Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with tprdpw64.exe and ndistpr64.sys & can't open any antivirus program


  • This topic is locked This topic is locked
14 replies to this topic

#1 Daggda

Daggda

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 25 September 2017 - 04:36 PM

Hello

 

I can not open any particular antivirus program(windows defender, malware bytes, hitmanpro). Whenever I try to open an antivirus program, I receive a dialogue box with the message "The requested resource is in use" along with the file destination( for instance, C:\Users\User\Desktop\HitmanPro_x64.exe). I have tried to follow this guide but as I said, I can not open any of the programs listed without receiving the same message. The only program that I was able to run was Zemana AntiMalware but after scanning and cleaning, I was still unable to open any other antivirus program. I know that tprdpw64.exe and ndistpr64.sys are present on my system because they appear in my computer's system32 folder when I search for them through windows explorer. 

 

As such, I resorted to using the preparation guide. Here are the FRST logs from the Farbar Recovery Scan Tool. 

 

 

1. FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2017
Ran by angde (administrator) on BEAST (25-09-2017 12:53:47)
Running from C:\Users\angde\Downloads
Loaded Profiles: angde (Available Profiles: angde & Administrator)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\PixelMaster Video HDR\DriverMFTService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Users\angde\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
() D:\solidworks\SOLIDWORKS Electrical\server\EwServer.exe
(Mentor Graphics Corporation) D:\solidworks\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Mentor Graphics Corporation) D:\solidworks\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\System32\tprdpw64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\update_notifier.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2015-12-29] (Pixart Imaging Inc)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [63272 2015-05-31] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1207808 2016-12-09] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [svcvmx] => "C:\Program Files\ntuserlitelist\svcvmx\svcvmx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [Arc] => C:\Program Files (x86)\Arc\ArcLauncher.exe [414744 2017-07-26] (Perfect World Entertainment)
HKLM-x32\...\Run: [cpx] => "C:\Program Files\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-08-28] (Valve Corporation)
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\Run: [Vivaldi Update Notifier] => C:\Users\angde\AppData\Local\Vivaldi\Application\update_notifier.exe [3781240 2017-09-19] (Vivaldi Technologies AS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2016-09-20]
ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\Users\angde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-09-15]
ShortcutTarget: MEGAsync.lnk -> C:\Users\angde\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{2429e835-fe97-4fac-8190-0d47ec0baad6}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{36e50320-a1e7-47a2-95c8-fe1291e99ab2}: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{36e50320-a1e7-47a2-95c8-fe1291e99ab2}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{71a3d8d6-223b-4f24-af1a-e73dc08649b9}: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{71a3d8d6-223b-4f24-af1a-e73dc08649b9}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{87a2a113-99b0-4578-b120-914a6c51b5a6}: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{87a2a113-99b0-4578-b120-914a6c51b5a6}: [DhcpNameServer] 128.200.192.202 128.200.1.201
 
Internet Explorer:
==================
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1891659179-3385980120-3754613756-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-1891659179-3385980120-3754613756-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-1891659179-3385980120-3754613756-1001 -> {11375F77-F6B2-485F-802E-48682A05772F} URL = 
SearchScopes: HKU\S-1-5-21-1891659179-3385980120-3754613756-1001 -> {38F8E1B8-5B69-4455-9414-517A300A4B85} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1891659179-3385980120-3754613756-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRIEPlugin.dll => No File
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\plugins\ArcPluginIE.dll [2017-07-26] (Perfect World Entertainment Inc)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRChromePlugin.crx <not found>
 
