallRules: [{65D6C98E-3A9D-4B29-963E-B1CB124955CF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{407E737F-4F56-4FBB-AB9D-59D7C9F7C0BE}] => (Allow) D:\SteamLibrary\steamapps\common\Bigscreen\Bigscreen.exe
FirewallRules: [{F96C9247-D0D4-4E53-AEC6-943691D995D4}] => (Allow) D:\SteamLibrary\steamapps\common\Bigscreen\Bigscreen.exe
FirewallRules: [{5A230682-9DE6-44B5-BB04-AB5D1117D91B}] => (Allow) LPort=12292
FirewallRules: [{ECD6D0D9-786E-4172-98B4-7019BE9C2249}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4138CA9D-6ECD-4E8F-8E77-9F22E6086E59}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{FA9B6CB3-3F3D-4E20-8EBB-4C6732129F1B}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{7EBC6BF1-B742-4AA6-97DB-A5371E39AD51}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{980E90F2-D2A0-4234-8E4C-75D793C748FE}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{563856A9-58F3-4BFB-99C2-5909BE3B281B}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{193BB335-17DA-4D56-95E0-3315FAFAAE91}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{0FDB2274-404D-4C5D-8BD3-150EDF3A5A41}] => (Allow) D:\SteamLibrary\steamapps\common\Momodora RUtM\MomodoraRUtM.exe
FirewallRules: [{B030AB25-B0BE-425A-B6E1-BCE866EF85A5}] => (Allow) D:\SteamLibrary\steamapps\common\Momodora RUtM\MomodoraRUtM.exe
FirewallRules: [{FFF9FD43-CF95-4C17-BF8D-12C091DEFA9B}] => (Allow) D:\SteamLibrary\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [{DE8564F4-0197-4FF4-B3B8-1D10C724C59B}] => (Allow) D:\SteamLibrary\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [{BCC5A095-DA89-4E47-A61B-45E8108BBA2C}] => (Allow) D:\SteamLibrary\steamapps\common\InMind\InMind.exe
FirewallRules: [{8B7531B7-7903-45A6-80B9-30C11D93937C}] => (Allow) D:\SteamLibrary\steamapps\common\InMind\InMind.exe
FirewallRules: [{516595AF-5836-4037-B90C-8CB59A5B3733}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8DE54FC7-E971-4181-B1D7-CD7D498D5F70}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5A2BF8ED-EC3D-49CD-A9B4-5985750F7FBE}] => (Allow) LPort=26789
 
==================== Restore Points =========================
 
06-09-2017 19:39:55 Removed Gigantic Launcher
07-09-2017 15:09:42 JRT Pre-Junkware Removal
07-09-2017 21:57:11 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/07/2017 09:59:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Navn på program med fejl: mbam.exe, version: 3.0.0.1169, tidsstempel: 0x599723f1
Navn på modul med fejl: Qt5Core.dll, version: 5.6.2.0, tidsstempel: 0x594d4411
Undtagelseskode: 0xc0000005
Forskydning med fejl 0x0018da93
Proces-id 0x19dc
Programmets starttidspunkt 0x01d32813c84a83f3
Programsti: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Modulsti: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Rapport-id: ea841d87-6e00-4232-86fd-dcf877a6c152
Fuldt navn på program med fejl: 
Relativt program-id for program med fejl:
 
Error: (09/07/2017 03:30:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm\signtool.exe.Manifest".
Afhængig samling Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" blev ikke fundet.
Anvend sxstrace.exe til detaljeret diagnose.
 
Error: (09/07/2017 03:30:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm64\signtool.exe.Manifest".
Afhængig samling Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" blev ikke fundet.
Anvend sxstrace.exe til detaljeret diagnose.
 
Error: (09/07/2017 03:29:52 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Der er en fejl i manifestet eller politikfilen "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" i linje 1.
Den komponentidentitet, der blev fundet i manifestet, stemmer ikke overens med den anmodede komponents identitet.
Reference er UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition er UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Anvend sxstrace.exe til detaljeret diagnose.
 
Error: (09/07/2017 03:27:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-8HO2H5Q)
Description: Aktivering af app‘en Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI mislykkedes med fejlen: -2147023170 Du kan finde flere oplysninger i loggen Microsoft-Windows-TWinUI/Operational.
 
Error: (09/07/2017 03:27:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Navn på program med fejl: SearchUI.exe, version: 10.0.15063.332, tidsstempel: 0x591fdafc
Navn på modul med fejl: SearchUI.exe, version: 10.0.15063.332, tidsstempel: 0x591fdafc
Undtagelseskode: 0xc000027b
Forskydning med fejl 0x00000000001ae3e1
Proces-id 0x1948
Programmets starttidspunkt 0x01d327dd0671a331
Programsti: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Modulsti: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Rapport-id: 342b3143-d948-4ab6-bc82-5cf3ac4d35b8
Fuldt navn på program med fejl: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Relativt program-id for program med fejl: CortanaUI
 
Error: (09/07/2017 03:27:13 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/07/2017 03:27:08 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/07/2017 03:21:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm\signtool.exe.Manifest".
Afhængig samling Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" blev ikke fundet.
Anvend sxstrace.exe til detaljeret diagnose.
 
Error: (09/07/2017 03:21:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm64\signtool.exe.Manifest".
Afhængig samling Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" blev ikke fundet.
Anvend sxstrace.exe til detaljeret diagnose.
 
 
System errors:
=============
Error: (09/07/2017 09:57:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten NVIDIA LocalSystem Container blev afbrudt uventet. Dette er sket 1 gange. Følgende korrigerende handling foretages om 6000 millisekunder: Genstart tjenesten.
 
Error: (09/07/2017 09:57:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten NVIDIA Display Container LS blev afbrudt uventet. Dette er sket 1 gange. Følgende korrigerende handling foretages om 1000 millisekunder: Genstart tjenesten.
 
Error: (09/07/2017 03:38:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten eapihdrv kunne ikke starte pga. følgende fejl: 
Indlæsningen af driveren blev blokeret.
 