FireFox:
========
FF DefaultProfile: a3di4g9u.default-1494659990001
FF ProfilePath: C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\a3di4g9u.default-1494659990001 [2017-08-14]
FF NewTab: Mozilla\Firefox\Profiles\a3di4g9u.default-1494659990001 -> 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\a3di4g9u.default-1494659990001 -> 
FF Homepage: Mozilla\Firefox\Profiles\a3di4g9u.default-1494659990001 -> hxxps://www.google.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\a3di4g9u.default-1494659990001 -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=H5Dzbcnbl1AU,6be52bac-5af3-4e27-84fe-fcf0920c6e89,
FF NetworkProxy: Mozilla\Firefox\Profiles\a3di4g9u.default-1494659990001 -> type", 0
FF Extension: (Adblock Plus) - C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\a3di4g9u.default-1494659990001\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\plugins\npArcPluginFF.dll [2017-07-26] (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1891659179-3385980120-3754613756-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\angde\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <==== ATTENTION
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2017-07-26] (Perfect World Entertainment Inc)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe [71168 2015-05-31] (ASUS Cloud Corporation) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-12] ()
S3 CoordinatorServiceHost; D:\solidworks\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [80792 2016-09-20] (Dassault Systèmes SolidWorks Corporation)
R2 Dataup; C:\Users\angde\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 DriverMFTService; C:\Program Files (x86)\Asus\PixelMaster Video HDR\DriverMFTService.exe [20992 2015-05-19] (ASUSTek Computer Inc.) [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-07-29] (EasyAntiCheat Ltd)
R2 ewserver; D:\solidworks\SOLIDWORKS Electrical\server\EwServer.exe [179208 2016-09-20] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372408 2017-07-06] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-10-06] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-21] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-17] (NVIDIA Corporation)
R2 RemoteSolverDispatcher; D:\solidworks\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [238848 2016-09-20] (Mentor Graphics Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2016-09-20] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2017-07-06] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-04-08] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [692680 2017-06-28] (Wacom Technology, Corp.)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-10-06] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 4156024F; C:\WINDOWS\system32\drivers\4156024F.sys [253888 2017-09-25] (Malwarebytes)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
R3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-12-29] (ELECOM)
R3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-12-29] (ELECOM)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-25] (Intel Corporation)
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2016-08-28] (HandSet Incorporated)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3525896 2016-11-09] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_33462f669491c2ff\nvlddmkm.sys [15600248 2017-08-22] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-08-21] (NVIDIA Corporation)
S4 RsFx0310; C:\WINDOWS\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [762112 2015-10-13] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2015-12-29] ()
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-10-13] (Cisco Systems, Inc.)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [122512 2017-04-28] (Wacom Technology)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-09-24] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-02] (Zemana Ltd.)
R5 drmkpro64;  <==== ATTENTION: Locked Service <==== ATTENTION
S1 mazituxw; \??\C:\WINDOWS\system32\drivers\mazituxw.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-25 12:53 - 2017-09-25 12:54 - 000022866 _____ C:\Users\angde\Downloads\FRST.txt
2017-09-25 12:51 - 2017-09-25 12:53 - 000000000 ____D C:\FRST
2017-09-25 12:49 - 2017-09-25 12:49 - 002399744 _____ (Farbar) C:\Users\angde\Desktop\FRST64.exe
2017-09-25 11:28 - 2017-09-25 11:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-25 11:27 - 2017-09-25 11:27 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4156024F.sys
2017-09-25 11:26 - 2017-09-25 12:40 - 000000000 ____D C:\Users\angde\Desktop\mbar
2017-09-25 11:26 - 2017-09-25 12:05 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-25 11:19 - 2017-09-25 11:19 - 011599120 _____ (SurfRight B.V.) C:\Users\angde\Downloads\HitmanPro_x64.exe
2017-09-25 11:19 - 2017-09-25 11:19 - 008182736 _____ (Malwarebytes) C:\Users\angde\Downloads\AdwCleaner.exe
2017-09-25 11:17 - 2017-09-25 11:18 - 068408664 _____ (Malwarebytes ) C:\Users\angde\Downloads\mb3-setup-1878.1878-3.2.2.2029.exe
2017-09-25 11:16 - 2017-09-25 11:16 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\angde\Downloads\rkill.exe
2017-09-25 11:15 - 2017-09-25 11:15 - 013290179 _____ C:\Users\angde\Downloads\mbar-1.10.1.1002-nr.exe
2017-09-25 11:04 - 2017-09-25 11:04 - 000000000 ____D C:\WINDOWS\LastGood
2017-09-25 10:38 - 2017-09-25 11:01 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-25 10:37 - 2017-09-25 10:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2017-09-25 02:16 - 2017-09-25 10:19 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-09-25 02:15 - 2017-09-25 02:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\DBG
2017-09-25 00:32 - 2017-09-25 00:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2017-09-24 23:54 - 2017-09-24 23:54 - 000000000 ____D C:\Program Files\ntuserlitelist
2017-09-24 23:50 - 2017-09-24 23:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-09-24 23:46 - 2017-09-24 23:46 - 000000000 ____D C:\Users\Administrator\AppData\Local\Zemana
2017-09-24 23:43 - 2017-09-24 23:50 - 000001147 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-09-24 23:43 - 2017-09-24 23:43 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-09-24 23:27 - 2017-09-24 23:28 - 068408664 _____ (Malwarebytes ) C:\Users\angde\Downloads\mb3-setup-consumer-3.2.2.2029.exe
2017-09-24 23:25 - 2017-09-24 23:26 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1891659179-3385980120-3754613756-500
2017-09-24 23:25 - 2017-09-24 23:26 - 000000000 ___RD C:\Users\Administrator\OneDrive
2017-09-24 23:25 - 2017-09-24 23:25 - 000002389 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-24 23:17 - 2017-09-24 23:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DropboxOEM
2017-09-24 23:17 - 2017-09-24 23:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2017-09-24 23:16 - 2017-09-24 23:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2017-09-24 23:16 - 2017-09-24 23:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2017-09-24 23:16 - 2017-09-24 23:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\DropboxOEM
2017-09-24 23:15 - 2017-09-25 10:38 - 000000165 _____ C:\Users\Administrator\AppData\Roaming\sp_data.sys
2017-09-24 23:15 - 2017-09-25 10:35 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2017-09-24 23:15 - 2017-09-25 10:35 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\WTablet
2017-09-24 23:15 - 2017-09-25 00:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-09-24 23:15 - 2017-09-24 23:47 - 000000000 ____D C:\Users\Administrator
2017-09-24 23:15 - 2017-09-24 23:15 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2017-09-24 23:15 - 2017-09-24 23:15 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2017-09-24 23:15 - 2017-09-24 23:15 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-09-24 23:15 - 2017-09-24 23:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2017-09-24 23:15 - 2017-09-24 23:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2017-09-24 23:15 - 2017-09-24 23:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2017-09-24 23:15 - 2016-08-19 16:52 - 000000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2017-09-24 23:02 - 2017-09-24 23:03 - 154407184 _____ (Microsoft Corporation) C:\Users\angde\Downloads\mpam-fe.exe
2017-09-16 22:23 - 2017-09-16 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karmian
2017-09-16 22:22 - 2017-09-16 22:22 - 000594778 _____ (Karmian.org ) C:\Users\angde\Downloads\ps3merge-1-0-1-0.exe
2017-09-15 23:38 - 2017-09-16 21:53 - 000000000 ____D C:\Users\angde\Documents\MEGAsync Downloads
2017-09-15 23:33 - 2017-09-15 23:33 - 013314392 _____ (MEGA Limited) C:\Users\angde\Downloads\MEGAsyncSetup.exe
2017-09-15 23:33 - 2017-09-15 23:33 - 000001131 _____ C:\Users\angde\Desktop\MEGAsync.lnk
2017-09-15 23:33 - 2017-09-15 23:33 - 000000000 ____D C:\Users\angde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2017-09-15 23:33 - 2017-09-15 23:33 - 000000000 ____D C:\Users\angde\AppData\Local\MEGAsync
2017-09-15 23:33 - 2017-09-15 23:33 - 000000000 ____D C:\Users\angde\AppData\Local\Mega Limited
2017-09-15 15:17 - 2017-09-15 15:17 - 000221662 _____ C:\Users\angde\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2017-09-15 15:15 - 2017-09-15 15:15 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-09-15 15:01 - 2017-09-15 15:04 - 260623688 _____ (Apple Inc.) C:\Users\angde\Downloads\iTunes64Setup.exe
2017-09-15 14:53 - 2017-09-15 14:59 - 000000000 ____D C:\Program Files (x86)\Tansee iPhone Transfer SMS
2017-09-15 14:53 - 2017-09-15 14:53 - 000001253 _____ C:\Users\angde\Desktop\iPhone SMS.lnk
2017-09-15 14:53 - 2017-09-15 14:53 - 000000000 ____D C:\Users\angde\Documents\Tansee
2017-09-15 14:53 - 2017-09-15 14:53 - 000000000 ____D C:\Users\angde\AppData\Roaming\Apple Computer
2017-09-15 14:53 - 2017-09-15 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tansee iPhone Transfer SMS
2017-09-15 14:51 - 2017-09-15 14:53 - 011734568 _____ (Tansee, Inc. ) C:\Users\angde\Downloads\iDeviceMessageTransfer.exe
2017-09-12 22:43 - 2017-09-12 22:43 - 006476800 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-09-12 14:26 - 2017-09-12 14:26 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-09-12 14:24 - 2017-09-04 22:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 14:24 - 2017-09-04 22:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-12 14:24 - 2017-09-04 22:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-12 14:24 - 2017-09-04 22:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 14:24 - 2017-09-04 22:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 14:24 - 2017-09-04 22:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-12 14:24 - 2017-09-04 22:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-12 14:24 - 2017-09-04 22:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-12 14:24 - 2017-09-04 22:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 14:24 - 2017-09-04 22:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-12 14:24 - 2017-09-04 22:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-12 14:24 - 2017-09-04 22:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-12 14:24 - 2017-09-04 22:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 14:24 - 2017-09-04 22:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-12 14:24 - 2017-09-04 22:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-12 14:24 - 2017-09-04 22:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 14:24 - 2017-09-04 22:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-12 14:24 - 2017-09-04 22:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-12 14:24 - 2017-09-04 22:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-12 14:24 - 2017-09-04 22:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-12 14:24 - 2017-09-04 22:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-12 14:24 - 2017-09-04 22:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-12 14:24 - 2017-09-04 22:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-12 14:24 - 2017-09-04 22:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-12 14:24 - 2017-09-04 22:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 14:24 - 2017-09-04 22:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-12 14:24 - 2017-09-04 22:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-12 14:24 - 2017-09-04 22:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-12 14:24 - 2017-09-04 22:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-12 14:24 - 2017-09-04 21:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-12 14:24 - 2017-09-04 21:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 14:24 - 2017-09-04 21:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-12 14:24 - 2017-09-04 21:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-12 14:24 - 2017-09-04 21:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-12 14:24 - 2017-09-04 21:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-12 14:24 - 2017-09-04 21:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-12 14:24 - 2017-09-04 21:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-12 14:24 - 2017-09-04 21:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 14:24 - 2017-09-04 21:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-12 14:24 - 2017-09-04 21:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-12 14:24 - 2017-09-04 21:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-12 14:24 - 2017-09-04 21:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 14:24 - 2017-09-04 21:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-12 14:24 - 2017-09-04 21:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-12 14:24 - 2017-09-04 21:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 14:24 - 2017-09-04 21:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 14:24 - 2017-09-04 21:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 14:24 - 2017-09-04 21:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-12 14:24 - 2017-09-04 21:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-12 14:24 - 2017-09-04 21:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 14:24 - 2017-09-04 21:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-12 14:24 - 2017-09-04 21:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 14:24 - 2017-09-04 21:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-12 14:24 - 2017-09-04 21:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-12 14:24 - 2017-09-04 21:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-12 14:24 - 2017-09-04 21:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-12 14:24 - 2017-09-04 21:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 14:24 - 2017-09-04 21:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-12 14:24 - 2017-09-04 21:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-12 14:24 - 2017-09-04 21:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-12 14:24 - 2017-09-04 21:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 14:24 - 2017-09-04 21:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-12 14:24 - 2017-09-04 21:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-12 14:24 - 2017-09-04 21:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-12 14:24 - 2017-09-04 21:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-12 14:24 - 2017-09-04 21:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-12 14:24 - 2017-09-04 21:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-12 14:24 - 2017-09-04 21:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-12 14:24 - 2017-09-04 21:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 14:24 - 2017-09-04 21:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-12 14:24 - 2017-09-04 21:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 14:24 - 2017-09-04 21:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 14:24 - 2017-09-04 21:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-12 14:24 - 2017-09-04 21:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 14:24 - 2017-09-04 21:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-12 14:24 - 2017-09-04 21:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-12 14:24 - 2017-09-04 21:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 14:24 - 2017-09-04 21:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-12 14:24 - 2017-09-04 21:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-12 14:24 - 2017-09-04 21:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 14:24 - 2017-09-04 21:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 14:24 - 2017-09-04 21:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-12 14:24 - 2017-09-04 21:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 14:24 - 2017-09-04 21:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-12 14:24 - 2017-09-04 21:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 14:24 - 2017-09-04 21:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-12 14:24 - 2017-09-04 21:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 14:24 - 2017-09-04 21:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 14:24 - 2017-09-04 21:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-12 14:24 - 2017-09-04 21:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 14:24 - 2017-09-04 21:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 14:24 - 2017-09-04 21:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-12 14:24 - 2017-09-04 21:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 14:24 - 2017-09-04 21:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-12 14:24 - 2017-09-04 21:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 14:24 - 2017-09-04 21:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-12 14:24 - 2017-09-04 21:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-12 14:24 - 2017-09-04 21:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 14:24 - 2017-09-04 21:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 14:24 - 2017-09-04 21:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 14:24 - 2017-09-04 21:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-12 14:24 - 2017-09-04 21:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-12 14:24 - 2017-09-04 21:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-12 14:24 - 2017-09-04 21:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-12 14:24 - 2017-09-04 21:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-12 14:24 - 2017-09-04 21:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-12 14:24 - 2017-09-04 21:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 14:24 - 2017-09-04 21:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-12 14:24 - 2017-09-04 21:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 14:24 - 2017-09-04 21:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-12 14:24 - 2017-09-04 21:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 14:24 - 2017-09-04 21:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-12 14:24 - 2017-09-04 21:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-12 14:24 - 2017-09-04 21:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 14:24 - 2017-09-04 21:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-12 14:24 - 2017-09-04 21:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-12 14:24 - 2017-09-04 21:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 14:24 - 2017-09-04 21:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-12 14:24 - 2017-09-04 21:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-12 14:24 - 2017-09-04 21:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-12 14:24 - 2017-09-04 21:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 14:24 - 2017-09-04 21:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-12 14:24 - 2017-09-04 21:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 14:24 - 2017-09-04 21:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 14:24 - 2017-09-04 21:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 14:24 - 2017-09-04 21:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 14:24 - 2017-09-04 21:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 14:24 - 2017-09-04 21:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-12 14:24 - 2017-09-04 21:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-12 14:24 - 2017-09-04 21:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-12 14:24 - 2017-09-04 21:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 14:24 - 2017-09-04 21:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-12 14:24 - 2017-09-04 21:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-12 14:24 - 2017-09-04 21:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-12 14:24 - 2017-09-04 21:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-12 14:24 - 2017-09-04 21:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-12 14:24 - 2017-09-04 21:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-12 14:24 - 2017-09-04 21:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-12 14:23 - 2017-09-04 22:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-12 14:23 - 2017-09-04 22:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-12 14:23 - 2017-09-04 22:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-12 14:23 - 2017-09-04 22:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-12 14:23 - 2017-09-04 22:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-12 14:23 - 2017-09-04 22:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 14:23 - 2017-09-04 22:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-12 14:23 - 2017-09-04 22:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-12 14:23 - 2017-09-04 22:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-12 14:23 - 2017-09-04 22:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-12 14:23 - 2017-09-04 22:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 14:23 - 2017-09-04 22:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-12 14:23 - 2017-09-04 22:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-12 14:23 - 2017-09-04 22:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-12 14:23 - 2017-09-04 22:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-12 14:23 - 2017-09-04 22:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-12 14:23 - 2017-09-04 22:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 14:23 - 2017-09-04 22:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-12 14:23 - 2017-09-04 22:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-12 14:23 - 2017-09-04 22:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-12 14:23 - 2017-09-04 22:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-12 14:23 - 2017-09-04 22:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-12 14:23 - 2017-09-04 22:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-12 14:23 - 2017-09-04 22:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 14:23 - 2017-09-04 22:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 14:23 - 2017-09-04 22:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-12 14:23 - 2017-09-04 22:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 14:23 - 2017-09-04 22:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-12 14:23 - 2017-09-04 22:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 14:23 - 2017-09-04 22:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-12 14:23 - 2017-09-04 22:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-12 14:23 - 2017-09-04 22:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 14:23 - 2017-09-04 21:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-12 14:23 - 2017-09-04 21:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 14:23 - 2017-09-04 21:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-12 14:23 - 2017-09-04 21:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-12 14:23 - 2017-09-04 21:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-12 14:23 - 2017-09-04 21:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 14:23 - 2017-09-04 21:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-12 14:23 - 2017-09-04 21:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-12 14:23 - 2017-09-04 21:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-12 14:23 - 2017-09-04 21:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-12 14:23 - 2017-09-04 21:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-12 14:23 - 2017-09-04 21:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-12 14:23 - 2017-09-04 21:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-12 14:23 - 2017-09-04 21:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-12 14:23 - 2017-09-04 21:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-12 14:23 - 2017-09-04 21:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-12 14:23 - 2017-09-04 21:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-12 14:23 - 2017-09-04 21:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 14:23 - 2017-09-04 21:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-12 14:23 - 2017-09-04 21:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 14:23 - 2017-09-04 21:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-12 14:23 - 2017-09-04 21:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-12 14:23 - 2017-09-04 21:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-12 14:23 - 2017-09-04 21:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-12 14:23 - 2017-09-04 21:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-12 14:23 - 2017-09-04 21:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 14:23 - 2017-09-04 21:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 14:23 - 2017-09-04 21:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-12 14:23 - 2017-09-04 21:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-12 14:23 - 2017-09-04 21:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-12 14:23 - 2017-09-04 21:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 14:23 - 2017-09-04 21:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 14:23 - 2017-09-04 21:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-12 14:23 - 2017-09-04 21:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 14:23 - 2017-09-04 21:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-12 14:23 - 2017-09-04 21:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-12 14:23 - 2017-09-04 21:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-12 14:23 - 2017-09-04 21:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-12 14:23 - 2017-09-04 21:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-12 14:23 - 2017-09-04 21:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-12 14:23 - 2017-09-04 21:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-12 14:23 - 2017-09-04 21:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 14:23 - 2017-09-04 21:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 14:23 - 2017-09-04 21:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 14:23 - 2017-09-04 21:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-12 14:23 - 2017-09-04 21:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-12 14:23 - 2017-09-04 21:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-12 14:23 - 2017-09-04 21:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-12 14:23 - 2017-09-04 21:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-12 14:23 - 2017-09-04 21:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 14:23 - 2017-09-04 21:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-12 14:23 - 2017-09-04 21:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 14:23 - 2017-09-04 21:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-12 14:23 - 2017-09-04 21:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-12 14:23 - 2017-09-04 21:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 14:23 - 2017-09-04 21:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-12 14:23 - 2017-09-04 21:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-12 14:23 - 2017-09-04 21:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 14:23 - 2017-09-04 21:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 14:23 - 2017-09-04 21:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-12 14:23 - 2017-09-04 21:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-12 14:23 - 2017-09-04 21:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-12 14:23 - 2017-09-04 21:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-12 14:23 - 2017-09-04 21:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-12 14:23 - 2017-09-04 21:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-12 14:23 - 2017-09-04 21:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-12 14:23 - 2017-09-04 21:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 14:23 - 2017-09-04 21:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-12 14:23 - 2017-09-04 21:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-12 14:23 - 2017-09-04 21:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-12 14:23 - 2017-09-04 21:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-12 14:23 - 2017-09-04 21:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 14:23 - 2017-09-04 21:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-12 14:23 - 2017-09-04 21:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-12 14:23 - 2017-09-04 21:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-12 14:23 - 2017-09-04 21:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 14:23 - 2017-09-04 21:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-12 14:23 - 2017-09-04 21:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-12 14:23 - 2017-09-04 21:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 14:23 - 2017-09-04 21:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-12 14:23 - 2017-09-04 21:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-12 14:23 - 2017-09-04 21:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-12 14:23 - 2017-08-31 22:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-12 12:48 - 2017-04-19 19:04 - 000338400 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsBaStor.sys
2017-09-12 12:48 - 2017-04-13 19:12 - 000329184 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsP2Stor.sys
2017-09-12 11:36 - 2017-09-12 11:41 - 018445826 _____ C:\Users\angde\Downloads\0006-RtsXStor_10.0.370.162.zip
2017-09-11 00:39 - 2017-09-11 00:39 - 000000923 _____ C:\Users\Public\Desktop\Project64.lnk
2017-09-11 00:39 - 2017-09-11 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 2.3
2017-09-11 00:25 - 2017-09-11 00:25 - 025964544 _____ C:\Users\angde\Downloads\gtk-sharp-2.12.45.msi
2017-09-11 00:24 - 2017-09-11 00:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mono
2017-09-11 00:23 - 2017-09-11 00:23 - 000000000 ____D C:\Program Files\Mono
2017-09-11 00:20 - 2017-09-11 00:22 - 127275008 _____ C:\Users\angde\Downloads\mono-5.2.0.215-x64-0.msi
2017-09-11 00:19 - 2017-09-11 00:19 - 000000000 ____D C:\Users\angde\Documents\Visual Studio 2017
2017-09-11 00:19 - 2017-09-11 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-09-11 00:16 - 2017-09-11 00:16 - 000001499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2017-09-11 00:14 - 2017-09-11 00:20 - 000000000 ____D C:\Users\angde\AppData\Roaming\Visual Studio Setup
2017-09-11 00:14 - 2017-09-11 00:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-09-11 00:14 - 2017-09-11 00:14 - 000001361 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-09-11 00:14 - 2017-09-11 00:14 - 000000000 ____D C:\Users\angde\AppData\Roaming\vstelemetry
2017-09-11 00:14 - 2017-09-11 00:14 - 000000000 ____D C:\Users\angde\AppData\Local\ServiceHub
2017-09-11 00:12 - 2017-09-11 00:12 - 001069968 _____ (Microsoft Corporation) C:\Users\angde\Downloads\vs_community.exe
2017-09-07 13:04 - 2017-09-07 13:04 - 006112072 _____ (Apple, Inc.) C:\WINDOWS\system32\usbaaplrc.dll
2017-09-07 13:04 - 2017-09-07 13:04 - 000054784 _____ (Apple, Inc.) C:\WINDOWS\system32\Drivers\usbaapl64.sys
2017-09-05 21:03 - 2017-09-05 21:03 - 000000938 _____ C:\Users\angde\Desktop\Sonic Mania.lnk
2017-09-05 03:42 - 2017-09-12 14:35 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore
2017-09-05 00:59 - 2017-09-05 01:01 - 155532048 _____ (Microsoft Corporation) C:\Users\angde\Downloads\msert.exe
2017-09-04 01:01 - 2017-09-04 01:01 - 000000039 _____ C:\Users\angde\AppData\Local\kritadisplayrc
2017-09-02 22:05 - 2017-09-02 22:05 - 000000000 ____D C:\Users\angde\AppData\Roaming\NVIDIA
2017-08-29 13:42 - 2017-08-29 13:42 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-29 13:42 - 2017-08-21 16:10 - 006463424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-08-29 13:42 - 2017-08-21 16:10 - 002479224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-08-29 13:42 - 2017-08-21 16:10 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-08-29 13:42 - 2017-08-21 16:10 - 000549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-08-29 13:42 - 2017-08-21 16:10 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-08-29 13:42 - 2017-08-21 16:10 - 000082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-08-29 13:42 - 2017-08-21 16:10 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-08-29 13:42 - 2017-08-21 15:54 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-29 13:42 - 2017-08-19 00:10 - 008142301 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-08-29 13:42 - 2017-06-15 12:32 - 000541984 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-08-29 13:42 - 2017-06-15 12:32 - 000525088 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-08-29 13:42 - 2017-06-15 12:32 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-08-29 13:42 - 2017-06-15 12:32 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-08-29 13:39 - 2017-08-21 18:01 - 040240248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 035924600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 035314112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 029019072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 023132184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 018849456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 013782904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 012225984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 011692344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 010072768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 004210360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 004162496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 003712024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 003590592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438541.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 001597888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438541.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 001292096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 001008816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000972736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000690320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000617232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000057976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-08-29 13:39 - 2017-08-21 18:01 - 000046453 _____ C:\WINDOWS\system32\nvinfo.pb
2017-08-29 13:39 - 2017-08-21 18:01 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-08-29 13:39 - 2017-08-21 18:01 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-08-29 12:39 - 2017-08-29 12:39 - 000000000 ____D C:\Users\angde\AppData\Roaming\Bungie
2017-08-28 21:08 - 2017-08-28 21:08 - 000000063 _____ C:\Users\angde\AppData\Local\emaildefaults
2017-08-28 10:47 - 2017-08-25 03:51 - 004689939 _____ C:\Users\angde\Desktop\krita.exe
2017-08-28 10:46 - 2017-09-04 01:01 - 000015610 _____ C:\Users\angde\AppData\Local\kritarc
2017-08-28 10:46 - 2017-08-28 10:46 - 000000000 ____D C:\Users\angde\AppData\Roaming\krita
2017-08-28 10:40 - 2017-08-28 10:43 - 100515262 _____ C:\Users\angde\Downloads\krita-3.2.1-x64.zip
2017-08-28 00:05 - 2017-08-28 00:05 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-27 21:29 - 2017-08-27 21:29 - 004380209 _____ C:\Users\angde\Downloads\ReLIFE Report 194 [Whiteout Scans].zip
2017-08-26 14:51 - 2017-09-25 12:45 - 000000000 ____D C:\Users\angde\AppData\Roaming\WTablet
2017-08-26 14:44 - 2017-08-26 14:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2017-08-26 14:44 - 2017-08-26 14:44 - 000000000 ____D C:\Program Files\TabletPlugins
2017-08-26 14:44 - 2017-08-26 14:44 - 000000000 ____D C:\Program Files (x86)\TabletPlugins
2017-08-26 14:43 - 2017-06-28 16:43 - 002282440 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Touch_Tablet.dll
2017-08-26 14:43 - 2017-06-28 16:43 - 002188744 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomMT.dll
2017-08-26 14:43 - 2017-06-28 16:43 - 002126792 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wintab32.dll
2017-08-26 14:43 - 2017-06-28 16:43 - 001798600 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Touch_Tablet.dll
2017-08-26 14:43 - 2017-06-28 16:43 - 001690568 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\WacomMT.dll
2017-08-26 14:43 - 2017-06-28 16:43 - 001650632 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wintab32.dll
2017-08-26 14:43 - 2017-04-28 16:21 - 001804688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01011.dll
2017-08-26 14:43 - 2017-04-28 16:21 - 000122512 _____ (Wacom Technology) C:\WINDOWS\system32\Drivers\wachidrouter.sys
2017-08-26 14:43 - 2017-04-11 11:23 - 000024040 _____ (Wacom Technology) C:\WINDOWS\system32\Drivers\wacomrouterfilter.sys
2017-08-26 14:43 - 2012-12-11 15:12 - 001721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfcoinstaller01009.dll
2017-08-26 14:42 - 2017-08-26 14:43 - 000000000 ____D C:\Program Files\Tablet
2017-08-26 14:42 - 2017-06-28 16:43 - 002289096 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Tablet.dll
2017-08-26 14:42 - 2017-06-28 16:43 - 001805768 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Tablet.dll
2017-08-26 14:37 - 2017-08-26 14:39 - 079726928 _____ C:\Users\angde\Downloads\WacomTablet_6.3.23-1.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-25 12:52 - 2017-07-02 12:45 - 000219450 _____ C:\WINDOWS\ZAM.krnl.trace
2017-09-25 12:52 - 2017-07-02 12:45 - 000082808 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-09-25 12:25 - 2017-07-24 19:06 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-25 12:02 - 2017-07-24 19:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-25 11:08 - 2017-07-24 19:07 - 001535602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-25 11:04 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-25 11:01 - 2017-08-08 09:55 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-09-25 11:01 - 2015-12-29 18:12 - 000000165 _____ C:\Users\angde\AppData\Roaming\sp_data.sys
2017-09-25 11:01 - 2015-12-29 18:12 - 000000000 __SHD C:\Users\angde\IntelGraphicsProfiles
2017-09-25 10:36 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-25 10:34 - 2017-07-24 19:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-25 10:34 - 2017-03-18 04:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-09-25 00:36 - 2017-07-24 19:03 - 001251872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-25 00:33 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-24 23:50 - 2017-07-02 12:45 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-09-24 23:32 - 2017-03-18 14:03 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-09-24 23:32 - 2017-03-18 14:03 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-09-24 23:15 - 2015-12-03 17:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-24 22:21 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Catroot2.old
2017-09-24 22:19 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-24 21:21 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-24 20:48 - 2016-06-28 11:31 - 000000000 ____D C:\Users\angde\AppData\Local\ElevatedDiagnostics
2017-09-24 20:37 - 2016-04-30 11:03 - 000000000 ____D C:\Users\angde\AppData\Local\CrashDumps
2017-09-24 06:53 - 2017-07-24 19:09 - 000000000 ____D C:\Users\angde
2017-09-23 23:11 - 2015-12-29 19:31 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-23 11:14 - 2017-08-13 15:59 - 000002336 _____ C:\Users\angde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-09-23 11:14 - 2017-08-13 15:59 - 000002328 _____ C:\Users\angde\Desktop\Vivaldi.lnk
2017-09-23 11:14 - 2017-08-13 15:59 - 000000000 ____D C:\Users\angde\AppData\Local\Vivaldi
2017-09-22 01:13 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-21 21:31 - 2017-07-26 23:02 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1891659179-3385980120-3754613756-1001
2017-09-21 21:31 - 2015-12-29 18:15 - 000002369 _____ C:\Users\angde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-21 21:31 - 2015-12-29 18:15 - 000000000 ___RD C:\Users\angde\OneDrive
2017-09-15 15:14 - 2016-09-20 23:03 - 000000000 ____D C:\ProgramData\Apple
2017-09-13 23:58 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-12 22:43 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-12 22:43 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-12 21:26 - 2017-05-23 15:18 - 000000000 ____D C:\Users\angde\AppData\Local\Battle.net
2017-09-12 21:25 - 2017-05-23 15:08 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-12 14:35 - 2015-12-29 18:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 14:32 - 2015-12-29 18:51 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-12 12:59 - 2017-07-24 19:07 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-09-12 12:48 - 2015-12-03 18:09 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-09-12 11:12 - 2017-05-14 15:26 - 000000000 ____D C:\Users\angde\AppData\Roaming\qBittorrent
2017-09-11 00:29 - 2016-04-08 04:24 - 000000000 ____D C:\Program Files (x86)\GtkSharp
2017-09-11 00:19 - 2017-07-24 19:55 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-09-05 20:50 - 2017-05-12 23:26 - 000000000 ____D C:\Users\angde\AppData\Local\ntuserlitelist
2017-09-02 08:15 - 2017-03-18 14:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 08:15 - 2017-03-18 14:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-29 14:08 - 2017-07-24 19:06 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-29 13:47 - 2016-07-12 15:19 - 000000000 ____D C:\Program Files (x86)\Overwatch Test
2017-08-29 13:42 - 2017-07-24 19:05 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-29 13:42 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Help
2017-08-29 13:41 - 2017-07-24 19:05 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-29 13:33 - 2017-07-24 19:37 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2017-07-24 19:37 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2017-07-24 19:37 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2017-07-24 19:37 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2017-07-24 19:37 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2017-07-24 19:37 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2017-07-24 19:37 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2017-07-24 19:37 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2016-10-27 10:44 - 000001491 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-08-28 00:05 - 2016-08-19 16:29 - 000455968 ____N C:\WINDOWS\Minidump\082817-27390-01.dmp
 