Error: (09/07/2017 03:38:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ushe2\AppData\Local\Temp\ehdrv.sys
 
Error: (09/07/2017 03:38:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten eapihdrv kunne ikke starte pga. følgende fejl: 
Indlæsningen af driveren blev blokeret.
 
Error: (09/07/2017 03:38:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ushe2\AppData\Local\Temp\ehdrv.sys
 
Error: (09/07/2017 03:38:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten eapihdrv kunne ikke starte pga. følgende fejl: 
Indlæsningen af driveren blev blokeret.
 
Error: (09/07/2017 03:38:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ushe2\AppData\Local\Temp\ehdrv.sys
 
Error: (09/07/2017 03:38:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten eapihdrv kunne ikke starte pga. følgende fejl: 
Indlæsningen af driveren blev blokeret.
 
Error: (09/07/2017 03:38:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ushe2\AppData\Local\Temp\ehdrv.sys
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 23%
Total physical RAM: 16245.45 MB
Available physical RAM: 12418.92 MB
Total Virtual: 17269.45 MB
Available Virtual: 13253.95 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.33 GB) (Free:149.25 GB) NTFS
Drive d: (Data) (Fixed) (Total:698.51 GB) (Free:302.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#8 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:55 AM

Posted 07 September 2017 - 03:08 PM

please post the content of the FRST.txt as well, thanks.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Ahams