==================== Files in the root of some directories =======
 
2013-02-17 00:39 - 2013-02-17 00:39 - 000562152 _____ (UGD Software) C:\Program Files (x86)\VPNWatcher.exe
2011-11-28 15:09 - 2011-11-28 15:09 - 000019304 _____ () C:\Program Files (x86)\VPNWatcher.rtf
2015-12-29 18:12 - 2017-09-25 11:01 - 000000165 _____ () C:\Users\angde\AppData\Roaming\sp_data.sys
2016-09-29 14:59 - 2016-09-30 11:19 - 000000600 _____ () C:\Users\angde\AppData\Roaming\winscp.rnd
2017-08-28 21:08 - 2017-08-28 21:08 - 000000063 _____ () C:\Users\angde\AppData\Local\emaildefaults
2017-09-04 01:01 - 2017-09-04 01:01 - 000000039 _____ () C:\Users\angde\AppData\Local\kritadisplayrc
2017-08-28 10:46 - 2017-09-04 01:01 - 000015610 _____ () C:\Users\angde\AppData\Local\kritarc
2016-09-26 17:47 - 2016-10-03 21:45 - 000000600 _____ () C:\Users\angde\AppData\Local\PUTTY.RND
2017-05-28 13:15 - 2017-05-28 13:15 - 000003307 _____ () C:\Users\angde\AppData\Local\recently-used.xbel
2016-04-04 18:32 - 2016-04-15 17:00 - 000007598 _____ () C:\Users\angde\AppData\Local\Resmon.ResmonCfg
2016-09-29 14:30 - 2016-10-06 14:21 - 000000000 _____ () C:\Users\angde\AppData\Local\Temptable.xml
2017-07-24 19:07 - 2017-07-24 19:07 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2016-06-10 19:41 - 2016-06-10 19:41 - 000000016 _____ () C:\ProgramData\mntemp
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2017-09-19 22:59
 
==================== End of FRST.txt ============================
 
 
2. Addition.txt 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2017
Ran by angde (25-09-2017 12:54:47)
Running from C:\Users\angde\Downloads
Windows 10 Home Version 1703 (X64) (2017-07-25 02:46:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1891659179-3385980120-3754613756-500 - Administrator - Enabled) => C:\Users\Administrator
angde (S-1-5-21-1891659179-3385980120-3754613756-1001 - Administrator - Enabled) => C:\Users\angde
DefaultAccount (S-1-5-21-1891659179-3385980120-3754613756-503 - Limited - Disabled)
Guest (S-1-5-21-1891659179-3385980120-3754613756-501 - Limited - Disabled)
maggo (S-1-5-21-1891659179-3385980120-3754613756-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.1 - Arduino LLC)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.027 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.30 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bayonetta (HKLM\...\Steam App 460790) (Version:  - PlatinumGames)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 9.1 - Codeusa Software)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.05017 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{0BEF117F-BEBD-4948-AF22-210D14736BEC}) (Version: 4.3.05017 - Cisco Systems, Inc.) Hidden
CodeBlocks (HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
CyberLink PhotoDirector 5 (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
Dark Souls: Prepare to Die Edition (HKLM\...\Steam App 211420) (Version:  - FromSoftware)
Dead Cells (HKLM\...\Steam App 588650) (Version:  - Motion Twin)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Dotfuscator and Analytics Community Edition 5.19.1 (HKLM-x32\...\{2A7F99F6-88A4-4B44-B350-41C0B147A39C}) (Version: 5.19.1.3091 - PreEmptive Solutions) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Furi (HKLM\...\Steam App 423230) (Version:  - The Game Bakers)
GDR 4213 for SQL Server 2014 (KB3070446) (64-bit) (HKLM\...\KB3070446) (Version: 12.1.4213.0 - Microsoft Corporation)
GDR 4232 for SQL Server 2014 (KB3194720) (64-bit) (HKLM\...\KB3194720) (Version: 12.1.4232.0 - Microsoft Corporation)
GDR 4237 for SQL Server 2014 (KB4019091) (64-bit) (HKLM\...\KB4019091) (Version: 12.1.4237.0 - Microsoft Corporation)
Gigantic (HKLM\...\Steam App 327690) (Version:  - Motiga Inc.)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Gtk# for .Net 2.12.45 (HKLM-x32\...\{0D038544-52B1-4F30-BAE1-46509B4A91A7}) (Version: 2.12.45 - Xamarin, Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{aa2c2346-d0c0-4d3e-9ab1-11a48b4cb9f3}) (Version: 19.20.3 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.5230.111 - Waves Audio Ltd.) Hidden
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\TUVUQUxHRUFSUklTSU5HUkVWRU5HRUFOQ0U=_is1) (Version: 1 - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BE00C353-3529-4C31-AED2-AE3598D2CD2B}) (Version: 12.1.4237.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{EDB86AFA-B3AA-45F6-BEEB-DA14A47FC1FB}) (Version: 12.1.4237.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.11.33287.817 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 2 (HKLM-x32\...\{04fa3a35-1f49-4510-8051-819cdc1e6e01}) (Version: 14.0.25123.0 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Mono for Windows (x64) (HKLM\...\{4E1962CC-0498-4DDE-8342-2C146738A4DA}) (Version: 5.2.0 - Xamarin, Inc.)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{13FE8B50-B340-4FDA-BB6E-AA1F5FAB8205}) (Version: 14.0.25123 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
NieR: Automata (HKLM-x32\...\NieR: Automata_is1) (Version:  - )
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
PcRegBoost version 1.3 (HKLM-x32\...\{D4FD61C1-0B3B-44D1-9BBF-12A14B0BF915}_is1) (Version: 1.3 - iNextITNetwork) <==== ATTENTION
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.33 - ASUS)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
PS3Merge version 1.0.1.0 (HKLM-x32\...\PS3Merge_is1) (Version: 1.0.1.0 - Karmian.org)
qBittorrent 3.3.13 (HKLM-x32\...\qBittorrent) (Version: 3.3.13 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Resident Evil / biohazard HD REMASTER (HKLM\...\Steam App 304240) (Version:  - CAPCOM Co., Ltd.)
Resident Evil 0 HD Remaster (HKLM-x32\...\Resident Evil 0 HD Remaster_is1) (Version:  - )
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Roslyn Language Services - x86 (HKLM-x32\...\{289B0100-DE41-3E67-B7B0-98CB3AA72166}) (Version: 14.0.25125 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sleeping Dogs Definitive Edition version 1.0.0.0 (HKLM-x32\...\Sleeping Dogs Definitive Edition_is1) (Version: 1.0.0.0 - Mr DJ)
SOLIDWORKS 2016 x64 Edition SP02 (HKLM\...\{768F3B65-1695-47B7-9002-B11400CB111D}) (Version: 24.120.50 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2016 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20160-40200-1100-100) (Version: 24.2.0.50 - SolidWorks Corporation)
SOLIDWORKS Composer Player 2016 SP02 x64 Edition (HKLM\...\{8537E059-C18B-4DE6-AED6-CD9B90240C35}) (Version: 24.20.50 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2016 x64 Edition SP02 (HKLM\...\{BCB9F00D-D23D-465C-B7BB-629900B7FF51}) (Version: 16.2.0030 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Electrical 2016 SP02 x64 Edition (HKLM\...\{064914EF-A0D8-447D-8E5C-E888CA8FD467}) (Version: 24.20.50 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2016 SP02 x64 Edition  (HKLM\...\{0B7C2320-1D2F-42F1-9941-C88C6B7AB0D5}) (Version: 24.20.51 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2016 SP02 x64 Edition (HKLM\...\{DF6A3557-CE70-4357-81CF-E33CCB5E750D}) (Version: 24.20.50 - Dassault Systemes SolidWorks Corp) Hidden
Sonic Mania (HKLM-x32\...\{B01CBC6F-72DE-4658-95AD-2135F00A8695}_is1) (Version:  - SEGA)
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer 6.12.8 (HKLM-x32\...\Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer_is1) (Version: 6.12.8 - Tansee, Inc.)
Team Explorer for Microsoft Visual Studio 2015 Update 2 (HKLM-x32\...\{7932CD6F-86D3-3EE4-8A02-B954404D1FFC}) (Version: 14.95.25118 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{60890089-588B-4362-B9C5-A9C11D6E5DD1}) (Version: 1.8.9.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{937FE826-F9A3-46F2-A57E-4AB10E27484E}) (Version: 1.8.29.0 - Microsoft Corporation) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.3.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS)
univcredist (HKLM-x32\...\{2d9d4a60-1d22-46c1-84bb-1de04b4715d7}) (Version: 1.0.0.0 - Motiga)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Vanquish (HKLM-x32\...\Vanquish_is1) (Version:  - )
Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation)
Vivaldi (HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\Vivaldi) (Version: 1.12.955.36 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
VPN Watcher (HKLM-x32\...\{0F8B2A77-9740-4086-A037-93BAA30EB99E}) (Version: 2.0.4 - UGD Software)
VS Update core components (HKLM-x32\...\{6A878817-D626-305A-BE8D-94C93F70E27A}) (Version: 14.0.25123 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{0F2742A7-6A64-46A2-94AE-22F19808BE2F}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.23-1 - Wacom Technology Corp.)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.2.524 - ASUS Cloud Corporation)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinSCP 5.9.2 (HKLM-x32\...\winscp3_is1) (Version: 5.9.2 - Martin Prikryl)
WinX DVD Author 6.3.7 (HKLM-x32\...\WinX DVD Author_is1) (Version:  - DigiartySoft, Inc.)
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B06 - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-09-24] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWOW64\WSCM64.dll [2016-06-19] ()
ContextMenuHandlers1-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program Files (x86)\Movavi Video Suite 15\vcContext\vcContext.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-08-21] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-09-24] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program Files (x86)\Movavi Video Suite 15\vcContext\vcContext.dll -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05DBB694-8C12-48EF-9191-9DB3C8F1F88D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation)
Task: {0B7FC1E0-C608-4E7A-8F41-885266062996} - System32\Tasks\MaskitAutorun => C:\Program Files (x86)\Maskit\Maskit.exe
Task: {0C6D3DE7-69C1-47CD-8ECE-0969E23D1BD9} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {142628DB-30C5-40D5-B3EE-23EFDE0DE240} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-17] (NVIDIA Corporation)
Task: {18EBB2D4-50A2-4759-AD04-2B2D618438DC} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-04-08] (Microsoft Corporation)
Task: {1FF7EE86-040A-4DF5-9BEB-44747E31C5DA} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {2198CD41-AFF0-44AE-96C3-F6C04266B9FD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-17] (NVIDIA Corporation)
Task: {294C09EA-AE44-439A-B78B-EC05477525E3} - System32\Tasks\{F0D0111C-559A-4642-B127-7DAB6921CDBC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Overwatch\Overwatch Launcher.exe" -d "C:\Program Files (x86)\Overwatch"
Task: {299520DA-CBA6-4304-8EAA-4D0075D6BBA5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {420BF431-608C-4D16-93E0-154D249CF2CC} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {52644F34-5D4D-46A6-8ABF-23591A22BB65} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {53CD6386-C6B2-4379-9CB6-74FD715D7957} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-09-02] ()
Task: {56DC319F-C455-4F33-ADCD-7233A46549E6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-17] (NVIDIA Corporation)
Task: {674DE2B8-3DF6-40FC-A861-233598B0BF9B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {6F9BA516-56E0-4D79-A587-856483FA63FD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {7A78C400-BCD7-4FEE-8A45-22259F9246B1} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {800A21B8-D7D7-45DB-807C-C45408A5FA89} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {831B9B8B-4B7E-4010-B246-1CB43D7291A6} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation)
Task: {8887F6CA-04FD-455B-AE16-A80370263879} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-06-09] (ASUS)
Task: {999C824B-59F2-4214-A402-00F63E2E7237} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {9C3D015B-6E5F-48B4-88D9-527FAB87FA3B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-07-29] (Realtek Semiconductor)
Task: {9E7B552F-0A86-4176-867E-8696EFC684F4} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {ACD0CA0E-C8A1-439E-8440-764A3059FE23} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {AD625EEA-33FF-4F57-9D5A-B4BD3A4B9AE0} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {AD70A279-6374-4D53-93BA-2073E6634267} - System32\Tasks\{8FD576C7-C1D4-4A87-A2F0-1DC3CC7D2FE6} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\AnonymizerGadget\uninstaller.exe"
Task: {B509B973-F69E-48C2-AA44-C74963664ACB} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-17] (NVIDIA Corporation)
Task: {BFD401B1-AC2C-442F-BC38-C9C9B9818547} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation)
Task: {C40645D3-FBF2-44BC-9774-5DAAF5E97B63} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-09-02] ()
Task: {CD46229F-4F1F-4315-BCBF-463C95C36571} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {CFEEB4A7-9B7C-44E3-8C2A-FAF8E729B145} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {DB06991F-B19E-42C9-9ECC-A5CED76FE8C2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {E0ABF4FA-F44D-45F2-8446-4161D5810DF1} - \SMW_P -> No File <==== ATTENTION
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {EBE73805-CE33-44F2-AE55-55771171BC5A} - System32\Tasks\HDWallPaper => C:\Program Files (x86)\HDWallPaper\HDWallPaper.exe <==== ATTENTION
Task: {EDE0FEFE-EE9E-42C7-8D6A-8B935EE0289B} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-09-02] ()
Task: {F059D487-7D69-45E7-8C03-5F290A34704A} - System32\Tasks\{84D5611C-D8EE-4E9D-93A5-5E3D70D2F50E} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Overwatch\Overwatch Launcher.exe" -d "C:\Program Files (x86)\Overwatch"
Task: {F238883B-3B44-45AD-A7FC-83ADA67F68B2} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2015-03-14] (Microsoft Corporation)
Task: {F244336C-E303-43E7-B87E-9D3C4E1E2C95} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {F56F0242-59E6-42D0-A802-9F5398FB15CF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-12] (Microsoft Corporation)
Task: {F72D7C21-EC5D-4BD1-8498-824B54A520CF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation)
Task: {F7DF3E1B-9719-44BF-9837-AC436C507A65} - System32\Tasks\initwin => C:\Users\angde\AppData\Local\initwin\initwin.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\angde\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-01 02:49 - 2017-09-01 02:49 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-03 18:34 - 2014-04-14 19:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-10-27 10:44 - 2017-08-17 21:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-05 17:36 - 2017-01-05 17:36 - 000077824 _____ () C:\Users\angde\AppData\Local\ntuserlitelist\dataup\dataup.exe
2016-02-10 16:37 - 2016-09-20 23:42 - 000179208 _____ () D:\solidworks\SOLIDWORKS Electrical\server\EwServer.exe
2017-05-03 17:11 - 2017-05-03 17:11 - 000619008 ____N () C:\windows\system32\tprdpw64.exe
2017-08-29 13:42 - 2017-08-21 16:10 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-11-30 22:57 - 2016-11-30 22:57 - 000401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-08-26 14:42 - 2017-06-28 16:43 - 001658312 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-06-07 13:09 - 2017-06-07 13:09 - 000598528 _____ () C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-12 16:55 - 2017-09-12 16:56 - 000020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-09-12 16:55 - 2017-09-12 16:55 - 029621760 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-16 18:24 - 2017-08-16 18:25 - 000358912 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-16 18:24 - 2017-08-16 18:25 - 002536448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-09-12 16:55 - 2017-09-12 16:56 - 020305920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-16 18:24 - 2017-08-16 18:25 - 002415104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-09-12 16:55 - 2017-09-12 16:55 - 003028992 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-02 11:58 - 2017-06-02 11:58 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-02 11:58 - 2017-06-02 11:58 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-16 18:24 - 2017-08-16 18:25 - 001370112 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\adb.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\AdbWinApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\AdbWinUsbApi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\is-6JGEH.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\WLXPGSS.SCR:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ibtsiva.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nikcommonapisrv.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\pdfcmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vsjitdebugger.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsjitdebugger.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSCM32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSCM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\massfilter_hs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\viahsets.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\viahsser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpnva64-6.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\zghsnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\zghsser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\364.51-notebook-win10-64bit-international-whql.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\angde\Downloads\364.51-notebook-win10-64bit-international-whql.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\7z1600-x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\7z1600-x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\aimer-dvd-creator_full242.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\aimer-dvd-creator_full242.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\anyconnect-win-4.2.05015-pre-deploy-k9.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\anyconnect-win-4.2.05015-pre-deploy-k9.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\ccsetup516.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\ccsetup516.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\clown_CLIPCHAMP_keep.webm:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\clown_CLIPCHAMP_keep.webm:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\cmd_fw_installer_6113_c7.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\angde\Downloads\cmd_fw_installer_6113_c7.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\codeblocks-16.01mingw-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\codeblocks-16.01mingw-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\DVDFab9303.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\DVDFab9303.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\FreemakeVideoConverterSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\FreemakeVideoConverterSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\GeForce_Experience_v3.0.7.34.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\GeForce_Experience_v3.0.7.34.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\MovaviVideoSuiteSetupFjw1o.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\MovaviVideoSuiteSetupFjw1o.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\OriginThinSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\OriginThinSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\pcsx2-1.4.0-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\pcsx2-1.4.0-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\SetupDVDDecrypter_3.5.4.0.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\shotcut-win64-160501.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\shotcut-win64-160501.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\SolidWorksSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\SolidWorksSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\UCI:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\UCI:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\UnityDocumentationSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\UnityDownloadAssistant-5.3.1f1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\UnityDownloadAssistant-5.3.1f1.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\UnitySetup-Windows-Support-for-Editor-5.3.1f1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\UnitySetup64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\UnityStandardAssetsSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\UnityWebPlayerDevelopment.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\video-converter-free_setup_full1129.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\video-converter-free_setup_full1129.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\vlc-2.2.3-win32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\vlc-2.2.3-win32.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\windows-dvd-maker-new(1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\windows-dvd-maker-new(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\windows-dvd-maker-new.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\windows-dvd-maker-new.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\WinSCP-5.9.2-Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\WinSCP-5.9.2-Setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\winx-dvd-author.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\winx-dvd-author.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\wlsetup-web.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\wlsetup-web.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\angde\Documents\document.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Documents\document.pdf:$CmdZnID [26]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 04:04 - 2017-05-12 23:16 - 000001036 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 wemsofts.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\angde\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{52ce8f15-caaf-446b-a147-482808652229}.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2016 Fast Start.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "ROGNB"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "BrowserPlugInHelper"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "Arc"
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\StartupApproved\Run: => "#KI0A8&+t7.exe"
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\StartupApproved\Run: => "sxcoyl"
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CA0F78C0-D9E1-45CC-817D-DB9B8F49EDFF}] => (Block) D:\games\wolfenstein\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [{2BB5B0AE-8C5D-4341-A2AF-AB40458FD5BF}] => (Block) D:\games\wolfenstein\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{093D4A6C-B832-4BB7-89E3-67EFC2B9AEB3}D:\games\wolfenstein\wolfenstein the new order\wolfneworder_x64.exe] => (Allow) D:\games\wolfenstein\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{E39249A1-6E49-423A-8CE7-0AB2304FD8DF}D:\games\wolfenstein\wolfenstein the new order\wolfneworder_x64.exe] => (Allow) D:\games\wolfenstein\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [{B526F19A-3CA9-4A9A-A957-84CC4C13D175}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Cells\deadcells.exe
FirewallRules: [{B4188018-3CE1-46C8-B6B7-871FCB6B21A5}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Cells\deadcells.exe
FirewallRules: [{07D74B77-BD03-4103-85FA-33D206829D33}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{E68B7C98-EECC-457B-94F1-D78305569A07}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{8DCB90A4-DC84-4611-BEC4-305EAE11975E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6C2E4140-E8B1-43BB-94D6-FDFFDFFF2D6E}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [UDP Query User{C7514A67-744B-4CB2-A27E-0DA78D64EBC9}D:\games\starcraft\starcraft.exe] => (Allow) D:\games\starcraft\starcraft.exe
FirewallRules: [TCP Query User{FE2FB77E-72F1-46C9-BF9E-C84DC6EA7E45}D:\games\starcraft\starcraft.exe] => (Allow) D:\games\starcraft\starcraft.exe
FirewallRules: [UDP Query User{06E97C8E-D401-4412-A2E3-D7BF443A8EC4}D:\games\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{1A862463-280F-468A-8AF2-3E4C3C5FC229}D:\games\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AA967E15-68AE-43E2-B1EF-748A60AE50F1}C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [TCP Query User{9129A1C7-C312-439A-A814-46A4EF77C1C9}C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [{5B135755-AE47-4A69-8F23-570814AED057}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [UDP Query User{C3E48398-186A-457E-8A8E-88F974CAA5F0}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [TCP Query User{3B3BC018-CC7A-49E0-82B6-2DEDCF17B0B0}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [{9D4738C4-F4B5-4A0D-AD62-96012FE314D9}] => (Allow) D:\SteamLibrary\steamapps\common\Bayonetta\Bayonetta.exe
FirewallRules: [{302FCA18-5A21-488D-8342-D1560709382D}] => (Allow) D:\SteamLibrary\steamapps\common\Bayonetta\Bayonetta.exe
FirewallRules: [UDP Query User{1E25A27D-2BA7-4E5D-AE47-3C12D3D1B8BC}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{A344A21E-F80F-42D0-AA1F-8B767C881A90}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{98E11A9A-29ED-4B73-9263-4BE8F1EC9F99}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{81BDDC9A-6054-4007-B77B-EB8C0ACE2E05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FDB3A506-1571-4374-9B15-F74586F64BCC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F199D154-1605-4AB7-9961-C796C44B5644}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{01B902DF-0C89-471C-8908-8FA8E43EE5A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{BD20D2D4-745A-48DF-8445-832D71F54E63}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{AB8C796E-02B7-4C79-B50A-4DF75FDBF406}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{0750CE55-19E4-4CDA-86E9-41C5E062C53F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Furi\Furi.exe
FirewallRules: [{76F48BA2-92E9-40B3-91DB-DA58B8FA31ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Furi\Furi.exe
FirewallRules: [{6785D6B5-BA41-40FE-8082-10A1E4D208C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{DA70A942-7F8B-42A3-93A0-8B8876CD3093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{703A1345-ED8E-4508-A817-6C3B462F515B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A3258BD3-2DF3-46A1-B49B-AA7E8BF7E85D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{439757C5-2325-4CC8-965A-EB3077DC5D8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil Biohazard HD REMASTER\bhd.exe
FirewallRules: [{6E33D6A4-832B-47AC-93F4-602E880B79D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil Biohazard HD REMASTER\bhd.exe
FirewallRules: [{792FA98E-F867-430E-B8AC-5C3EC7A81599}] => (Allow) D:\solidworks\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{484A38D4-66BC-4904-B4BE-1A215A81A42B}] => (Allow) D:\solidworks\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{8C3B8272-837D-4ACE-8C73-363CEEC2783C}] => (Allow) C:\Games\Sleeping Dogs Definitive Edition\Mr DJ\Sleeping Dogs Definitive Edition\sdhdship.exe
FirewallRules: [{9035E0C3-65A9-49B4-A974-80445A892CEF}] => (Allow) C:\Games\Sleeping Dogs Definitive Edition\Mr DJ\Sleeping Dogs Definitive Edition\sdhdship.exe
FirewallRules: [{F7DC7A4E-C000-463C-9496-015AA67E51ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{20794769-6B9F-4B6B-9042-09E600BD5438}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{EEB76B10-0A85-4715-8A3B-8CB9CA23D9DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{811EAEFE-6E23-4EE8-969E-C465A2109390}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AE4576AA-37E6-47C9-BCA4-0DB2A369B16F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{E6EE9F02-B950-4CC7-9D6B-AA27F16C1FAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{C55C370E-50B5-4FE9-A5C4-09002CF3A9F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{523A62FB-E1C1-4948-B63D-53CBE30BE9FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{65D175CA-AB27-480F-BFEE-9EA32589FC1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F11CDEED-9FF5-43C2-B637-542211F5B0E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{88992AED-6E1C-47FE-B171-00FCAAC99D08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{BC93931A-652E-4EE3-9778-4F17F024C29C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{DFCCFA30-A6FA-4A3B-89CE-5BC1C55FBB0A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C45967A9-E67C-4BA9-9810-4C50F3947275}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5EB981F0-DCA0-4DEF-BF83-ACF4CE00BB2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{331C9A67-0F51-4837-BF44-9C85C10101E2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{18822B01-3C3B-4391-A2B8-FCBA380B1563}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A226220C-CD52-4F9B-B3B7-772528BB5A65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{54CC7DFC-5CB1-4949-8ACD-AFBED84A9BF7}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{685EB404-A0EA-4680-9C82-C7A326DBDB22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{AE472112-52C5-42EE-953D-71F29817576D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{124DDCEC-C56C-4C29-8FA7-77A286DD51BF}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{C62258BF-C5BE-44D9-B7BF-21E325AD1AF7}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{40DA75B5-0BAC-4C27-8E1B-FDAAB9AAE4BF}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [{AE8FB190-D0E2-4029-B1E3-78A413667414}] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [{BBAD6C73-7F2E-4455-BC70-3FE54DCD8380}] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{F6D643DC-C1BA-4593-9C22-7F869F8162EF}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{9EBC96B4-5F06-45D1-9A53-3254857CD80E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{9B7AA1EF-6AE7-4F93-B017-6BD51FCB683F}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{BD2CE9BB-EB64-4C79-BF73-AE4D457CC5F5}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{040F7E60-DCD0-4973-AFF3-4D808F5A33B1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E849B758-12EE-4F17-BBAC-F33344EC5821}] => (Allow) LPort=2869
FirewallRules: [{205A46CD-3DFC-4D88-9909-3BC610EEDA62}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2981871C-FC59-4992-9831-97BDC0375655}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{0370BDB9-3EA5-46FA-9589-0473F0C848AB}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{FA455E53-016A-4695-AB90-CD954A94FB4E}] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{0E83E13D-60BE-439B-A907-391BD41B0B3B}] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{763346AF-8043-4B81-B924-F2B1050ACD4E}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{6CCC83DA-02A1-4F1A-8762-B65921830208}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{74099250-D518-4393-A5A9-D89933E55D4C}] => (Block) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{D94EEDA7-268B-492F-AB19-BA095E0FFEB9}] => (Block) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{C4EE7051-BCA5-4693-9CE8-69FD3A1E5DE2}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{F6B120F1-1B70-40C5-8C65-68AD8AF2871F}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{A29BBC06-A2C7-4066-9FDF-E9E3F22C50C7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75CE1CAA-D0F9-43B7-8AAD-4F255FD7EDED}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{20AFBA8E-8E8F-49EA-B992-E950D0780F4C}] => (Allow) D:\SteamLibrary\steamapps\common\Gigantic\ArcSteamHelper.exe
FirewallRules: [{A76FBF1B-A246-432E-B3BF-A5C227CBE97D}] => (Allow) D:\SteamLibrary\steamapps\common\Gigantic\ArcSteamHelper.exe
FirewallRules: [{6A784192-B52B-45B6-9865-32F2DB425390}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{62B64573-C67E-4F92-97EB-8BA6602E89F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2A29EEE7-AFF6-4DF2-A9A8-D55263D45624}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3C9FABBC-D689-4C43-98FF-269CB4F2B6DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{48950B28-4498-414D-8AA6-D3BCCF8BB311}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1B5BFD09-CC4B-4305-A736-E21A0E8DA05D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{1357EC00-C4FD-4BC3-B9F8-63BAA2D18722}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [UDP Query User{A1254681-5B31-4732-9305-81170985AC1C}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [TCP Query User{58DB5878-3EDA-4D66-905C-173455D2AE37}D:\steamlibrary\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe
FirewallRules: [UDP Query User{2300DEEF-1A2E-4234-AA8F-60F88D984A33}D:\steamlibrary\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe
FirewallRules: [TCP Query User{A03C18FB-5158-44F2-BDDD-69F9A9FD5AA4}D:\games\destiny 2\destiny 2\destiny2.exe] => (Allow) D:\games\destiny 2\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{5540B97B-5D88-4697-A2AD-2C9C00CB619E}D:\games\destiny 2\destiny 2\destiny2.exe] => (Allow) D:\games\destiny 2\destiny 2\destiny2.exe
FirewallRules: [{18026E39-C8B6-46AF-BE2C-81536B0350B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C7764519-A3FE-4EEB-9418-5C1C591A1106}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{89F091F9-3E3D-4313-9BBE-39C5B1D05E33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [TCP Query User{6E441F48-E545-494E-B581-D7CF5E2D6730}C:\users\angde\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\angde\appdata\local\vivaldi\application\vivaldi.exe
FirewallRules: [UDP Query User{44CDFFEA-B9A9-402E-B06D-94B2CF7C3C23}C:\users\angde\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\angde\appdata\local\vivaldi\application\vivaldi.exe
 