Ahams
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 AM

Posted 07 September 2017 - 03:09 PM

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017

Ran by Ahams (administrator) on DESKTOP-8HO2H5Q (07-09-2017 22:01:03)
Running from C:\Users\ushe2\Desktop
Loaded Profiles: Ahams (Available Profiles: Ahams & OVRLibraryService)
Platform: Windows 10 Home Version 1703 (X64) Language: Dansk (Danmark)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Oculus VR) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
(Microsoft Corporation) C:\Windows\syswow64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Oculus VR) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-08-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [80896 2017-08-07] ()
HKLM-x32\...\Run: [GammingApp] => C:\Program Files (x86)\MSI\Gaming APP\SGamingApp.exe [1149904 2016-12-07] (Micro-Star Int'l Co., Ltd.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [18848976 2017-08-04] (Corsair Components, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4027789535-904595525-3014968156-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-08-28] (Valve Corporation)
HKU\S-1-5-21-4027789535-904595525-3014968156-1001\...\Run: [Discord] => C:\Users\ushe2\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.0                   telemetry.malwarebytes.com
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{85bc0a27-d969-4d2d-9bf1-b5ea84dc8c00}: [DhcpNameServer] 192.168.100.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4027789535-904595525-3014968156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-03] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-03] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: ogc12pf1.default
FF ProfilePath: C:\Users\ushe2\AppData\Roaming\Mozilla\Firefox\Profiles\ogc12pf1.default [2017-09-07]
FF Extension: (Enhancer for YouTube™) - C:\Users\ushe2\AppData\Roaming\Mozilla\Firefox\Profiles\ogc12pf1.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2017-07-12]
FF Extension: (uBlock Origin) - C:\Users\ushe2\AppData\Roaming\Mozilla\Firefox\Profiles\ogc12pf1.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-26] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://myanimelist.net/animelist/ushe123
CHR StartupUrls: Default -> "hxxps://myanimelist.net/animelist/ushe123"
CHR Profile: C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default [2017-09-07]
CHR Extension: (BetterTTV) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-06-26]
CHR Extension: (Google Drev) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-26]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-09-03]
CHR Extension: (YouTube) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-26]
CHR Extension: (uBlock Origin) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-09-05]
CHR Extension: (Adblock til Youtube™) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-26]
CHR Extension: (Postman) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2017-08-31]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-08-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-07-31]
CHR Extension: (mydlink services plugin) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldibdoepbjbkkcbgndfljnphngpglhbb [2017-06-26]
CHR Extension: (Morpheon Dark) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2017-06-26]
CHR Extension: (Hoxx VPN Proxy) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2017-08-27]
CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (4chan X) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam [2017-08-25]
CHR Extension: (Gmail) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-26]
CHR Extension: (Chrome Media Router) - C:\Users\ushe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-09-05] ()
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-08-24] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424384 2017-08-28] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-09-06] (EasyAntiCheat Ltd)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [47056 2017-02-17] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-10-13] (Micro-Star INT'L CO., LTD.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-06-13] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [75192 2017-04-05] (Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-19] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2168208 2017-07-05] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3148184 2017-07-05] (Electronic Arts)
S3 OVRLibraryService; C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe [135464 2017-08-08] (Oculus VR, LLC)
R2 OVRService; C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [479184 2017-08-08] (Oculus VR)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-03] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-17] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 avchv; C:\WINDOWS\System32\drivers\avchv.sys [282000 2015-09-17] (BitDefender)
R3 CorsairGamingAudioService; C:\WINDOWS\system32\DRIVERS\CorsairGamingAudioamd64.sys [95216 2017-08-04] (Corsair Components, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45528 2017-06-07] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21968 2017-06-07] (Corsair)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-01-03] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-01-03] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-09-02] ()
R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
S3 Kinonih; C:\WINDOWS\System32\drivers\kinonih.sys [32256 2016-06-22] (Kinoni)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-07] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-07] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-07] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-07] (Malwarebytes)
S3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-03-08] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_24ddebfb518b5a55\nvlddmkm.sys [15668664 2017-07-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-19] (NVIDIA Corporation)
R3 OCULUSVRHEADSET; C:\WINDOWS\system32\DRIVERS\OCULUS119B.sys [1887232 2017-04-08] (OCULUS)
R3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32024 2017-04-08] (Benjamin Höglinger-Stelzer)
R3 OCUSBVID; C:\WINDOWS\System32\drivers\ocusbvid111.sys [69176 2016-08-26] (Oculus VR, LLC)
S3 qcusbser; C:\WINDOWS\System32\drivers\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-11-13] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [126624 2016-10-06] (Wacom Technology)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-09-05] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-07 22:01 - 2017-09-07 22:01 - 000018961 _____ C:\Users\ushe2\Desktop\FRST.txt
2017-09-07 22:00 - 2017-09-07 22:01 - 000000000 ____D C:\FRST
2017-09-07 22:00 - 2017-09-07 22:00 - 002395648 _____ (Farbar) C:\Users\ushe2\Desktop\FRST64.exe
2017-09-07 21:59 - 2017-09-07 21:59 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-07 21:58 - 2017-09-07 21:58 - 000000547 _____ C:\Users\ushe2\Desktop\JRT.txt
2017-09-07 21:56 - 2017-09-07 21:56 - 001790024 _____ (Malwarebytes) C:\Users\ushe2\Desktop\JRT.exe
2017-09-07 21:40 - 2017-09-07 21:43 - 000040864 _____ C:\Users\ushe2\Desktop\MTB.txt
2017-09-07 21:40 - 2017-09-07 21:40 - 000892416 _____ (Farbar) C:\Users\ushe2\Desktop\MiniToolBox.exe
2017-09-07 21:36 - 2017-09-07 21:37 - 000000000 ____D C:\AdwCleaner
2017-09-07 21:36 - 2017-09-07 21:36 - 008182736 _____ (Malwarebytes) C:\Users\ushe2\Desktop\AdwCleaner.exe
2017-09-07 21:25 - 2017-09-07 21:33 - 000000000 ____D C:\Users\ushe2\Desktop\mbar
2017-09-07 21:23 - 2017-09-07 21:23 - 000899584 _____ C:\Users\ushe2\Desktop\RGSA.exe
2017-09-07 21:23 - 2017-09-07 21:23 - 000000837 _____ C:\Users\ushe2\Desktop\SALog.txt
2017-09-07 19:26 - 2017-09-07 19:26 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\RenPy
2017-09-07 17:02 - 2017-09-07 17:02 - 000027244 _____ C:\Users\ushe2\Desktop\cc_20170907_170231.reg
2017-09-07 17:00 - 2017-09-07 17:00 - 000000000 ____D C:\ProgramData\Emsisoft
2017-09-07 16:59 - 2017-09-07 16:59 - 000000595 _____ C:\DelFix.txt
2017-09-07 16:59 - 2017-09-07 16:59 - 000000000 ____D C:\WINDOWS\ERUNT
2017-09-07 15:21 - 2017-09-07 15:21 - 000000000 ____D C:\Program Files\HitmanPro
2017-09-06 22:58 - 2017-09-06 22:58 - 000000000 ____D C:\Users\ushe2\AppData\Local\ESET
2017-09-06 22:50 - 2017-09-07 21:33 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-06 21:00 - 2017-09-06 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-09-06 21:00 - 2017-09-06 21:00 - 000000000 ____D C:\Program Files\RogueKiller
2017-09-06 19:44 - 2017-09-06 19:44 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0E8E5CD2.sys
2017-09-06 13:37 - 2017-09-06 13:37 - 000788520 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-09-06 13:37 - 2017-09-06 13:37 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\EasyAntiCheat
2017-09-06 13:32 - 2017-09-06 13:32 - 000000000 ____D C:\Users\Public\Documents\Arc
2017-09-06 13:32 - 2017-09-06 13:12 - 000383016 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-09-05 21:41 - 2017-09-05 21:44 - 000000000 ____D C:\Users\ushe2\AppData\Local\MomodoraRUtM
2017-09-05 16:09 - 2017-09-05 16:09 - 000000233 _____ C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tom Clancy's Rainbow Six Siege.url
2017-09-05 15:15 - 2017-09-07 22:01 - 000635146 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-09-05 15:15 - 2017-09-06 22:46 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-09-05 15:15 - 2017-09-05 16:03 - 000289837 _____ C:\WINDOWS\ZAM.krnl.trace
2017-09-05 15:15 - 2017-09-05 15:15 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-09-05 15:12 - 2017-09-07 15:24 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-09-04 22:19 - 2017-09-06 22:23 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-04 22:18 - 2017-09-04 22:38 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-04 22:14 - 2017-09-04 22:14 - 000000866 _____ C:\WINDOWS\system32\.crusader