==================== Restore Points =========================
 
11-09-2017 00:28:43 Installed Gtk# for .Net 2.12.45
15-09-2017 15:08:26 Removed Bonjour
23-09-2017 23:38:30 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/25/2017 12:39:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 10.0.15063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 790
 
Start Time: 01d3362bc693683e
 
Termination Time: 2
 
Application Path: C:\Windows\SysWOW64\rundll32.exe
 
Report Id: 6bf1adc6-7d20-45b8-9663-b492bd78535e
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (09/25/2017 10:19:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x011fae1b
Faulting process id: 0x18c4
Faulting application start time: 0x01d336224af67051
Faulting application path: C:\Program Files\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Program Files\ntuserlitelist\svcvmx\libcef.dll
Report Id: 12937777-72bf-4f1d-b7b8-2bd3b5a6a11e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/25/2017 09:33:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x1b40
Faulting application start time: 0x01d3361bf62c2082
Faulting application path: C:\Program Files\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Program Files\ntuserlitelist\svcvmx\libcef.dll
Report Id: 1491d3ee-87aa-4c9b-8981-c66f1878cfe4
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/25/2017 08:30:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x00180814
Faulting process id: 0x18c0
Faulting application start time: 0x01d33612ed4ca5f8
Faulting application path: C:\Program Files\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Program Files\ntuserlitelist\svcvmx\libcef.dll
Report Id: 91728d6e-3fff-47af-83b5-5c9545221227
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/25/2017 07:19:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x1548
Faulting application start time: 0x01d336091db2d3a3
Faulting application path: C:\Program Files\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Program Files\ntuserlitelist\svcvmx\libcef.dll
Report Id: b259137c-f8a4-47f8-b2ab-ddba43e7c5c6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/25/2017 07:05:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x00180814
Faulting process id: 0x154c
Faulting application start time: 0x01d336073ade2b49
Faulting application path: C:\Program Files\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Program Files\ntuserlitelist\svcvmx\libcef.dll
Report Id: b825967d-61dc-4fa3-96c4-80775db96cd6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/25/2017 05:43:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x00180814
Faulting process id: 0xf7c
Faulting application start time: 0x01d335fbdc46dbef
Faulting application path: C:\Program Files\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Program Files\ntuserlitelist\svcvmx\libcef.dll
Report Id: c4036cff-079a-4689-8268-661a95b86a31
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/25/2017 05:17:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x00180814
Faulting process id: 0x1a40
Faulting application start time: 0x01d335f831254c94
Faulting application path: C:\Program Files\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Program Files\ntuserlitelist\svcvmx\libcef.dll
Report Id: 4d5e1bde-b144-4fe6-bedd-5e44b328d889
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/25/2017 04:52:14 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files\Mono\lib\mono\4.5\nunit-console.exe".Error in manifest or policy file "C:\Program Files\Mono\lib\mono\4.5\nunit-console.exe.Config" on line 1.
Invalid Xml syntax.
 
Error: (09/25/2017 04:50:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (09/25/2017 11:05:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.251.1412.0).
 
Error: (09/25/2017 11:04:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (09/25/2017 11:02:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (09/25/2017 11:01:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/25/2017 11:01:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/25/2017 11:01:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/25/2017 11:01:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/25/2017 10:41:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.
 
Error: (09/25/2017 10:39:14 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (09/25/2017 10:38:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-09-24 23:09:24.652
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-09-03 00:01:35.616
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-03 00:01:35.614
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-02 23:47:01.789
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_33462f669491c2ff\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-02 23:47:01.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-02 23:47:00.131
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-02 23:47:00.129
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-02 12:44:44.620
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-02 12:44:44.618
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-01 22:09:28.626
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_33462f669491c2ff\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 46%
Total physical RAM: 8081.01 MB
Available physical RAM: 4289.71 MB
Total Virtual: 14481.01 MB
Available Virtual: 10247.47 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:111.94 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:39.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5FF57405)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by Chris Cosgrove, 25 September 2017 - 05:05 PM.
4 accidental duplicates deleted


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 25 September 2017 - 08:26 PM

Hi Daggda :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Daggda

Daggda
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 26 September 2017 - 04:25 PM

I was able to run an MBAR scan and windows defender and other antivirus programs seem to be working now for the time being. 

 

Here is the mbar log:

 

Malwarebytes Anti-Rootkit BETA 1.10.1.1002
www.malwarebytes.org
 
Database version:
  main:    v2017.09.26.07
  rootkit: v2017.09.13.01
 
Windows 10 x64 NTFS
Internet Explorer 11.608.15063.0
angde :: BEAST [administrator]
 
9/26/2017 10:36:01 AM
mbar-log-2017-09-26 (10-36-01).txt
 
Scan type: 
Scan options enabled: Anti-Rootkit | Drivers | MBR
Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Objects scanned: 54
Time elapsed: 2 minute(s), 28 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [a1184d89fddc3c481bce6ecc1384a192]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 26 September 2017 - 05:45 PM

Awesome :) Now let's run a scan with Malwarebytes to see what it can detect.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Daggda

Daggda
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 26 September 2017 - 08:35 PM

These are the results of the malwarebytes scan. Everything seems to have gone smoothly, I'll post again if any further issues arise. Thanks for the help. 

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 9/26/17
Scan Time: 11:00 AM
Log File: a533e864-a2e4-11e7-8efc-086266b8a25c.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2892
License: Trial
 
-System Information-
OS: Windows 10 (Build 15063.608)
CPU: x64
File System: NTFS
User: BEAST\angde
 
-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 702399
Threats Detected: 324
Threats Quarantined: 324
Time Elapsed: 7 hr, 27 min, 5 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 18
PUP.Optional.Spigot, HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{38F8E1B8-5B69-4455-9414-517A300A4B85}, Delete-on-Reboot, [640], [243431],1.0.2892
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\MBS_INSTALL, Delete-on-Reboot, [6], [392968],1.0.2892
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Delete-on-Reboot, [5399], [425124],1.0.2892
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AGProxyCheck, Delete-on-Reboot, [1162], [356698],1.0.2892
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [1162], [-1],0.0.0
PUP.Optional.HDWallPaper, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\HDWallPaper, Delete-on-Reboot, [110], [314836],1.0.2892
PUP.Optional.InitWin, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\initwin, Delete-on-Reboot, [1169], [392635],1.0.2892
PUP.Optional.StartPage, HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\SOFTWARE\START PAGE, Delete-on-Reboot, [46], [259290],1.0.2892
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\CONSOLE\TASKENG.EXE, Delete-on-Reboot, [5399], [425125],1.0.2892
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CD46229F-4F1F-4315-BCBF-463C95C36571}, Delete-on-Reboot, [1162], [356684],1.0.2892
PUP.Optional.Goobzo.BITSRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E0ABF4FA-F44D-45F2-8446-4161D5810DF1}, Delete-on-Reboot, [8132], [384280],1.0.2892
PUP.Optional.HDWallPaper, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EBE73805-CE33-44F2-AE55-55771171BC5A}, Delete-on-Reboot, [110], [316538],1.0.2892
PUP.Optional.InitWin, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F7DF3E1B-9719-44BF-9837-AC436C507A65}, Delete-on-Reboot, [1169], [392634],1.0.2892
PUP.Optional.HDWallPaper, HKLM\SOFTWARE\HDWallpaper, Delete-on-Reboot, [110], [404734],1.0.2892
PUP.Optional.Goobzo.BITSRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SMW_P, Delete-on-Reboot, [8132], [384279],1.0.2892
Trojan.Clicker, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup, Delete-on-Reboot, [21], [377136],1.0.2892
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2bdd1e68}, Delete-on-Reboot, [22], [260250],1.0.2892
Trojan.Clicker, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP, Delete-on-Reboot, [21], [377137],1.0.2892
 
Registry Value: 21
PUP.Optional.Spigot, HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{38F8E1B8-5B69-4455-9414-517A300A4B85}|URL, Delete-on-Reboot, [640], [243431],1.0.2892
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Delete-on-Reboot, [5399], [425126],1.0.2892
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\MBS_INSTALL|CHANNEL, Delete-on-Reboot, [6], [392968],1.0.2892
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Delete-on-Reboot, [5399], [425124],1.0.2892
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [1162], [-1],0.0.0
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [1162], [-1],0.0.0
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKU\S-1-5-21-1891659179-3385980120-3754613756-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [1162], [-1],0.0.0
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [1162], [-1],0.0.0
PUP.Optional.StartPage, HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\SOFTWARE\START PAGE|START PAGE, Delete-on-Reboot, [46], [259290],1.0.2892
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Delete-on-Reboot, [5399], [425125],1.0.2892
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CD46229F-4F1F-4315-BCBF-463C95C36571}|PATH, Delete-on-Reboot, [1162], [356684],1.0.2892
PUP.Optional.Goobzo.BITSRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E0ABF4FA-F44D-45F2-8446-4161D5810DF1}|PATH, Delete-on-Reboot, [8132], [384280],1.0.2892
PUP.Optional.HDWallPaper, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EBE73805-CE33-44F2-AE55-55771171BC5A}|PATH, Delete-on-Reboot, [110], [316538],1.0.2892
PUP.Optional.InitWin, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F7DF3E1B-9719-44BF-9837-AC436C507A65}|PATH, Delete-on-Reboot, [1169], [392634],1.0.2892
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{71a3d8d6-223b-4f24-af1a-e73dc08649b9}|NameServer, Delete-on-Reboot, [5678], [260227],1.0.2892
Trojan.Clicker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SVCVMX, Delete-on-Reboot, [21], [359915],1.0.2892
Trojan.Clicker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CPX, Delete-on-Reboot, [21], [385254],1.0.2892
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{36e50320-a1e7-47a2-95c8-fe1291e99ab2}|NAMESERVER, Delete-on-Reboot, [5678], [260227],1.0.2892
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{87a2a113-99b0-4578-b120-914a6c51b5a6}|NAMESERVER, Delete-on-Reboot, [5678], [260227],1.0.2892
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2bdd1e68}|1, Delete-on-Reboot, [22], [260250],1.0.2892
Trojan.Clicker, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|IMAGEPATH, Delete-on-Reboot, [21], [377137],1.0.2892
 
Registry Data: 13
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replace-on-Reboot, [5678], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replace-on-Reboot, [5678], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{238ab6ae-8ccd-4b5b-a40c-e6b8af37f03f}|NameServer, Replace-on-Reboot, [5678], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2429e835-fe97-4fac-8190-0d47ec0baad6}|NameServer, Replace-on-Reboot, [5678], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2429e835-fe97-4fac-8190-0d47ec0baad6}|DhcpNameServer, Replace-on-Reboot, [5678], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}|NameServer, Replace-on-Reboot, [5678], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2ef64218-a444-41de-a3db-713ee6548054}|NameServer, Replace-on-Reboot, [5678], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{36e50320-a1e7-47a2-95c8-fe1291e99ab2}|NameServer, Replace-on-Reboot, [5678], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{36e50320-a1e7-47a2-95c8-fe1291e99ab2}|DhcpNameServer, Replace-on-Reboot, [5678], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{71a3d8d6-223b-4f24-af1a-e73dc08649b9}|NameServer, Replace-on-Reboot, [5678], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{71a3d8d6-223b-4f24-af1a-e73dc08649b9}|DhcpNameServer, Replace-on-Reboot, [5678], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{87a2a113-99b0-4578-b120-914a6c51b5a6}|NameServer, Replace-on-Reboot, [5678], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{87a2a113-99b0-4578-b120-914a6c51b5a6}|DhcpNameServer, Replace-on-Reboot, [5678], [-1],0.0.0
 
Data Stream: 0
(No malicious items detected)
 
Folder: 42
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\locales, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\regtool, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\dataup, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist, Delete-on-Reboot, [21], [385263],1.0.2892
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{12b0084a-612c-0}, Delete-on-Reboot, [8374], [407180],1.0.2892
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{61883ef9-012c-1}, Delete-on-Reboot, [8374], [407180],1.0.2892
Trojan.Clicker, C:\Users\angde\AppData\Local\ntuserlitelist\regtool, Delete-on-Reboot, [21], [383807],1.0.2892
Trojan.Clicker, C:\Users\angde\AppData\Local\ntuserlitelist\dataup, Delete-on-Reboot, [21], [383807],1.0.2892
Trojan.Clicker, C:\Users\angde\AppData\Local\ntuserlitelist\svcvmx, Delete-on-Reboot, [21], [383807],1.0.2892
Trojan.Clicker, C:\Users\angde\AppData\Local\ntuserlitelist, Delete-on-Reboot, [21], [383807],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\traffic, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\dialog, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\sandbox, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\config, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\utils, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\locale\ru-RU, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\locale, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\skin, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}, Delete-on-Reboot, [671], [382903],1.0.2892
 
File: 230
PUP.Optional.AnonymizerGadget, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$RDPP1QJ\AGLOADER.DLL, Delete-on-Reboot, [1570], [338559],1.0.2892
PUP.Optional.PCRegBoost, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$RF3ZCI0\SERVE.EXE, Delete-on-Reboot, [55], [397091],1.0.2892
PUP.Optional.PCRegBoost, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$RF3ZCI0\CONSOLE.EXE, Delete-on-Reboot, [55], [397091],1.0.2892
PUP.Optional.PCRegBoost, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$RF3ZCI0\WINDOWSGEN.EXE, Delete-on-Reboot, [55], [397091],1.0.2892
PUP.Optional.HDWallPaper, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$R86M8LF\TASKSETTER.EXE, Delete-on-Reboot, [110], [400698],1.0.2892
PUP.Optional.HDWallPaper, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$R86M8LF\HDINSTALLER.EXE, Delete-on-Reboot, [110], [401034],1.0.2892
PUP.Optional.StartGo123, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$R86M8LF\AUTOUPDATE.EXE, Delete-on-Reboot, [676], [325509],1.0.2892
Adware.ChinAd, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$R86M8LF\DEINIT.EXE, Delete-on-Reboot, [542], [384802],1.0.2892
PUP.Optional.AnonymizerGadget, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$RDPP1QJ\ANONYMIZERLAUNCHER.EXE, Delete-on-Reboot, [1570], [338241],1.0.2892
PUP.Optional.PCRegBoost, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$RF3ZCI0\PCREGBOOST.EXE, Delete-on-Reboot, [55], [397065],1.0.2892
PUP.Optional.HDWallPaper, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$R86M8LF\HDWALLPAPER.EXE, Delete-on-Reboot, [110], [400698],1.0.2892
PUP.Optional.StartGo123, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$R86M8LF\PROMOTE.EXE, Delete-on-Reboot, [676], [325509],1.0.2892
Adware.Tuto4PC.Generic, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$RRUECY2\UNINSTALLER.EXE, Delete-on-Reboot, [1326], [414802],1.0.2892
Adware.Yelloader, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$RS6M0DI\S.EXE, Delete-on-Reboot, [1392], [421876],1.0.2892
Adware.Yelloader, C:\$RECYCLE.BIN\S-1-5-21-1891659179-3385980120-3754613756-1001\$RS6M0DI\U.EXE, Delete-on-Reboot, [1392], [421875],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\dataup\dataup.exe, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\dataup\dataup.ini, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\dataup\help_dll.dll, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\dataup\NTSVC.ocx, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\regtool\regtool.exe, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\locales\en-US.pak, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\locales\zh-CN.pak, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\cef.pak, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\cef_100_percent.pak, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\cef_200_percent.pak, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\cef_extensions.pak, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\d3dcompiler_47.dll, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\dbghelp.dll, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\debug.log, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\icudtl.dat, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\libcef.dll, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\libEGL.dll, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\libGLESv2.dll, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\natives_blob.bin, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\pepflashplayer.dll, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\snapshot_blob.bin, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\vmxclient.exe, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\widevinecdm.dll, Delete-on-Reboot, [21], [385263],1.0.2892
Trojan.Clicker, C:\Program Files\ntuserlitelist\svcvmx\widevinecdmadapter.dll, Delete-on-Reboot, [21], [385263],1.0.2892
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{12b0084a-612c-0}\{12b0084a-612c-0}.d, Delete-on-Reboot, [8374], [407180],1.0.2892
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{61883ef9-012c-1}\{61883ef9-012c-1}.d, Delete-on-Reboot, [8374], [407180],1.0.2892
PUP.Optional.InstallCore, C:\USERS\ANGDE\APPDATA\LOCAL\PACKAGES\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\AC\#!001\MICROSOFTEDGE\CACHE\RV122QY1\ADOBE_FLASH_SETUP[2].EXE, Delete-on-Reboot, [2], [435347],1.0.2892
Adware.Yelloader, C:\USERS\ANGDE\APPDATA\LOCAL\UXAKH\QGKTJ, Delete-on-Reboot, [1392], [404612],1.0.2892
PUP.Optional.MailRu, C:\USERS\ANGDE\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\MAIL.RU.LNK, Delete-on-Reboot, [671], [384473],1.0.2892
PUP.Optional.Search.ShrtCln, C:\USERS\ANGDE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A3DI4G9U.DEFAULT-1494659990001\PREFS.JS, Replaced, [14764], [301761],1.0.2892
PUP.Optional.MailRu, C:\USERS\ANGDE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CFOB9BVY.DEFAULT\SEARCHPLUGINS\MAILRU.XML, Delete-on-Reboot, [671], [384856],1.0.2892
PUP.Optional.SearchModule, C:\USERS\ANGDE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CFOB9BVY.DEFAULT\SEARCHPLUGINS\SMOD.XML, Delete-on-Reboot, [642], [242730],1.0.2892
PUP.Optional.Spigot, C:\USERS\ANGDE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CFOB9BVY.DEFAULT\SEARCHPLUGINS\YAHOO_FF.XML, Delete-on-Reboot, [640], [243427],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\background.html, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\background.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\modules.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\customScrollbar.css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\dialog.css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\general.css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\grid.css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\informers.css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\menu.css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\news.css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\searchbar.css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\slide.css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\splash.css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\suggests.css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\tabs.css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\themes.css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\dialog\close.v2.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-1.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-2.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-3.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\traffic\informers__traffic-jam.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\01.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\02.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\03.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\04.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\05.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\06.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\07.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\08.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\09.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\10.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\11.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-1.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-2.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-3.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-4.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-delete-hover.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-delete.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-edit-hover.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-edit.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-1.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-10.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-11.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-13.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-3.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-4.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-5.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-6.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-7.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-8.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-9.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\leather.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\wood.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\wood_2.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_cookies.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_fabric.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_flax.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_mosaic.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_wall.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-1.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-10.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-11.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-13.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-3.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-4.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-5.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-6.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-7.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-8.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-9.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\cookies.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\fabric.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\flax.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\leather.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\mosaic.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__arrow-left.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__arrow-right.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__theme-fade-ok.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__theme-fade-wrong.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wall.jpg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wood.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wood_2.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\calendar.mail.ru.jpeg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\games.mail.ru.jpeg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\mail.ru.jpeg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\news.mail.ru.jpeg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\torg.mail.ru.jpeg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\travel.mail.ru.jpeg, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\01.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\02.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\03.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\04.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\05.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\06.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\07.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\08.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\09.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\10.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\11.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\loading.gif, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\128x128.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\16x16.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\48x48.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\add_button.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\ajax_loader_mc.gif, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\clock.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\close.v2.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\cross.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\favicon.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\leftright.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\loader.gif, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\logo.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\logo_bg.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\multiauth.gif, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\no_photo.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\p-main_sub__gradient.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\pane-arrow.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\reg1.bg.v2.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\searchbar.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\searchbar__button.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\search_bg.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\sgmus.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slider-arrow.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\file-system.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\jquery-core.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\sqliteStorage.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\visibleTab.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\config\config.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\jquery-ui.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\jquery.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\knockout-2.2.1.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\suggests.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\drag_drop.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\edit-dialog.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\layout.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\remove-dialog.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\updates.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\currency.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\geo-monitoring.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\mail-counter.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\news.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\odnoklassniki-counter.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\searchbar.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\themes.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\traffic.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\weather.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\informer.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\pane.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\slider.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\tab-strip.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\sandbox\facade.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\utils\utils.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\google-analytics.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\main.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\manifest.json, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\visual-bookmarks.html, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\fx-metrics.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\loader.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\main.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\newtabhomepage.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\overlay.xul, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\Utils.js, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\locale\ru-RU\vbmail.dtd, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\locale\ru-RU\vbmail.properties, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\skin\overlay.css, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\skin\vb-logo.png, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\manifest.mf, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\mozilla.rsa, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\mozilla.sf, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome.manifest, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.MailRu, C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\install.rdf, Delete-on-Reboot, [671], [382903],1.0.2892
PUP.Optional.Search.ShrtCln, C:\USERS\ANGDE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CFOB9BVY.DEFAULT\PREFS.JS, Replaced, [14764], [301760],1.0.2892
PUP.Optional.Search.ShrtCln, C:\USERS\ANGDE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CFOB9BVY.DEFAULT\PREFS.JS, Replaced, [14764], [301761],1.0.2892
PUP.Optional.StartPage, C:\USERS\ANGDE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CFOB9BVY.DEFAULT\PREFS.JS, Replaced, [46], [332654],1.0.2892
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\AGPROXYCHECK, Delete-on-Reboot, [1162], [356709],1.0.2892
PUP.Optional.HDWallPaper, C:\WINDOWS\SYSTEM32\TASKS\HDWALLPAPER, Delete-on-Reboot, [110], [314835],1.0.2892
PUP.Optional.InitWin, C:\WINDOWS\SYSTEM32\TASKS\INITWIN, Delete-on-Reboot, [1169], [392636],1.0.2892
PUP.Optional.Goobzo.BITSRST, C:\WINDOWS\SYSTEM32\BI3.EXE, Delete-on-Reboot, [8132], [384278],1.0.2892
PUP.Optional.HDWallPaper, C:\WINDOWS\SYSTEM32\NETUTILS2016.DLL, Delete-on-Reboot, [110], [392467],1.0.2892
Trojan.SmartService, C:\WINDOWS\SYSTEM32\TPRDPW64.EXE, Delete-on-Reboot, [8740], [420471],1.0.2892
RiskWare.GameHack, D:\GAMES\WOLFENSTEIN\CRACK\STEAM_API64.DLL, Delete-on-Reboot, [450], [305544],1.0.2892
RiskWare.GameHack, D:\GAMES\WOLFENSTEIN\WOLFENSTEIN THE NEW ORDER\STEAM_API64.DLL, Delete-on-Reboot, [450], [305544],1.0.2892
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 26 September 2017 - 09:12 PM

Please stick with me until I declare you clean. There's still things to check :)

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Daggda

Daggda
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 27 September 2017 - 03:00 PM

Here is the Roguekiller log:

 

RogueKiller V12.11.17.0 (x64) [Sep 25 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : angde [Administrator]
Started from : C:\Users\angde\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 09/27/2017 11:35:16 (Duration : 01:07:15)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 11 ¤¤¤
[PUP.MailRU|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Mail.Ru -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\xs -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Amigo -> Deleted
[PUP.MailRU|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Mail.Ru -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Amigo -> Deleted
[PUP.MailRU|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Mail.Ru -> Deleted
[PUP.MailRU|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\AppDataLow\Software\Mail.Ru -> Deleted
[PUP.MailRU|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\AppDataLow\Software\Mail.Ru -> Deleted
[PUP.PCRegBoost] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D4FD61C1-0B3B-44D1-9BBF-12A14B0BF915}_is1 -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
 
¤¤¤ Tasks : 1 ¤¤¤
[PUP.Maskit] \MaskitAutorun -- C:\Program Files (x86)\Maskit\Maskit.exe -> Deleted
 
¤¤¤ Files : 7 ¤¤¤
[Adw.Yelloader][File] C:\Windows\System32\tprdpw64.exe -> Deleted
[PUP.OnlineIO][File] C:\Windows\SysWOW64\splsrv.exe -> Deleted
[PUP.Gen1][File] C:\$Recycle.Bin\S-1-5-21-1891659179-3385980120-3754613756-1001\$RTGVNS9.lnk [LNK@] C:\Windows\explorer.exe "http://go-search.ru/?utm_source=desktop" -> Deleted
[Adw.Wizzcaster][File] C:\Users\angde\Desktop\Rkill.txt -> Deleted
[PUP.Gen3][File] C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\searchplugins\mailru.xml -> Deleted
[PUP.Gen3][File] C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\searchplugins\smod.xml -> Deleted
[PUP.Gen3][File] C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\cfob9bvy.default\searchplugins\yahoo_ff.xml -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen2][Firefox:Addon] cfob9bvy.default : ?????????? ???????? @Mail.Ru [{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}] -> Deleted
[PUM.SearchEngine][Firefox:Config] a3di4g9u.default-1494659990001 : user_pref("browser.search.selectedEngine", ""); -> Deleted
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 6d8a8b5d8889eb117672b5fa1fd784ed
[BSP] bd2463d52363e55a5a167ced5af9dfa7 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 380772 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 780388352 | Size: 499 MB
4 - Basic data partition | Offset (sectors): 781410304 | Size: 572321 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
And the AdwCleaner log:
 
# AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 27 19:48:45 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: Dataup
 
 
***** [ Folders ] *****
 
Deleted: C:\Users\angde\AppData\Local\Поиcк в Интeрнете
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\llssoft
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft
Deleted: C:\Users\angde\AppData\Roaming\\SERVERTEST
Deleted: C:\ProgramData\2bdd1e68
 
 
***** [ Files ] *****
 
Deleted: C:\Windows\\rsrcs.dll
Deleted: C:\Windows\SysNative\NetUtils2016.dll
Deleted: C:\Users\angde\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
Deleted: C:\Windows\SysNative\bi3.exe
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Microsoft\Gosearchq
Deleted: [Key] - HKCU\Software\Microsoft\Gosearchq
Deleted: [Key] - HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Microsoft\Gosearch
Deleted: [Key] - HKCU\Software\Microsoft\Gosearch
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKCU\Software\Classes\Applications\interstatnogui.exe
Deleted: [Key] - HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\msaver
Deleted: [Key] - HKCU\Software\msaver
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKCU\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Xpom
Deleted: [Key] - HKCU\Software\Xpom
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [4475 B] - [2017/9/27 19:46:0]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 27 September 2017 - 05:46 PM

Awesome :) Now let's run a scan with FRST to see if there's anything left to remove.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Click on the Scan button
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Daggda

Daggda
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 27 September 2017 - 06:17 PM