2017-09-04 22:11 - 2017-09-04 22:15 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-04 22:05 - 2017-09-04 22:05 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-09-04 22:05 - 2017-09-04 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-04 22:05 - 2017-09-04 22:05 - 000000000 ____D C:\Program Files\CCleaner
2017-09-04 21:52 - 2017-09-04 21:52 - 000444871 _____ C:\Users\ushe2\Desktop\Projektgrundlaget_opgave.pdf
2017-09-04 20:56 - 2017-09-04 20:56 - 000000000 ____D C:\Users\ushe2\AppData\Local\AirCar
2017-09-04 19:44 - 2017-09-04 19:44 - 000000000 ____D C:\Users\ushe2\.oracle_jre_usage
2017-09-04 19:44 - 2017-09-04 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B-bishiop
2017-09-04 19:43 - 2017-09-04 19:44 - 000000000 ____D C:\Program Files (x86)\Elsa
2017-09-04 19:43 - 2017-09-04 19:43 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\22CB400E.sys
2017-09-04 19:43 - 2017-09-04 19:43 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\135B3F8C.sys
2017-09-04 13:26 - 2017-09-04 13:26 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7A7A1F5F.sys
2017-09-03 18:58 - 2017-09-03 18:58 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1FEB4F23.sys
2017-09-03 17:26 - 2017-09-03 17:26 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5EE30932.sys
2017-09-03 16:55 - 2017-09-03 16:55 - 000000000 ____D C:\Users\ushe2\AppData\Local\Project_RH2_Standard_Bulid
2017-09-02 19:10 - 2017-09-02 19:10 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\npm-cache
2017-09-02 19:07 - 2017-09-02 19:07 - 000002754 _____ C:\Users\ushe2\coffeelint.json
2017-09-02 19:07 - 2017-09-02 19:07 - 000001803 _____ C:\Users\ushe2\tslint.json
2017-09-02 19:07 - 2017-09-02 19:07 - 000001506 _____ C:\Users\ushe2\.eslintrc
2017-09-02 19:07 - 2017-09-02 19:07 - 000001002 _____ C:\Users\ushe2\.csslintrc
2017-09-02 13:00 - 2017-09-07 21:59 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-02 13:00 - 2017-09-07 21:59 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-02 13:00 - 2017-09-07 21:59 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-02 13:00 - 2017-09-07 21:59 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-02 13:00 - 2017-09-06 22:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-02 13:00 - 2017-09-02 13:03 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-02 13:00 - 2017-09-02 13:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-02 13:00 - 2017-09-02 13:00 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-01 10:03 - 2017-09-01 10:03 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-09-01 10:03 - 2017-09-01 10:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2017-09-01 10:03 - 2017-09-01 10:03 - 000000000 ____D C:\Program Files (x86)\Corsair
2017-09-01 00:56 - 2017-09-06 19:40 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-01 00:55 - 2017-09-01 00:55 - 014151168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaips.exe
2017-09-01 00:55 - 2017-09-01 00:55 - 009626476 _____ C:\WINDOWS\update.cab
2017-09-01 00:55 - 2017-09-01 00:55 - 000003700 _____ C:\WINDOWS\System32\Tasks\Microsoft Advanced Identity Protection Service
2017-09-01 00:55 - 2017-09-01 00:55 - 000003144 _____ C:\WINDOWS\splash.cab
2017-08-30 22:24 - 2017-08-30 22:24 - 000000000 ___HD C:\Users\ushe2\Desktop\.vs
2017-08-30 20:54 - 2017-08-30 20:54 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Bigscreen, Inc_
2017-08-30 17:36 - 2017-08-30 17:36 - 000000000 ____D C:\Users\ushe2\Documents\My Web Sites
2017-08-30 17:36 - 2017-08-30 17:36 - 000000000 ____D C:\Users\ushe2\Documents\IISExpress
2017-08-27 20:32 - 2017-08-27 20:32 - 000000000 ____D C:\Users\ushe2\Desktop\Math_GCD(number)
2017-08-26 11:06 - 2017-08-26 11:06 - 000000000 ____D C:\Users\ushe2\Documents\FeedbackHub
2017-08-24 14:19 - 2017-08-24 14:19 - 000000000 ____D C:\Users\ushe2\Desktop\ConsoleApp1
2017-08-24 12:16 - 2017-08-24 12:16 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\NuGet
2017-08-24 12:16 - 2017-08-24 12:16 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Temp
2017-08-24 12:11 - 2017-08-24 12:11 - 000000000 ____D C:\Users\ushe2\source
2017-08-24 12:05 - 2017-08-24 12:05 - 000000000 ____D C:\WINDOWS\symbols
2017-08-24 12:05 - 2017-08-24 12:05 - 000000000 ____D C:\Program Files\Windows Identity Foundation
2017-08-24 12:05 - 2017-08-24 12:05 - 000000000 ____D C:\Program Files\Microsoft Identity Extensions
2017-08-24 12:05 - 2017-08-24 12:05 - 000000000 ____D C:\Program Files (x86)\Workflow Manager Tools
2017-08-24 12:05 - 2017-08-24 12:05 - 000000000 ____D C:\Program Files (x86)\Open XML SDK
2017-08-24 12:04 - 2017-08-24 12:04 - 000000000 ____D C:\ProgramData\Git
2017-08-24 12:03 - 2017-08-24 12:03 - 000000000 ____D C:\Program Files (x86)\ShellDir
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\ProgramData\dftmp
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files\VS2012Schemas
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files\VS2010Schemas
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files\Microsoft SDKs
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files (x86)\NuGet
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.1 Local Feed - Visual Studio 2017
2017-08-24 12:02 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.0 Local Feed - Visual Studio 2017
2017-08-24 12:01 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files\IIS Express
2017-08-24 12:01 - 2017-08-24 12:02 - 000000000 ____D C:\Program Files (x86)\IIS Express
2017-08-24 12:01 - 2017-08-24 12:01 - 000000000 ____D C:\Program Files\IIS
2017-08-24 12:01 - 2017-08-24 12:01 - 000000000 ____D C:\Program Files\dotnet
2017-08-24 12:01 - 2017-08-24 12:01 - 000000000 ____D C:\Program Files (x86)\IIS
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\3082
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\2052
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1055
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1049
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1046
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1045
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1042
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1041
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1040
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1036
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1031
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1029
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1028
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\3082
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\2052
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1055
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1049
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1046
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1045
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1042
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1041
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1040
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1036
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1033
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1031
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1029
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\WINDOWS\system32\1028
2017-08-24 12:00 - 2017-08-24 12:00 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools
2017-08-24 11:59 - 2017-08-24 11:59 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits
2017-08-24 11:57 - 2017-08-24 11:57 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2017-08-24 11:57 - 2017-08-24 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-08-24 11:57 - 2017-08-24 11:57 - 000000000 ____D C:\Program Files\Application Verifier
2017-08-24 11:57 - 2017-08-24 11:57 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2017-08-24 11:55 - 2017-08-24 12:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2017-08-24 11:55 - 2017-08-24 12:00 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-08-24 11:55 - 2017-08-24 12:00 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-08-24 11:52 - 2017-08-24 12:03 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-08-24 11:52 - 2017-08-24 11:57 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2017-08-24 11:52 - 2017-08-24 11:52 - 000001803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2017-08-24 11:51 - 2017-08-24 11:51 - 000001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2017-08-24 11:50 - 2017-08-24 11:50 - 000001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-08-22 22:53 - 2017-08-22 22:53 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\League of Geeks
2017-08-22 21:56 - 2017-08-22 21:56 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Monomi Park
2017-08-22 21:56 - 2017-08-22 21:56 - 000000000 ____D C:\Users\Public\Documents\Steam
2017-08-20 01:07 - 2017-08-20 01:07 - 000000000 ____D C:\Users\ushe2\AppData\Local\FreedomLocomotion
2017-08-19 21:38 - 2017-08-19 21:38 - 000000000 ____D C:\Users\ushe2\AppData\Local\Insanity_Prototype
2017-08-19 01:43 - 2017-08-19 01:43 - 000000279 _____ C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papirkurv.lnk
2017-08-19 01:19 - 2017-08-19 01:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2017-08-19 01:19 - 2017-08-19 01:19 - 000000000 ____D C:\Program Files (x86)\Elaborate Bytes
2017-08-19 00:06 - 2017-08-19 00:06 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\ILLUSION_VRkanojo
2017-08-18 21:58 - 2017-08-18 21:58 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\しめなわん (Shimenawan)
2017-08-18 21:22 - 2017-08-18 21:22 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\AdultVR Games
2017-08-18 19:29 - 2017-08-18 19:29 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\MeshedVR
2017-08-17 20:47 - 2017-08-17 20:47 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Aldin
2017-08-15 13:47 - 2017-08-15 13:47 - 000000000 ____D C:\Users\ushe2\Documents\GameMakerStudio2
2017-08-15 13:47 - 2017-08-15 13:47 - 000000000 ____D C:\Users\ushe2\AppData\Local\GameMakerStudio2
2017-08-15 13:46 - 2017-08-15 13:47 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\GameMakerStudio2