Here is the content of FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01
Ran by angde (administrator) on BEAST (27-09-2017 16:08:47)
Running from C:\Users\angde\Desktop
Loaded Profiles: angde (Available Profiles: angde & Administrator)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\PixelMaster Video HDR\DriverMFTService.exe
(Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() D:\solidworks\SOLIDWORKS Electrical\server\EwServer.exe
(Mentor Graphics Corporation) D:\solidworks\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Mentor Graphics Corporation) D:\solidworks\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\update_notifier.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\angde\AppData\Local\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2015-12-29] (Pixart Imaging Inc)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ZAM] => "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [63272 2015-05-31] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1207808 2016-12-09] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Arc] => C:\Program Files (x86)\Arc\ArcLauncher.exe [414744 2017-07-26] (Perfect World Entertainment)
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-08-28] (Valve Corporation)
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\Run: [Vivaldi Update Notifier] => C:\Users\angde\AppData\Local\Vivaldi\Application\update_notifier.exe [3781240 2017-09-19] (Vivaldi Technologies AS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2016-09-20]
ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\Users\angde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-09-15]
ShortcutTarget: MEGAsync.lnk -> C:\Users\angde\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{238ab6ae-8ccd-4b5b-a40c-e6b8af37f03f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2429e835-fe97-4fac-8190-0d47ec0baad6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2429e835-fe97-4fac-8190-0d47ec0baad6}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2ef64218-a444-41de-a3db-713ee6548054}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{36e50320-a1e7-47a2-95c8-fe1291e99ab2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{36e50320-a1e7-47a2-95c8-fe1291e99ab2}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{71a3d8d6-223b-4f24-af1a-e73dc08649b9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{71a3d8d6-223b-4f24-af1a-e73dc08649b9}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{87a2a113-99b0-4578-b120-914a6c51b5a6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{87a2a113-99b0-4578-b120-914a6c51b5a6}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{be8deeba-70e5-11e7-82eb-806e6f6e6963}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1891659179-3385980120-3754613756-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-1891659179-3385980120-3754613756-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-1891659179-3385980120-3754613756-1001 -> {11375F77-F6B2-485F-802E-48682A05772F} URL = 
SearchScopes: HKU\S-1-5-21-1891659179-3385980120-3754613756-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRIEPlugin.dll => No File
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\plugins\ArcPluginIE.dll [2017-07-26] (Perfect World Entertainment Inc)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: a3di4g9u.default-1494659990001
FF ProfilePath: C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\a3di4g9u.default-1494659990001 [2017-09-27]
FF NewTab: Mozilla\Firefox\Profiles\a3di4g9u.default-1494659990001 -> 
FF Homepage: Mozilla\Firefox\Profiles\a3di4g9u.default-1494659990001 -> hxxps://www.google.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\a3di4g9u.default-1494659990001 -> type", 0
FF Extension: (Adblock Plus) - C:\Users\angde\AppData\Roaming\Mozilla\Firefox\Profiles\a3di4g9u.default-1494659990001\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\plugins\npArcPluginFF.dll [2017-07-26] (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1891659179-3385980120-3754613756-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\angde\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRChromePlugin.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2017-07-26] (Perfect World Entertainment Inc)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe [71168 2015-05-31] (ASUS Cloud Corporation) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-12] ()
S3 CoordinatorServiceHost; D:\solidworks\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [80792 2016-09-20] (Dassault Systèmes SolidWorks Corporation)
R2 DriverMFTService; C:\Program Files (x86)\Asus\PixelMaster Video HDR\DriverMFTService.exe [20992 2015-05-19] (ASUSTek Computer Inc.) [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-07-29] (EasyAntiCheat Ltd)
R2 ewserver; D:\solidworks\SOLIDWORKS Electrical\server\EwServer.exe [179208 2016-09-20] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372408 2017-07-06] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-10-06] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-21] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-17] (NVIDIA Corporation)
R2 RemoteSolverDispatcher; D:\solidworks\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [238848 2016-09-20] (Mentor Graphics Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2016-09-20] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2017-07-06] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-04-08] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [692680 2017-06-28] (Wacom Technology, Corp.)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-10-06] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-12-29] (ELECOM)
S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-12-29] (ELECOM)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-25] (Intel Corporation)
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2016-08-28] (HandSet Incorporated)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-27] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-27] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-27] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-27] (Malwarebytes)
R1 MpKsl8901565d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E9EA00E7-F8AD-4866-870F-7C7A286C5DC4}\MpKsl8901565d.sys [58120 2017-09-27] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3525896 2016-11-09] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_33462f669491c2ff\nvlddmkm.sys [15600248 2017-08-22] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-08-21] (NVIDIA Corporation)
S4 RsFx0310; C:\WINDOWS\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [762112 2015-10-13] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2015-12-29] ()
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-10-13] (Cisco Systems, Inc.)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [122512 2017-04-28] (Wacom Technology)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-09-24] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-02] (Zemana Ltd.)
S1 mazituxw; \??\C:\WINDOWS\system32\drivers\mazituxw.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-27 16:08 - 2017-09-27 16:08 - 000000000 ____D C:\Users\angde\Desktop\FRST-OlderVersion
2017-09-27 12:56 - 2017-09-27 12:56 - 000004131 _____ C:\Users\angde\Desktop\AdwCleaner[C0].txt
2017-09-27 12:44 - 2017-09-27 12:48 - 000000000 ____D C:\AdwCleaner
2017-09-27 12:43 - 2017-09-27 12:43 - 000007888 _____ C:\Users\angde\Desktop\RogueKillerLog.txt
2017-09-27 11:35 - 2017-09-27 11:35 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-27 11:34 - 2017-09-27 11:34 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-27 11:33 - 2017-09-27 11:34 - 026704968 _____ C:\Users\angde\Desktop\RogueKiller_portable64.exe
2017-09-26 18:29 - 2017-09-26 18:29 - 000068117 _____ C:\Users\angde\Desktop\malwareviruslist.txt
2017-09-26 12:06 - 2017-09-27 12:01 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-09-26 11:00 - 2017-09-27 15:19 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-26 11:00 - 2017-09-27 15:19 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-26 10:59 - 2017-09-27 15:19 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-26 10:59 - 2017-09-27 15:19 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-26 10:59 - 2017-09-26 10:59 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-26 10:59 - 2017-09-26 10:59 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-26 10:59 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-26 10:56 - 2017-09-26 11:00 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-09-26 10:30 - 2017-09-26 10:30 - 013290179 _____ C:\Users\angde\Downloads\mbar-1.10.1.1002-nr.exe
2017-09-25 13:20 - 2017-09-25 13:20 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\angde\Desktop\rkiller-unsigned.exe
2017-09-25 12:54 - 2017-09-25 12:55 - 000084726 _____ C:\Users\angde\Desktop\Addition.txt
2017-09-25 12:53 - 2017-09-27 16:09 - 000022896 _____ C:\Users\angde\Desktop\FRST.txt
2017-09-25 12:51 - 2017-09-27 16:08 - 000000000 ____D C:\FRST
2017-09-25 12:49 - 2017-09-27 16:08 - 002399744 _____ (Farbar) C:\Users\angde\Desktop\FRST64.exe
2017-09-25 11:28 - 2017-09-26 10:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-25 11:27 - 2017-09-26 10:35 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4156024F.sys
2017-09-25 11:26 - 2017-09-27 12:52 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-25 11:26 - 2017-09-26 10:43 - 000000000 ____D C:\Users\angde\Desktop\mbar
2017-09-25 11:19 - 2017-09-25 11:19 - 011599120 _____ (SurfRight B.V.) C:\Users\angde\Desktop\HitmanPro_x64.exe
2017-09-25 11:19 - 2017-09-25 11:19 - 008182736 _____ (Malwarebytes) C:\Users\angde\Desktop\AdwCleaner.exe
2017-09-25 11:17 - 2017-09-25 11:18 - 068408664 _____ (Malwarebytes ) C:\Users\angde\Downloads\mb3-setup-1878.1878-3.2.2.2029.exe
2017-09-25 11:04 - 2017-09-25 11:04 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-09-25 10:38 - 2017-09-27 15:21 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-25 10:37 - 2017-09-25 10:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2017-09-25 02:16 - 2017-09-25 10:19 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-09-25 02:15 - 2017-09-25 02:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\DBG
2017-09-25 00:32 - 2017-09-25 00:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2017-09-24 23:50 - 2017-09-24 23:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-09-24 23:46 - 2017-09-24 23:46 - 000000000 ____D C:\Users\Administrator\AppData\Local\Zemana
2017-09-24 23:43 - 2017-09-24 23:50 - 000001147 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-09-24 23:43 - 2017-09-24 23:43 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-09-24 23:27 - 2017-09-24 23:28 - 068408664 _____ (Malwarebytes ) C:\Users\angde\Downloads\mb3-setup-consumer-3.2.2.2029.exe
2017-09-24 23:25 - 2017-09-24 23:26 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1891659179-3385980120-3754613756-500
2017-09-24 23:25 - 2017-09-24 23:26 - 000000000 ___RD C:\Users\Administrator\OneDrive
2017-09-24 23:25 - 2017-09-24 23:25 - 000002389 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-24 23:17 - 2017-09-24 23:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DropboxOEM
2017-09-24 23:17 - 2017-09-24 23:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2017-09-24 23:16 - 2017-09-24 23:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2017-09-24 23:16 - 2017-09-24 23:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2017-09-24 23:16 - 2017-09-24 23:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\DropboxOEM
2017-09-24 23:15 - 2017-09-25 10:38 - 000000165 _____ C:\Users\Administrator\AppData\Roaming\sp_data.sys
2017-09-24 23:15 - 2017-09-25 10:35 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2017-09-24 23:15 - 2017-09-25 10:35 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\WTablet
2017-09-24 23:15 - 2017-09-25 00:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-09-24 23:15 - 2017-09-24 23:47 - 000000000 ____D C:\Users\Administrator
2017-09-24 23:15 - 2017-09-24 23:15 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2017-09-24 23:15 - 2017-09-24 23:15 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2017-09-24 23:15 - 2017-09-24 23:15 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-09-24 23:15 - 2017-09-24 23:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2017-09-24 23:15 - 2017-09-24 23:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2017-09-24 23:15 - 2017-09-24 23:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2017-09-24 23:15 - 2016-08-19 16:52 - 000000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2017-09-24 23:02 - 2017-09-24 23:03 - 154407184 _____ (Microsoft Corporation) C:\Users\angde\Downloads\mpam-fe.exe
2017-09-16 22:23 - 2017-09-16 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karmian
2017-09-16 22:22 - 2017-09-16 22:22 - 000594778 _____ (Karmian.org ) C:\Users\angde\Downloads\ps3merge-1-0-1-0.exe
2017-09-15 23:38 - 2017-09-16 21:53 - 000000000 ____D C:\Users\angde\Documents\MEGAsync Downloads
2017-09-15 23:33 - 2017-09-15 23:33 - 013314392 _____ (MEGA Limited) C:\Users\angde\Downloads\MEGAsyncSetup.exe
2017-09-15 23:33 - 2017-09-15 23:33 - 000001131 _____ C:\Users\angde\Desktop\MEGAsync.lnk
2017-09-15 23:33 - 2017-09-15 23:33 - 000000000 ____D C:\Users\angde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2017-09-15 23:33 - 2017-09-15 23:33 - 000000000 ____D C:\Users\angde\AppData\Local\MEGAsync
2017-09-15 23:33 - 2017-09-15 23:33 - 000000000 ____D C:\Users\angde\AppData\Local\Mega Limited
2017-09-15 15:17 - 2017-09-15 15:17 - 000221662 _____ C:\Users\angde\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2017-09-15 15:15 - 2017-09-15 15:15 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-09-15 15:01 - 2017-09-15 15:04 - 260623688 _____ (Apple Inc.) C:\Users\angde\Downloads\iTunes64Setup.exe
2017-09-15 14:53 - 2017-09-15 14:59 - 000000000 ____D C:\Program Files (x86)\Tansee iPhone Transfer SMS
2017-09-15 14:53 - 2017-09-15 14:53 - 000001253 _____ C:\Users\angde\Desktop\iPhone SMS.lnk
2017-09-15 14:53 - 2017-09-15 14:53 - 000000000 ____D C:\Users\angde\Documents\Tansee
2017-09-15 14:53 - 2017-09-15 14:53 - 000000000 ____D C:\Users\angde\AppData\Roaming\Apple Computer
2017-09-15 14:53 - 2017-09-15 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tansee iPhone Transfer SMS
2017-09-15 14:51 - 2017-09-15 14:53 - 011734568 _____ (Tansee, Inc. ) C:\Users\angde\Downloads\iDeviceMessageTransfer.exe
2017-09-12 22:43 - 2017-09-12 22:43 - 006476800 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-09-12 14:26 - 2017-09-12 14:26 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-09-12 14:24 - 2017-09-04 22:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 14:24 - 2017-09-04 22:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-12 14:24 - 2017-09-04 22:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-12 14:24 - 2017-09-04 22:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 14:24 - 2017-09-04 22:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 14:24 - 2017-09-04 22:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-12 14:24 - 2017-09-04 22:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-12 14:24 - 2017-09-04 22:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-12 14:24 - 2017-09-04 22:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 14:24 - 2017-09-04 22:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-12 14:24 - 2017-09-04 22:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-12 14:24 - 2017-09-04 22:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-12 14:24 - 2017-09-04 22:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 14:24 - 2017-09-04 22:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-12 14:24 - 2017-09-04 22:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-12 14:24 - 2017-09-04 22:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 14:24 - 2017-09-04 22:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-12 14:24 - 2017-09-04 22:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-12 14:24 - 2017-09-04 22:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-12 14:24 - 2017-09-04 22:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-12 14:24 - 2017-09-04 22:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-12 14:24 - 2017-09-04 22:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-12 14:24 - 2017-09-04 22:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-12 14:24 - 2017-09-04 22:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-12 14:24 - 2017-09-04 22:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 14:24 - 2017-09-04 22:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-12 14:24 - 2017-09-04 22:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-12 14:24 - 2017-09-04 22:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-12 14:24 - 2017-09-04 22:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-12 14:24 - 2017-09-04 21:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-12 14:24 - 2017-09-04 21:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 14:24 - 2017-09-04 21:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-12 14:24 - 2017-09-04 21:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-12 14:24 - 2017-09-04 21:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-12 14:24 - 2017-09-04 21:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-12 14:24 - 2017-09-04 21:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-12 14:24 - 2017-09-04 21:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-12 14:24 - 2017-09-04 21:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 14:24 - 2017-09-04 21:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-12 14:24 - 2017-09-04 21:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-12 14:24 - 2017-09-04 21:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-12 14:24 - 2017-09-04 21:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 14:24 - 2017-09-04 21:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-12 14:24 - 2017-09-04 21:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-12 14:24 - 2017-09-04 21:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 14:24 - 2017-09-04 21:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 14:24 - 2017-09-04 21:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 14:24 - 2017-09-04 21:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-12 14:24 - 2017-09-04 21:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-12 14:24 - 2017-09-04 21:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 14:24 - 2017-09-04 21:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-12 14:24 - 2017-09-04 21:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 14:24 - 2017-09-04 21:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-12 14:24 - 2017-09-04 21:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-12 14:24 - 2017-09-04 21:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-12 14:24 - 2017-09-04 21:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-12 14:24 - 2017-09-04 21:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 14:24 - 2017-09-04 21:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-12 14:24 - 2017-09-04 21:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-12 14:24 - 2017-09-04 21:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-12 14:24 - 2017-09-04 21:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 14:24 - 2017-09-04 21:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-12 14:24 - 2017-09-04 21:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-12 14:24 - 2017-09-04 21:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-12 14:24 - 2017-09-04 21:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-12 14:24 - 2017-09-04 21:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-12 14:24 - 2017-09-04 21:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-12 14:24 - 2017-09-04 21:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-12 14:24 - 2017-09-04 21:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 14:24 - 2017-09-04 21:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-12 14:24 - 2017-09-04 21:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 14:24 - 2017-09-04 21:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 14:24 - 2017-09-04 21:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-12 14:24 - 2017-09-04 21:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 14:24 - 2017-09-04 21:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-12 14:24 - 2017-09-04 21:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-12 14:24 - 2017-09-04 21:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 14:24 - 2017-09-04 21:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-12 14:24 - 2017-09-04 21:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-12 14:24 - 2017-09-04 21:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 14:24 - 2017-09-04 21:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 14:24 - 2017-09-04 21:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-12 14:24 - 2017-09-04 21:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 14:24 - 2017-09-04 21:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-12 14:24 - 2017-09-04 21:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 14:24 - 2017-09-04 21:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-12 14:24 - 2017-09-04 21:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 14:24 - 2017-09-04 21:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-12 14:24 - 2017-09-04 21:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 14:24 - 2017-09-04 21:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 14:24 - 2017-09-04 21:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-12 14:24 - 2017-09-04 21:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 14:24 - 2017-09-04 21:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 14:24 - 2017-09-04 21:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-12 14:24 - 2017-09-04 21:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 14:24 - 2017-09-04 21:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-12 14:24 - 2017-09-04 21:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 14:24 - 2017-09-04 21:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-12 14:24 - 2017-09-04 21:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-12 14:24 - 2017-09-04 21:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 14:24 - 2017-09-04 21:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 14:24 - 2017-09-04 21:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 14:24 - 2017-09-04 21:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-12 14:24 - 2017-09-04 21:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-12 14:24 - 2017-09-04 21:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-12 14:24 - 2017-09-04 21:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-12 14:24 - 2017-09-04 21:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-12 14:24 - 2017-09-04 21:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-12 14:24 - 2017-09-04 21:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-12 14:24 - 2017-09-04 21:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 14:24 - 2017-09-04 21:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-12 14:24 - 2017-09-04 21:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 14:24 - 2017-09-04 21:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-12 14:24 - 2017-09-04 21:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 14:24 - 2017-09-04 21:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-12 14:24 - 2017-09-04 21:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-12 14:24 - 2017-09-04 21:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 14:24 - 2017-09-04 21:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 14:24 - 2017-09-04 21:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-12 14:24 - 2017-09-04 21:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-12 14:24 - 2017-09-04 21:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-12 14:24 - 2017-09-04 21:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 14:24 - 2017-09-04 21:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-12 14:24 - 2017-09-04 21:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-12 14:24 - 2017-09-04 21:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-12 14:24 - 2017-09-04 21:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 14:24 - 2017-09-04 21:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-12 14:24 - 2017-09-04 21:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 14:24 - 2017-09-04 21:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 14:24 - 2017-09-04 21:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 14:24 - 2017-09-04 21:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 14:24 - 2017-09-04 21:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 14:24 - 2017-09-04 21:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-12 14:24 - 2017-09-04 21:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-12 14:24 - 2017-09-04 21:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-12 14:24 - 2017-09-04 21:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 14:24 - 2017-09-04 21:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-12 14:24 - 2017-09-04 21:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-12 14:24 - 2017-09-04 21:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-12 14:24 - 2017-09-04 21:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-12 14:24 - 2017-09-04 21:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-12 14:24 - 2017-09-04 21:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-12 14:24 - 2017-09-04 21:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-12 14:23 - 2017-09-04 22:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-12 14:23 - 2017-09-04 22:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-12 14:23 - 2017-09-04 22:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-12 14:23 - 2017-09-04 22:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-12 14:23 - 2017-09-04 22:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-12 14:23 - 2017-09-04 22:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 14:23 - 2017-09-04 22:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-12 14:23 - 2017-09-04 22:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-12 14:23 - 2017-09-04 22:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-12 14:23 - 2017-09-04 22:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-12 14:23 - 2017-09-04 22:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 14:23 - 2017-09-04 22:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-12 14:23 - 2017-09-04 22:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-12 14:23 - 2017-09-04 22:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-12 14:23 - 2017-09-04 22:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-12 14:23 - 2017-09-04 22:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-12 14:23 - 2017-09-04 22:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 14:23 - 2017-09-04 22:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-12 14:23 - 2017-09-04 22:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-12 14:23 - 2017-09-04 22:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-12 14:23 - 2017-09-04 22:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-12 14:23 - 2017-09-04 22:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-12 14:23 - 2017-09-04 22:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-12 14:23 - 2017-09-04 22:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 14:23 - 2017-09-04 22:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 14:23 - 2017-09-04 22:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-12 14:23 - 2017-09-04 22:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 14:23 - 2017-09-04 22:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-12 14:23 - 2017-09-04 22:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 14:23 - 2017-09-04 22:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-12 14:23 - 2017-09-04 22:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-12 14:23 - 2017-09-04 22:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 14:23 - 2017-09-04 21:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-12 14:23 - 2017-09-04 21:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 14:23 - 2017-09-04 21:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-12 14:23 - 2017-09-04 21:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-12 14:23 - 2017-09-04 21:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-12 14:23 - 2017-09-04 21:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 14:23 - 2017-09-04 21:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-12 14:23 - 2017-09-04 21:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-12 14:23 - 2017-09-04 21:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-12 14:23 - 2017-09-04 21:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-12 14:23 - 2017-09-04 21:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-12 14:23 - 2017-09-04 21:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-12 14:23 - 2017-09-04 21:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-12 14:23 - 2017-09-04 21:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-12 14:23 - 2017-09-04 21:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-12 14:23 - 2017-09-04 21:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-12 14:23 - 2017-09-04 21:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-12 14:23 - 2017-09-04 21:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 14:23 - 2017-09-04 21:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-12 14:23 - 2017-09-04 21:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 14:23 - 2017-09-04 21:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-12 14:23 - 2017-09-04 21:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-12 14:23 - 2017-09-04 21:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-12 14:23 - 2017-09-04 21:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-12 14:23 - 2017-09-04 21:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-12 14:23 - 2017-09-04 21:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 14:23 - 2017-09-04 21:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 14:23 - 2017-09-04 21:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-12 14:23 - 2017-09-04 21:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-12 14:23 - 2017-09-04 21:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-12 14:23 - 2017-09-04 21:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 14:23 - 2017-09-04 21:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 14:23 - 2017-09-04 21:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-12 14:23 - 2017-09-04 21:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 14:23 - 2017-09-04 21:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-12 14:23 - 2017-09-04 21:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-12 14:23 - 2017-09-04 21:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-12 14:23 - 2017-09-04 21:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-12 14:23 - 2017-09-04 21:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-12 14:23 - 2017-09-04 21:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-12 14:23 - 2017-09-04 21:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-12 14:23 - 2017-09-04 21:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 14:23 - 2017-09-04 21:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 14:23 - 2017-09-04 21:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 14:23 - 2017-09-04 21:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-12 14:23 - 2017-09-04 21:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-12 14:23 - 2017-09-04 21:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-12 14:23 - 2017-09-04 21:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-12 14:23 - 2017-09-04 21:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-12 14:23 - 2017-09-04 21:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 14:23 - 2017-09-04 21:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-12 14:23 - 2017-09-04 21:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 14:23 - 2017-09-04 21:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-12 14:23 - 2017-09-04 21:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-12 14:23 - 2017-09-04 21:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 14:23 - 2017-09-04 21:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-12 14:23 - 2017-09-04 21:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-12 14:23 - 2017-09-04 21:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 14:23 - 2017-09-04 21:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 14:23 - 2017-09-04 21:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-12 14:23 - 2017-09-04 21:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-12 14:23 - 2017-09-04 21:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-12 14:23 - 2017-09-04 21:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-12 14:23 - 2017-09-04 21:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-12 14:23 - 2017-09-04 21:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-12 14:23 - 2017-09-04 21:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-12 14:23 - 2017-09-04 21:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 14:23 - 2017-09-04 21:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-12 14:23 - 2017-09-04 21:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-12 14:23 - 2017-09-04 21:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-12 14:23 - 2017-09-04 21:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-12 14:23 - 2017-09-04 21:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-12 14:23 - 2017-09-04 21:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 14:23 - 2017-09-04 21:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-12 14:23 - 2017-09-04 21:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-12 14:23 - 2017-09-04 21:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-12 14:23 - 2017-09-04 21:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 14:23 - 2017-09-04 21:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-12 14:23 - 2017-09-04 21:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-12 14:23 - 2017-09-04 21:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 14:23 - 2017-09-04 21:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-12 14:23 - 2017-09-04 21:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-12 14:23 - 2017-09-04 21:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-12 14:23 - 2017-08-31 22:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-12 12:48 - 2017-04-19 19:04 - 000338400 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsBaStor.sys
2017-09-12 12:48 - 2017-04-13 19:12 - 000329184 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsP2Stor.sys
2017-09-12 11:36 - 2017-09-12 11:41 - 018445826 _____ C:\Users\angde\Downloads\0006-RtsXStor_10.0.370.162.zip
2017-09-11 00:39 - 2017-09-11 00:39 - 000000923 _____ C:\Users\Public\Desktop\Project64.lnk
2017-09-11 00:39 - 2017-09-11 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 2.3
2017-09-11 00:25 - 2017-09-11 00:25 - 025964544 _____ C:\Users\angde\Downloads\gtk-sharp-2.12.45.msi
2017-09-11 00:24 - 2017-09-11 00:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mono
2017-09-11 00:23 - 2017-09-11 00:23 - 000000000 ____D C:\Program Files\Mono
2017-09-11 00:20 - 2017-09-11 00:22 - 127275008 _____ C:\Users\angde\Downloads\mono-5.2.0.215-x64-0.msi
2017-09-11 00:19 - 2017-09-11 00:19 - 000000000 ____D C:\Users\angde\Documents\Visual Studio 2017
2017-09-11 00:19 - 2017-09-11 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-09-11 00:16 - 2017-09-11 00:16 - 000001499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2017-09-11 00:14 - 2017-09-11 00:20 - 000000000 ____D C:\Users\angde\AppData\Roaming\Visual Studio Setup
2017-09-11 00:14 - 2017-09-11 00:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-09-11 00:14 - 2017-09-11 00:14 - 000001361 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-09-11 00:14 - 2017-09-11 00:14 - 000000000 ____D C:\Users\angde\AppData\Roaming\vstelemetry
2017-09-11 00:14 - 2017-09-11 00:14 - 000000000 ____D C:\Users\angde\AppData\Local\ServiceHub
2017-09-11 00:12 - 2017-09-11 00:12 - 001069968 _____ (Microsoft Corporation) C:\Users\angde\Downloads\vs_community.exe
2017-09-07 13:04 - 2017-09-07 13:04 - 006112072 _____ (Apple, Inc.) C:\WINDOWS\system32\usbaaplrc.dll
2017-09-07 13:04 - 2017-09-07 13:04 - 000054784 _____ (Apple, Inc.) C:\WINDOWS\system32\Drivers\usbaapl64.sys
2017-09-05 21:03 - 2017-09-05 21:03 - 000000938 _____ C:\Users\angde\Desktop\Sonic Mania.lnk
2017-09-05 03:42 - 2017-09-12 14:35 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore
2017-09-05 00:59 - 2017-09-05 01:01 - 155532048 _____ (Microsoft Corporation) C:\Users\angde\Downloads\msert.exe
2017-09-04 01:01 - 2017-09-04 01:01 - 000000039 _____ C:\Users\angde\AppData\Local\kritadisplayrc
2017-09-02 22:05 - 2017-09-02 22:05 - 000000000 ____D C:\Users\angde\AppData\Roaming\NVIDIA
2017-08-29 13:42 - 2017-08-29 13:42 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-29 13:42 - 2017-08-21 16:10 - 006463424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-08-29 13:42 - 2017-08-21 16:10 - 002479224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-08-29 13:42 - 2017-08-21 16:10 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-08-29 13:42 - 2017-08-21 16:10 - 000549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-08-29 13:42 - 2017-08-21 16:10 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-08-29 13:42 - 2017-08-21 16:10 - 000082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-08-29 13:42 - 2017-08-21 16:10 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-08-29 13:42 - 2017-08-21 15:54 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-29 13:42 - 2017-08-19 00:10 - 008142301 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-08-29 13:42 - 2017-06-15 12:32 - 000541984 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-08-29 13:42 - 2017-06-15 12:32 - 000525088 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-08-29 13:42 - 2017-06-15 12:32 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-08-29 13:42 - 2017-06-15 12:32 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-08-29 13:39 - 2017-08-21 18:01 - 040240248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 035924600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 035314112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 029019072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 023132184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 018849456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 013782904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 012225984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 011692344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 010072768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 004210360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 004162496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 003712024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 003590592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438541.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 001597888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438541.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 001292096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 001008816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000972736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000690320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000617232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-08-29 13:39 - 2017-08-21 18:01 - 000057976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-08-29 13:39 - 2017-08-21 18:01 - 000046453 _____ C:\WINDOWS\system32\nvinfo.pb
2017-08-29 13:39 - 2017-08-21 18:01 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-08-29 13:39 - 2017-08-21 18:01 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-08-29 12:39 - 2017-08-29 12:39 - 000000000 ____D C:\Users\angde\AppData\Roaming\Bungie
2017-08-28 21:08 - 2017-08-28 21:08 - 000000063 _____ C:\Users\angde\AppData\Local\emaildefaults
2017-08-28 10:47 - 2017-08-25 03:51 - 004689939 _____ C:\Users\angde\Desktop\krita.exe
2017-08-28 10:46 - 2017-09-04 01:01 - 000015610 _____ C:\Users\angde\AppData\Local\kritarc
2017-08-28 10:46 - 2017-08-28 10:46 - 000000000 ____D C:\Users\angde\AppData\Roaming\krita
2017-08-28 10:40 - 2017-08-28 10:43 - 100515262 _____ C:\Users\angde\Downloads\krita-3.2.1-x64.zip
2017-08-28 00:05 - 2017-08-28 00:05 - 000000000 ____D C:\WINDOWS\Minidump
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-27 16:08 - 2017-07-02 12:45 - 000085783 _____ C:\WINDOWS\ZAM.krnl.trace
2017-09-27 16:08 - 2017-07-02 12:45 - 000049931 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-09-27 16:05 - 2017-07-24 19:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-27 15:28 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-27 15:28 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-27 15:24 - 2016-04-30 11:03 - 000000000 ____D C:\Users\angde\AppData\Local\CrashDumps
2017-09-27 15:23 - 2017-07-24 19:06 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-27 15:21 - 2017-08-26 14:51 - 000000000 ____D C:\Users\angde\AppData\Roaming\WTablet
2017-09-27 15:21 - 2017-08-08 09:55 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-09-27 15:21 - 2015-12-29 18:12 - 000000165 _____ C:\Users\angde\AppData\Roaming\sp_data.sys
2017-09-27 15:21 - 2015-12-29 18:12 - 000000000 __SHD C:\Users\angde\IntelGraphicsProfiles
2017-09-27 15:20 - 2017-07-24 19:03 - 001251872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-27 15:18 - 2017-07-24 19:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-27 15:18 - 2017-03-18 04:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-09-27 12:52 - 2017-05-12 23:20 - 000000000 ____D C:\Users\angde\AppData\Local\uxakh
2017-09-27 12:01 - 2017-07-24 19:37 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-09-27 00:15 - 2017-07-24 19:09 - 000000000 ____D C:\Users\angde
2017-09-26 20:41 - 2016-06-28 11:31 - 000000000 ____D C:\Users\angde\AppData\Local\ElevatedDiagnostics
2017-09-25 13:23 - 2017-07-02 12:45 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-09-25 11:08 - 2017-07-24 19:07 - 001535602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-25 11:04 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-24 23:32 - 2017-03-18 14:03 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-09-24 23:32 - 2017-03-18 14:03 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-09-24 23:15 - 2015-12-03 17:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-24 22:21 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Catroot2.old
2017-09-24 22:19 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-24 21:21 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-23 23:11 - 2015-12-29 19:31 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-23 11:14 - 2017-08-13 15:59 - 000002336 _____ C:\Users\angde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-09-23 11:14 - 2017-08-13 15:59 - 000002328 _____ C:\Users\angde\Desktop\Vivaldi.lnk
2017-09-23 11:14 - 2017-08-13 15:59 - 000000000 ____D C:\Users\angde\AppData\Local\Vivaldi
2017-09-22 01:13 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-21 21:31 - 2017-07-26 23:02 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1891659179-3385980120-3754613756-1001
2017-09-21 21:31 - 2015-12-29 18:15 - 000002369 _____ C:\Users\angde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-21 21:31 - 2015-12-29 18:15 - 000000000 ___RD C:\Users\angde\OneDrive
2017-09-15 15:14 - 2016-09-20 23:03 - 000000000 ____D C:\ProgramData\Apple
2017-09-13 23:58 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-12 22:43 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-12 22:43 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-12 21:26 - 2017-05-23 15:18 - 000000000 ____D C:\Users\angde\AppData\Local\Battle.net
2017-09-12 21:25 - 2017-05-23 15:08 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-12 16:42 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-12 14:35 - 2015-12-29 18:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 14:32 - 2015-12-29 18:51 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-12 12:59 - 2017-07-24 19:07 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-09-12 12:48 - 2015-12-03 18:09 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-09-12 11:12 - 2017-05-14 15:26 - 000000000 ____D C:\Users\angde\AppData\Roaming\qBittorrent
2017-09-11 00:29 - 2016-04-08 04:24 - 000000000 ____D C:\Program Files (x86)\GtkSharp
2017-09-11 00:19 - 2017-07-24 19:55 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-09-02 08:15 - 2017-03-18 14:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 08:15 - 2017-03-18 14:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-29 14:08 - 2017-07-24 19:06 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-29 13:47 - 2016-07-12 15:19 - 000000000 ____D C:\Program Files (x86)\Overwatch Test
2017-08-29 13:42 - 2017-07-24 19:05 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-29 13:42 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Help
2017-08-29 13:41 - 2017-07-24 19:05 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-29 13:33 - 2017-07-24 19:37 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2017-07-24 19:37 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2017-07-24 19:37 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2017-07-24 19:37 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2017-07-24 19:37 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2017-07-24 19:37 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2017-07-24 19:37 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2017-07-24 19:37 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-29 13:33 - 2016-10-27 10:44 - 000001491 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-08-28 00:05 - 2016-08-19 16:29 - 000455968 ____N C:\WINDOWS\Minidump\082817-27390-01.dmp
 