2017-08-15 13:46 - 2017-08-15 13:47 - 000000000 ____D C:\ProgramData\GameMakerStudio2
2017-08-15 13:46 - 2017-08-15 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameMaker Studio 2
2017-08-14 22:52 - 2017-08-14 22:52 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-08-14 22:52 - 2017-08-14 22:52 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-08-14 22:52 - 2017-08-14 22:52 - 000000000 ____D C:\Program Files\Realtek
2017-08-14 01:31 - 2017-09-01 00:32 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\by redamz
2017-08-14 01:19 - 2017-08-14 01:19 - 000000000 ____D C:\Users\ushe2\AppData\Local\badoink
2017-08-14 01:19 - 2017-08-14 01:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BaDoinkVRPlayer
2017-08-14 01:19 - 2017-08-14 01:19 - 000000000 ____D C:\Program Files (x86)\BaDoink
2017-08-10 19:30 - 2017-08-10 19:30 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\Daum
2017-08-10 05:45 - 2017-08-10 05:45 - 072520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-08-10 05:45 - 2017-08-10 05:45 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 005897184 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-08-10 05:45 - 2017-08-10 05:45 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-08-10 05:45 - 2017-08-10 05:45 - 003517504 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 003509200 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 002211304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 001780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 001591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 001508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 001347144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000708304 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000445392 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000327456 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000253856 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000192984 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000134192 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000118592 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000105304 _____ C:\WINDOWS\system32\audioLibVc.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-08-10 05:45 - 2017-08-10 05:45 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-08-10 02:01 - 2017-08-10 02:01 - 013064373 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-08-09 21:10 - 2017-08-09 21:10 - 000000000 ____D C:\Users\ushe2\AppData\Local\rad
2017-08-09 18:41 - 2017-08-09 18:41 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\DefaultCompany
2017-08-09 17:39 - 2017-08-09 17:39 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Unity
2017-08-09 14:45 - 2017-08-01 04:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 14:45 - 2017-08-01 04:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 14:45 - 2017-08-01 04:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 14:45 - 2017-08-01 04:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 14:45 - 2017-08-01 04:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 14:45 - 2017-08-01 04:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 14:45 - 2017-08-01 04:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 14:45 - 2017-08-01 04:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 14:45 - 2017-08-01 04:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 14:45 - 2017-08-01 04:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 14:45 - 2017-08-01 04:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 14:45 - 2017-08-01 04:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 14:45 - 2017-08-01 04:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 14:45 - 2017-08-01 04:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 14:45 - 2017-08-01 04:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 14:45 - 2017-08-01 04:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 14:45 - 2017-08-01 04:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 14:45 - 2017-08-01 04:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 14:45 - 2017-08-01 04:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 14:45 - 2017-08-01 04:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 14:45 - 2017-08-01 04:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 14:45 - 2017-08-01 04:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 14:45 - 2017-08-01 04:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 14:45 - 2017-08-01 04:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 14:45 - 2017-08-01 04:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 14:45 - 2017-08-01 04:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 14:45 - 2017-08-01 04:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 14:45 - 2017-08-01 04:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 14:45 - 2017-08-01 04:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 14:45 - 2017-08-01 04:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 14:45 - 2017-08-01 04:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 14:45 - 2017-08-01 04:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 14:45 - 2017-08-01 03:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 14:45 - 2017-08-01 03:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 14:45 - 2017-08-01 03:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 14:45 - 2017-08-01 00:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 14:45 - 2017-07-28 07:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-09 14:45 - 2017-07-28 07:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 14:45 - 2017-07-28 07:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-09 14:45 - 2017-07-28 07:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 14:45 - 2017-07-28 07:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-09 14:45 - 2017-07-28 06:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 14:45 - 2017-07-28 06:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-09 14:45 - 2017-07-28 06:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-09 14:45 - 2017-07-28 06:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-09 14:45 - 2017-07-28 06:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-09 14:45 - 2017-07-28 06:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-09 14:45 - 2017-07-28 06:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-09 14:45 - 2017-07-28 06:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-09 14:45 - 2017-07-28 06:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-09 14:45 - 2017-07-28 06:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-09 14:45 - 2017-07-28 06:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-09 14:45 - 2017-07-28 06:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-09 14:45 - 2017-07-28 06:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-09 14:45 - 2017-07-28 06:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-09 14:45 - 2017-07-28 06:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-09 14:45 - 2017-07-28 06:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-09 14:45 - 2017-07-28 06:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-09 14:45 - 2017-07-28 06:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-09 14:45 - 2017-07-28 06:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-09 14:45 - 2017-07-28 06:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-09 14:45 - 2017-07-28 06:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-09 14:45 - 2017-07-28 06:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 14:45 - 2017-07-28 06:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-09 14:45 - 2017-07-28 06:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-09 14:45 - 2017-07-28 06:18 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-08-09 14:45 - 2017-07-28 06:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-09 14:45 - 2017-07-28 06:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 14:45 - 2017-07-28 06:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-09 14:45 - 2017-07-28 06:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-09 14:45 - 2017-07-28 06:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 14:45 - 2017-07-28 06:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-09 14:45 - 2017-07-28 06:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-09 14:45 - 2017-07-28 06:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-09 14:45 - 2017-07-28 06:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 14:45 - 2017-07-28 06:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-09 14:45 - 2017-07-28 06:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-09 14:45 - 2017-07-28 06:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-09 14:45 - 2017-07-28 06:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 14:45 - 2017-07-28 06:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 14:45 - 2017-07-28 06:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-09 14:45 - 2017-07-28 06:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-09 14:45 - 2017-07-28 06:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-09 14:45 - 2017-07-28 06:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 14:45 - 2017-07-28 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-09 14:45 - 2017-07-28 06:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 14:45 - 2017-07-28 06:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 14:45 - 2017-07-28 06:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 14:45 - 2017-07-28 06:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-09 14:45 - 2017-07-28 06:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-09 14:45 - 2017-07-28 06:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-09 14:45 - 2017-07-28 06:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-09 14:45 - 2017-07-28 06:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-09 14:45 - 2017-07-28 06:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 14:45 - 2017-07-28 06:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-09 14:45 - 2017-07-28 06:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-09 14:45 - 2017-07-28 06:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 14:45 - 2017-07-28 06:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 14:45 - 2017-07-28 06:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 14:45 - 2017-07-28 06:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 14:45 - 2017-07-28 06:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 14:45 - 2017-07-28 06:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-09 14:44 - 2017-08-01 04:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 14:44 - 2017-08-01 04:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 14:44 - 2017-08-01 04:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 14:44 - 2017-08-01 04:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 14:44 - 2017-08-01 04:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 14:44 - 2017-08-01 04:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 14:44 - 2017-08-01 04:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 14:44 - 2017-08-01 04:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 14:44 - 2017-08-01 04:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 14:44 - 2017-08-01 04:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 14:44 - 2017-08-01 04:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 14:44 - 2017-08-01 04:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 14:44 - 2017-08-01 04:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 14:44 - 2017-08-01 04:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 14:44 - 2017-08-01 04:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 14:44 - 2017-08-01 04:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 14:44 - 2017-08-01 04:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 14:44 - 2017-08-01 04:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 14:44 - 2017-08-01 04:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 14:44 - 2017-08-01 03:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 14:44 - 2017-08-01 03:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 14:44 - 2017-08-01 03:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 14:44 - 2017-08-01 03:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 14:44 - 2017-08-01 03:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 14:44 - 2017-08-01 03:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 14:44 - 2017-08-01 03:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 14:44 - 2017-08-01 03:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 14:44 - 2017-08-01 03:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 14:44 - 2017-08-01 03:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 14:44 - 2017-08-01 03:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 14:44 - 2017-08-01 03:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 14:44 - 2017-08-01 03:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 14:44 - 2017-08-01 03:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 14:44 - 2017-08-01 03:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 14:44 - 2017-08-01 03:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 14:44 - 2017-08-01 03:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 14:44 - 2017-08-01 03:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 14:44 - 2017-08-01 03:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 14:44 - 2017-08-01 03:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 14:44 - 2017-08-01 03:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 14:44 - 2017-08-01 03:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 14:44 - 2017-08-01 03:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 14:44 - 2017-08-01 03:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 14:44 - 2017-08-01 03:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 14:44 - 2017-08-01 03:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 14:44 - 2017-08-01 03:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 14:44 - 2017-08-01 03:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 14:44 - 2017-08-01 03:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 14:44 - 2017-08-01 03:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 14:44 - 2017-08-01 03:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 14:44 - 2017-08-01 03:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 14:44 - 2017-08-01 03:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 14:44 - 2017-08-01 03:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 14:44 - 2017-08-01 03:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 14:44 - 2017-08-01 03:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 14:44 - 2017-08-01 03:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 14:44 - 2017-08-01 03:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 14:44 - 2017-08-01 03:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 14:44 - 2017-08-01 03:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 14:44 - 2017-08-01 03:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 14:44 - 2017-07-28 07:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-09 14:44 - 2017-07-28 07:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 14:44 - 2017-07-28 07:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 14:44 - 2017-07-28 07:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-09 14:44 - 2017-07-28 07:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-09 14:44 - 2017-07-28 07:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-09 14:44 - 2017-07-28 07:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-09 14:44 - 2017-07-28 07:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-09 14:44 - 2017-07-28 07:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-09 14:44 - 2017-07-28 07:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-09 14:44 - 2017-07-28 07:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-09 14:44 - 2017-07-28 07:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-09 14:44 - 2017-07-28 07:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-09 14:44 - 2017-07-28 07:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-09 14:44 - 2017-07-28 07:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-09 14:44 - 2017-07-28 07:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-09 14:44 - 2017-07-28 07:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 14:44 - 2017-07-28 07:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 14:44 - 2017-07-28 07:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 14:44 - 2017-07-28 07:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-09 14:44 - 2017-07-28 07:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-09 14:44 - 2017-07-28 07:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-09 14:44 - 2017-07-28 07:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-09 14:44 - 2017-07-28 07:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 14:44 - 2017-07-28 07:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-09 14:44 - 2017-07-28 07:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-09 14:44 - 2017-07-28 07:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-09 14:44 - 2017-07-28 07:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-09 14:44 - 2017-07-28 07:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-09 14:44 - 2017-07-28 07:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-09 14:44 - 2017-07-28 07:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 14:44 - 2017-07-28 06:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-09 14:44 - 2017-07-28 06:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-09 14:44 - 2017-07-28 06:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-09 14:44 - 2017-07-28 06:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-09 14:44 - 2017-07-28 06:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-09 14:44 - 2017-07-28 06:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-09 14:44 - 2017-07-28 06:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-09 14:44 - 2017-07-28 06:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-09 14:44 - 2017-07-28 06:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-09 14:44 - 2017-07-28 06:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-09 14:44 - 2017-07-28 06:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-09 14:44 - 2017-07-28 06:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-09 14:44 - 2017-07-28 06:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-09 14:44 - 2017-07-28 06:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-09 14:44 - 2017-07-28 06:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-09 14:44 - 2017-07-28 06:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 14:44 - 2017-07-28 06:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-09 14:44 - 2017-07-28 06:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 14:44 - 2017-07-28 06:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-09 14:44 - 2017-07-28 06:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-09 14:44 - 2017-07-28 06:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-09 14:44 - 2017-07-28 06:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-09 14:44 - 2017-07-28 06:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-09 14:44 - 2017-07-28 06:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-09 14:44 - 2017-07-28 06:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-09 14:44 - 2017-07-28 06:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-09 14:44 - 2017-07-28 06:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-09 14:44 - 2017-07-28 06:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-09 14:44 - 2017-07-28 06:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-09 14:44 - 2017-07-28 06:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-09 14:44 - 2017-07-28 06:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 14:44 - 2017-07-28 06:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-09 14:44 - 2017-07-28 06:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-09 