==================== Files in the root of some directories =======
 
2013-02-17 00:39 - 2013-02-17 00:39 - 000562152 _____ (UGD Software) C:\Program Files (x86)\VPNWatcher.exe
2011-11-28 15:09 - 2011-11-28 15:09 - 000019304 _____ () C:\Program Files (x86)\VPNWatcher.rtf
2015-12-29 18:12 - 2017-09-27 15:21 - 000000165 _____ () C:\Users\angde\AppData\Roaming\sp_data.sys
2016-09-29 14:59 - 2016-09-30 11:19 - 000000600 _____ () C:\Users\angde\AppData\Roaming\winscp.rnd
2017-08-28 21:08 - 2017-08-28 21:08 - 000000063 _____ () C:\Users\angde\AppData\Local\emaildefaults
2017-09-04 01:01 - 2017-09-04 01:01 - 000000039 _____ () C:\Users\angde\AppData\Local\kritadisplayrc
2017-08-28 10:46 - 2017-09-04 01:01 - 000015610 _____ () C:\Users\angde\AppData\Local\kritarc
2016-09-26 17:47 - 2016-10-03 21:45 - 000000600 _____ () C:\Users\angde\AppData\Local\PUTTY.RND
2017-05-28 13:15 - 2017-05-28 13:15 - 000003307 _____ () C:\Users\angde\AppData\Local\recently-used.xbel
2016-04-04 18:32 - 2016-04-15 17:00 - 000007598 _____ () C:\Users\angde\AppData\Local\Resmon.ResmonCfg
2016-09-29 14:30 - 2016-10-06 14:21 - 000000000 _____ () C:\Users\angde\AppData\Local\Temptable.xml
2017-07-24 19:07 - 2017-07-24 19:07 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2016-06-10 19:41 - 2016-06-10 19:41 - 000000016 _____ () C:\ProgramData\mntemp
 
Some files in TEMP:
====================
2017-09-27 11:34 - 2017-09-04 22:26 - 001930840 _____ (Microsoft Corporation) C:\Users\angde\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-19 22:59
 