14:44 - 2017-07-28 06:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-09 14:44 - 2017-07-28 06:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-09 14:44 - 2017-07-28 06:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-09 14:44 - 2017-07-28 06:18 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-08-09 14:44 - 2017-07-28 06:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 14:44 - 2017-07-28 06:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-09 14:44 - 2017-07-28 06:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 14:44 - 2017-07-28 06:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 14:44 - 2017-07-28 06:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 14:44 - 2017-07-28 06:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-09 14:44 - 2017-07-28 06:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-09 14:44 - 2017-07-28 06:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 14:44 - 2017-07-28 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 14:44 - 2017-07-28 06:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-09 14:44 - 2017-07-28 06:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-09 14:44 - 2017-07-28 06:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-09 14:44 - 2017-07-28 06:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-09 14:44 - 2017-07-28 06:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-09 14:44 - 2017-07-28 06:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 14:44 - 2017-07-28 06:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-09 14:44 - 2017-07-28 06:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-09 14:44 - 2017-07-28 06:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 14:44 - 2017-07-28 06:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-09 14:44 - 2017-07-28 06:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 14:44 - 2017-07-28 06:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-09 14:44 - 2017-07-28 06:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 14:44 - 2017-07-28 06:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-09 14:44 - 2017-07-28 06:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-09 14:44 - 2017-07-28 06:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-09 14:44 - 2017-07-28 06:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 14:44 - 2017-07-28 06:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 14:44 - 2017-07-28 06:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-09 14:44 - 2017-07-28 06:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 14:44 - 2017-07-28 06:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-09 14:44 - 2017-07-28 06:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 14:44 - 2017-07-28 06:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 14:44 - 2017-07-28 06:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-09 14:44 - 2017-07-28 06:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-09 14:44 - 2017-07-28 06:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-09 14:44 - 2017-07-28 06:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-09 14:44 - 2017-07-28 06:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-09 14:44 - 2017-07-28 06:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 14:44 - 2017-07-28 06:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-09 14:44 - 2017-07-28 06:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-09 14:44 - 2017-07-28 06:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 14:44 - 2017-07-28 06:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-09 14:44 - 2017-07-28 06:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 14:44 - 2017-07-28 06:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 14:44 - 2017-07-28 06:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-09 10:56 - 2017-08-09 10:56 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-08 23:14 - 2017-08-08 23:14 - 000000000 ____D C:\Users\ushe2\Documents\Quill
2017-08-08 23:14 - 2017-08-08 23:14 - 000000000 ____D C:\Users\ushe2\AppData\Local\Quill
2017-08-08 21:53 - 2017-08-08 21:53 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Oculus VR
2017-08-08 18:00 - 2017-08-08 18:00 - 000000000 ____D C:\temp
2017-08-08 17:27 - 2017-08-08 17:35 - 000000000 ____D C:\Users\ushe2\Documents\Rec Room
2017-08-08 17:27 - 2017-08-08 17:27 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Against Gravity
2017-08-08 15:39 - 2017-08-08 15:39 - 000000000 ____D C:\Users\ushe2\AppData\Local\RoboRecall
2017-08-08 14:38 - 2017-08-08 14:38 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Valve
2017-08-08 14:23 - 2017-08-08 14:23 - 000000000 ____D C:\Users\ushe2\AppData\Local\TouchNUX
2017-08-08 13:46 - 2017-08-08 13:46 - 000000000 ____D C:\Users\ushe2\AppData\LocalLow\Oculus
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-07 21:59 - 2017-06-27 00:37 - 000000000 ____D C:\Users\ushe2\AppData\Local\CrashDumps
2017-09-07 21:57 - 2017-07-19 15:26 - 000000000 ____D C:\Users\ushe2\AppData\Local\Oculus
2017-09-07 21:57 - 2017-06-26 23:25 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-07 21:50 - 2017-06-26 23:31 - 000000000 ___RD C:\Users\ushe2\Desktop\Ahams Stuff
2017-09-07 20:20 - 2017-06-26 23:07 - 000000000 ____D C:\Users\ushe2\AppData\Local\Battle.net
2017-09-07 20:20 - 2017-06-26 23:07 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-09-07 19:34 - 2017-06-26 23:06 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-07 17:47 - 2017-06-26 22:59 - 000000000 ____D C:\Users\ushe2
2017-09-07 16:33 - 2017-06-26 22:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-07 15:33 - 2017-06-26 23:06 - 001406290 _____ C:\WINDOWS\system32\perfh006.dat
2017-09-07 15:33 - 2017-06-26 23:06 - 000375962 _____ C:\WINDOWS\system32\perfc006.dat
2017-09-07 15:33 - 2017-06-26 22:39 - 003309896 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-07 15:29 - 2017-06-26 23:25 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-07 15:27 - 2017-06-26 23:52 - 000000000 ____D C:\MSI
2017-09-07 15:27 - 2017-06-26 22:30 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-07 15:27 - 2017-06-26 22:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-07 15:26 - 2017-06-26 23:02 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-09-06 18:35 - 2017-06-27 19:13 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\qBittorrent
2017-09-06 15:53 - 2017-06-26 23:04 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-06 15:53 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-06 13:37 - 2017-06-26 23:38 - 000000000 ____D C:\Users\ushe2\Documents\My Games
2017-09-06 12:54 - 2017-07-05 20:08 - 000000000 ____D C:\Users\ushe2\AppData\Local\Ubisoft Game Launcher
2017-09-05 15:24 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\INF
2017-09-05 11:51 - 2017-07-03 17:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-04 22:35 - 2017-06-26 23:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-04 22:05 - 2017-06-26 23:02 - 000000000 ____D C:\WINDOWS\Panther
2017-09-04 21:51 - 2017-06-26 23:00 - 000000000 ____D C:\Users\ushe2\AppData\Local\Packages
2017-09-03 17:34 - 2017-06-26 23:04 - 000000420 _____ C:\Users\ushe2\Desktop\Denne pc.lnk
2017-09-03 11:00 - 2017-06-26 23:04 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-01 10:21 - 2017-06-26 23:54 - 000000000 ____D C:\Users\ushe2\Documents\Visual Studio 2017
2017-08-30 22:56 - 2017-06-26 23:51 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\Visual Studio Setup
2017-08-30 18:19 - 2017-07-06 19:42 - 000000000 ____D C:\Users\ushe2\Documents\Overwatch
2017-08-29 12:42 - 2017-06-26 23:03 - 000002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 12:35 - 2017-06-26 23:16 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps
2017-08-24 22:35 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\rescache
2017-08-24 12:11 - 2017-06-26 23:54 - 000000000 ____D C:\Users\ushe2\AppData\Local\.IdentityService
2017-08-24 12:05 - 2017-06-26 23:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-08-24 12:05 - 2017-06-26 23:04 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-24 12:05 - 2017-06-26 23:02 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-24 11:57 - 2017-06-26 23:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-08-24 11:52 - 2017-06-26 23:06 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-08-20 01:07 - 2017-06-26 23:39 - 000000000 ____D C:\Users\ushe2\AppData\Local\UnrealEngine
2017-08-18 13:29 - 2017-06-27 00:42 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-16 14:55 - 2017-06-27 11:32 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\BetterDiscord
2017-08-14 23:46 - 2017-07-13 20:31 - 000000000 ____D C:\Users\ushe2\AppData\Local\ElevatedDiagnostics
2017-08-09 20:04 - 2017-06-27 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2017-08-09 20:04 - 2017-06-27 00:39 - 000000000 ____D C:\ProgramData\Freemake
2017-08-09 16:37 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-09 16:37 - 2017-06-26 23:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-09 16:36 - 2017-06-26 22:30 - 000425856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-09 16:11 - 2017-06-26 23:04 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-09 14:46 - 2017-06-27 03:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 14:45 - 2017-06-27 03:06 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-09 10:57 - 2017-06-26 23:32 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\discord
2017-08-09 10:56 - 2017-06-26 23:32 - 000000000 ____D C:\Users\ushe2\AppData\Local\Discord
2017-08-08 18:40 - 2017-07-19 15:30 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\Oculus
2017-08-08 15:32 - 2017-07-19 15:28 - 000000000 ____D C:\Program Files\Oculus
2017-08-08 13:12 - 2017-07-19 15:30 - 000000000 ____D C:\Users\ushe2\AppData\Roaming\OculusClient
2017-08-08 13:11 - 2017-07-12 13:17 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-08-08 13:11 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-08 13:11 - 2017-06-26 23:04 - 000000000 ____D C:\WINDOWS\system32\Macromed
 
==================== Files in the root of some directories =======
 
2017-08-14 22:52 - 2017-08-14 22:52 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-02 23:54
 
==================== End of FRST.txt ============================


#10 Ahams

Ahams
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 AM

Posted 07 September 2017 - 03:43 PM

The zed.exe malware just keeps adding up. Everytime the malware tries to do something on its own, it gets stopped, and put in quarantine by malwarebytes. As you can see from the time stamps on the picture, compared to my local time at the moment, all these instances of the malware have been happening today :(

Attached Files


Edited by Ahams, 07 September 2017 - 04:04 PM.


#11 Ahams

Ahams
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 AM

Posted 07 September 2017 - 04:02 PM

Anyway i will be going to bed soon. You can post whatever i should do next, Jo. I will be taking it from there tomorrow ;)



#12 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:55 AM

Posted 08 September 2017 - 02:54 AM

Please download Zemana AntiMalware and save it to your Desktop.
- Start it...
- Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

- Open Zemana AntiMalware again.
- Click on icon and double click the latest report.
- Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to attach saved report in your next message.

---

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Ahams

Ahams
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 AM

Posted 08 September 2017 - 04:39 AM

Zemana AntiMalware:

 

I just cleaned my startup website, through Zemana, just in case something should be wrong with it anyway. It didnt find any other threat though.

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

ESET Online Scanner:

 

See attached picture: Something went wrong while it was running, its saying "Can not get update. Is proxy configured?". What should i do in this case?

Attached Files


Edited by Ahams, 08 September 2017 - 04:59 AM.


#14 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:55 AM

Posted 08 September 2017 - 05:22 AM

Does it go on without the update?

If yes, scan as instructed.

---


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
AlternateDataStreams: C:\Users\ushe2\AppData\Local\Temp:$DATA [16]
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.


How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Ahams

Ahams
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 AM

Posted 08 September 2017 - 05:29 AM

Nevermind, i just tried clicking on the "<<Back" button, and tried running the scan again. This time it actaully worked. I Will get back to you when its done :D






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users