==================== End of FRST.txt ============================
 
 
And the content of Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by angde (27-09-2017 16:09:54)
Running from C:\Users\angde\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-25 02:46:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1891659179-3385980120-3754613756-500 - Administrator - Enabled) => C:\Users\Administrator
angde (S-1-5-21-1891659179-3385980120-3754613756-1001 - Administrator - Enabled) => C:\Users\angde
DefaultAccount (S-1-5-21-1891659179-3385980120-3754613756-503 - Limited - Disabled)
Guest (S-1-5-21-1891659179-3385980120-3754613756-501 - Limited - Disabled)
maggo (S-1-5-21-1891659179-3385980120-3754613756-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.1 - Arduino LLC)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.027 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.30 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bayonetta (HKLM\...\Steam App 460790) (Version:  - PlatinumGames)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 9.1 - Codeusa Software)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.05017 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{0BEF117F-BEBD-4948-AF22-210D14736BEC}) (Version: 4.3.05017 - Cisco Systems, Inc.) Hidden
CodeBlocks (HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
CyberLink PhotoDirector 5 (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
Dark Souls: Prepare to Die Edition (HKLM\...\Steam App 211420) (Version:  - FromSoftware)
Dead Cells (HKLM\...\Steam App 588650) (Version:  - Motion Twin)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Dotfuscator and Analytics Community Edition 5.19.1 (HKLM-x32\...\{2A7F99F6-88A4-4B44-B350-41C0B147A39C}) (Version: 5.19.1.3091 - PreEmptive Solutions) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Furi (HKLM\...\Steam App 423230) (Version:  - The Game Bakers)
GDR 4213 for SQL Server 2014 (KB3070446) (64-bit) (HKLM\...\KB3070446) (Version: 12.1.4213.0 - Microsoft Corporation)
GDR 4232 for SQL Server 2014 (KB3194720) (64-bit) (HKLM\...\KB3194720) (Version: 12.1.4232.0 - Microsoft Corporation)
GDR 4237 for SQL Server 2014 (KB4019091) (64-bit) (HKLM\...\KB4019091) (Version: 12.1.4237.0 - Microsoft Corporation)
Gigantic (HKLM\...\Steam App 327690) (Version:  - Motiga Inc.)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Gtk# for .Net 2.12.45 (HKLM-x32\...\{0D038544-52B1-4F30-BAE1-46509B4A91A7}) (Version: 2.12.45 - Xamarin, Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{aa2c2346-d0c0-4d3e-9ab1-11a48b4cb9f3}) (Version: 19.20.3 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.5230.111 - Waves Audio Ltd.) Hidden
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\TUVUQUxHRUFSUklTSU5HUkVWRU5HRUFOQ0U=_is1) (Version: 1 - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BE00C353-3529-4C31-AED2-AE3598D2CD2B}) (Version: 12.1.4237.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{EDB86AFA-B3AA-45F6-BEEB-DA14A47FC1FB}) (Version: 12.1.4237.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.11.33287.817 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 2 (HKLM-x32\...\{04fa3a35-1f49-4510-8051-819cdc1e6e01}) (Version: 14.0.25123.0 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Mono for Windows (x64) (HKLM\...\{4E1962CC-0498-4DDE-8342-2C146738A4DA}) (Version: 5.2.0 - Xamarin, Inc.)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{13FE8B50-B340-4FDA-BB6E-AA1F5FAB8205}) (Version: 14.0.25123 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
NieR: Automata (HKLM-x32\...\NieR: Automata_is1) (Version:  - )
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.33 - ASUS)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
PS3Merge version 1.0.1.0 (HKLM-x32\...\PS3Merge_is1) (Version: 1.0.1.0 - Karmian.org)
qBittorrent 3.3.13 (HKLM-x32\...\qBittorrent) (Version: 3.3.13 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Resident Evil / biohazard HD REMASTER (HKLM\...\Steam App 304240) (Version:  - CAPCOM Co., Ltd.)
Resident Evil 0 HD Remaster (HKLM-x32\...\Resident Evil 0 HD Remaster_is1) (Version:  - )
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Roslyn Language Services - x86 (HKLM-x32\...\{289B0100-DE41-3E67-B7B0-98CB3AA72166}) (Version: 14.0.25125 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sleeping Dogs Definitive Edition version 1.0.0.0 (HKLM-x32\...\Sleeping Dogs Definitive Edition_is1) (Version: 1.0.0.0 - Mr DJ)
SOLIDWORKS 2016 x64 Edition SP02 (HKLM\...\{768F3B65-1695-47B7-9002-B11400CB111D}) (Version: 24.120.50 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2016 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20160-40200-1100-100) (Version: 24.2.0.50 - SolidWorks Corporation)
SOLIDWORKS Composer Player 2016 SP02 x64 Edition (HKLM\...\{8537E059-C18B-4DE6-AED6-CD9B90240C35}) (Version: 24.20.50 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2016 x64 Edition SP02 (HKLM\...\{BCB9F00D-D23D-465C-B7BB-629900B7FF51}) (Version: 16.2.0030 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Electrical 2016 SP02 x64 Edition (HKLM\...\{064914EF-A0D8-447D-8E5C-E888CA8FD467}) (Version: 24.20.50 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2016 SP02 x64 Edition  (HKLM\...\{0B7C2320-1D2F-42F1-9941-C88C6B7AB0D5}) (Version: 24.20.51 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2016 SP02 x64 Edition (HKLM\...\{DF6A3557-CE70-4357-81CF-E33CCB5E750D}) (Version: 24.20.50 - Dassault Systemes SolidWorks Corp) Hidden
Sonic Mania (HKLM-x32\...\{B01CBC6F-72DE-4658-95AD-2135F00A8695}_is1) (Version:  - SEGA)
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer 6.12.8 (HKLM-x32\...\Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer_is1) (Version: 6.12.8 - Tansee, Inc.)
Team Explorer for Microsoft Visual Studio 2015 Update 2 (HKLM-x32\...\{7932CD6F-86D3-3EE4-8A02-B954404D1FFC}) (Version: 14.95.25118 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{60890089-588B-4362-B9C5-A9C11D6E5DD1}) (Version: 1.8.9.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{937FE826-F9A3-46F2-A57E-4AB10E27484E}) (Version: 1.8.29.0 - Microsoft Corporation) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.3.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS)
univcredist (HKLM-x32\...\{2d9d4a60-1d22-46c1-84bb-1de04b4715d7}) (Version: 1.0.0.0 - Motiga)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Vanquish (HKLM-x32\...\Vanquish_is1) (Version:  - )
Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation)
Vivaldi (HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\Vivaldi) (Version: 1.12.955.36 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
VPN Watcher (HKLM-x32\...\{0F8B2A77-9740-4086-A037-93BAA30EB99E}) (Version: 2.0.4 - UGD Software)
VS Update core components (HKLM-x32\...\{6A878817-D626-305A-BE8D-94C93F70E27A}) (Version: 14.0.25123 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{0F2742A7-6A64-46A2-94AE-22F19808BE2F}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.23-1 - Wacom Technology Corp.)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.2.524 - ASUS Cloud Corporation)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinSCP 5.9.2 (HKLM-x32\...\winscp3_is1) (Version: 5.9.2 - Martin Prikryl)
WinX DVD Author 6.3.7 (HKLM-x32\...\WinX DVD Author_is1) (Version:  - DigiartySoft, Inc.)
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B06 - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-09-24] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWOW64\WSCM64.dll [2016-06-19] ()
ContextMenuHandlers1-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program Files (x86)\Movavi Video Suite 15\vcContext\vcContext.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-08-21] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-09-24] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program Files (x86)\Movavi Video Suite 15\vcContext\vcContext.dll -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05DBB694-8C12-48EF-9191-9DB3C8F1F88D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation)
Task: {0C6D3DE7-69C1-47CD-8ECE-0969E23D1BD9} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {142628DB-30C5-40D5-B3EE-23EFDE0DE240} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-17] (NVIDIA Corporation)
Task: {18EBB2D4-50A2-4759-AD04-2B2D618438DC} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-04-08] (Microsoft Corporation)
Task: {1FF7EE86-040A-4DF5-9BEB-44747E31C5DA} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {2198CD41-AFF0-44AE-96C3-F6C04266B9FD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-17] (NVIDIA Corporation)
Task: {294C09EA-AE44-439A-B78B-EC05477525E3} - System32\Tasks\{F0D0111C-559A-4642-B127-7DAB6921CDBC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Overwatch\Overwatch Launcher.exe" -d "C:\Program Files (x86)\Overwatch"
Task: {299520DA-CBA6-4304-8EAA-4D0075D6BBA5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {420BF431-608C-4D16-93E0-154D249CF2CC} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {52644F34-5D4D-46A6-8ABF-23591A22BB65} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {53CD6386-C6B2-4379-9CB6-74FD715D7957} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-09-02] ()
Task: {56DC319F-C455-4F33-ADCD-7233A46549E6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-17] (NVIDIA Corporation)
Task: {5BFE7A01-3455-46F7-8EE4-F45F35165866} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-09-02] ()
Task: {674DE2B8-3DF6-40FC-A861-233598B0BF9B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {68883ED2-2270-49F4-909B-2DCD3B6433DD} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-09-02] ()
Task: {6F9BA516-56E0-4D79-A587-856483FA63FD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {7A78C400-BCD7-4FEE-8A45-22259F9246B1} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {800A21B8-D7D7-45DB-807C-C45408A5FA89} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {831B9B8B-4B7E-4010-B246-1CB43D7291A6} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation)
Task: {8887F6CA-04FD-455B-AE16-A80370263879} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-06-09] (ASUS)
Task: {999C824B-59F2-4214-A402-00F63E2E7237} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {9C3D015B-6E5F-48B4-88D9-527FAB87FA3B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-07-29] (Realtek Semiconductor)
Task: {9E7B552F-0A86-4176-867E-8696EFC684F4} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {ACD0CA0E-C8A1-439E-8440-764A3059FE23} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {AD625EEA-33FF-4F57-9D5A-B4BD3A4B9AE0} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {AD70A279-6374-4D53-93BA-2073E6634267} - System32\Tasks\{8FD576C7-C1D4-4A87-A2F0-1DC3CC7D2FE6} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\AnonymizerGadget\uninstaller.exe"
Task: {B509B973-F69E-48C2-AA44-C74963664ACB} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-17] (NVIDIA Corporation)
Task: {BFD401B1-AC2C-442F-BC38-C9C9B9818547} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation)
Task: {CFEEB4A7-9B7C-44E3-8C2A-FAF8E729B145} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {DB06991F-B19E-42C9-9ECC-A5CED76FE8C2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {F059D487-7D69-45E7-8C03-5F290A34704A} - System32\Tasks\{84D5611C-D8EE-4E9D-93A5-5E3D70D2F50E} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Overwatch\Overwatch Launcher.exe" -d "C:\Program Files (x86)\Overwatch"
Task: {F238883B-3B44-45AD-A7FC-83ADA67F68B2} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2015-03-14] (Microsoft Corporation)
Task: {F244336C-E303-43E7-B87E-9D3C4E1E2C95} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {F56F0242-59E6-42D0-A802-9F5398FB15CF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-12] (Microsoft Corporation)
Task: {F72D7C21-EC5D-4BD1-8498-824B54A520CF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-27 10:44 - 2017-08-17 21:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-12-03 18:34 - 2014-04-14 19:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-09-01 02:49 - 2017-09-01 02:49 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-26 10:59 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-02-10 16:37 - 2016-09-20 23:42 - 000179208 _____ () D:\solidworks\SOLIDWORKS Electrical\server\EwServer.exe
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-07 13:09 - 2017-06-07 13:09 - 000598528 _____ () C:\Users\angde\AppData\Local\MEGAsync\ShellExtX64.dll
2016-06-19 15:02 - 2016-06-19 15:02 - 000727952 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2017-09-24 23:43 - 2017-09-24 23:43 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-08-26 14:42 - 2017-06-28 16:43 - 001658312 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-11-30 22:57 - 2016-11-30 22:57 - 000401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-12 16:55 - 2017-09-12 16:56 - 000020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-09-12 16:55 - 2017-09-12 16:55 - 029621760 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-16 18:24 - 2017-08-16 18:25 - 000358912 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-16 18:24 - 2017-08-16 18:25 - 002536448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-09-12 16:55 - 2017-09-12 16:56 - 020305920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-16 18:24 - 2017-08-16 18:25 - 002415104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-09-12 16:55 - 2017-09-12 16:55 - 003028992 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-02 11:58 - 2017-06-02 11:58 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-02 11:58 - 2017-06-02 11:58 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-16 18:24 - 2017-08-16 18:25 - 001370112 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-09-27 15:26 - 2017-09-27 15:27 - 026118656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-09-27 15:26 - 2017-09-27 15:27 - 009162240 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-08-28 14:41 - 2017-08-28 14:41 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2016-12-09 09:26 - 2016-12-09 09:26 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-06-09 21:25 - 2015-06-09 21:25 - 000035376 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-06-09 21:25 - 2015-06-09 21:25 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-06-24 02:07 - 2015-06-24 02:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-10-27 10:44 - 2017-08-17 21:36 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-23 11:14 - 2017-09-19 20:26 - 003111032 _____ () C:\Users\angde\AppData\Local\Vivaldi\Application\1.12.955.36\libglesv2.dll
2017-09-23 11:14 - 2017-09-19 20:26 - 000087672 _____ () C:\Users\angde\AppData\Local\Vivaldi\Application\1.12.955.36\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\adb.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\AdbWinApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\AdbWinUsbApi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\is-6JGEH.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\WLXPGSS.SCR:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ibtsiva.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nikcommonapisrv.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\pdfcmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vsjitdebugger.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsjitdebugger.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSCM32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSCM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\massfilter_hs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\viahsets.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\viahsser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpnva64-6.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\zghsnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\zghsser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\364.51-notebook-win10-64bit-international-whql.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\angde\Downloads\364.51-notebook-win10-64bit-international-whql.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\7z1600-x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\7z1600-x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\aimer-dvd-creator_full242.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\aimer-dvd-creator_full242.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\anyconnect-win-4.2.05015-pre-deploy-k9.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\anyconnect-win-4.2.05015-pre-deploy-k9.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\ccsetup516.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\ccsetup516.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\clown_CLIPCHAMP_keep.webm:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\clown_CLIPCHAMP_keep.webm:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\cmd_fw_installer_6113_c7.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\angde\Downloads\cmd_fw_installer_6113_c7.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\codeblocks-16.01mingw-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\codeblocks-16.01mingw-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\DVDFab9303.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\DVDFab9303.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\FreemakeVideoConverterSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\FreemakeVideoConverterSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\GeForce_Experience_v3.0.7.34.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\GeForce_Experience_v3.0.7.34.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\MovaviVideoSuiteSetupFjw1o.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\MovaviVideoSuiteSetupFjw1o.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\OriginThinSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\OriginThinSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\pcsx2-1.4.0-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\pcsx2-1.4.0-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\SetupDVDDecrypter_3.5.4.0.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\shotcut-win64-160501.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\shotcut-win64-160501.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\SolidWorksSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\SolidWorksSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\UCI:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\UCI:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\UnityDocumentationSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\UnityDownloadAssistant-5.3.1f1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\UnityDownloadAssistant-5.3.1f1.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\UnitySetup-Windows-Support-for-Editor-5.3.1f1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\UnitySetup64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\UnityStandardAssetsSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\UnityWebPlayerDevelopment.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\video-converter-free_setup_full1129.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\video-converter-free_setup_full1129.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\vlc-2.2.3-win32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\vlc-2.2.3-win32.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\windows-dvd-maker-new(1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\windows-dvd-maker-new(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\windows-dvd-maker-new.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\windows-dvd-maker-new.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\WinSCP-5.9.2-Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\WinSCP-5.9.2-Setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\winx-dvd-author.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\winx-dvd-author.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\Downloads\wlsetup-web.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Downloads\wlsetup-web.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\angde\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\angde\Documents\document.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\angde\Documents\document.pdf:$CmdZnID [26]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 04:04 - 2017-05-12 23:16 - 000001036 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 wemsofts.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\angde\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{52ce8f15-caaf-446b-a147-482808652229}.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2016 Fast Start.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "ROGNB"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "BrowserPlugInHelper"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "Arc"
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\StartupApproved\Run: => "#KI0A8&+t7.exe"
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\StartupApproved\Run: => "sxcoyl"
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CA0F78C0-D9E1-45CC-817D-DB9B8F49EDFF}] => (Block) D:\games\wolfenstein\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [{2BB5B0AE-8C5D-4341-A2AF-AB40458FD5BF}] => (Block) D:\games\wolfenstein\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{093D4A6C-B832-4BB7-89E3-67EFC2B9AEB3}D:\games\wolfenstein\wolfenstein the new order\wolfneworder_x64.exe] => (Allow) D:\games\wolfenstein\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{E39249A1-6E49-423A-8CE7-0AB2304FD8DF}D:\games\wolfenstein\wolfenstein the new order\wolfneworder_x64.exe] => (Allow) D:\games\wolfenstein\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [{B526F19A-3CA9-4A9A-A957-84CC4C13D175}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Cells\deadcells.exe
FirewallRules: [{B4188018-3CE1-46C8-B6B7-871FCB6B21A5}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Cells\deadcells.exe
FirewallRules: [{07D74B77-BD03-4103-85FA-33D206829D33}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{E68B7C98-EECC-457B-94F1-D78305569A07}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{8DCB90A4-DC84-4611-BEC4-305EAE11975E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6C2E4140-E8B1-43BB-94D6-FDFFDFFF2D6E}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [UDP Query User{C7514A67-744B-4CB2-A27E-0DA78D64EBC9}D:\games\starcraft\starcraft.exe] => (Allow) D:\games\starcraft\starcraft.exe
FirewallRules: [TCP Query User{FE2FB77E-72F1-46C9-BF9E-C84DC6EA7E45}D:\games\starcraft\starcraft.exe] => (Allow) D:\games\starcraft\starcraft.exe
FirewallRules: [UDP Query User{06E97C8E-D401-4412-A2E3-D7BF443A8EC4}D:\games\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{1A862463-280F-468A-8AF2-3E4C3C5FC229}D:\games\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AA967E15-68AE-43E2-B1EF-748A60AE50F1}C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [TCP Query User{9129A1C7-C312-439A-A814-46A4EF77C1C9}C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [{5B135755-AE47-4A69-8F23-570814AED057}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [UDP Query User{C3E48398-186A-457E-8A8E-88F974CAA5F0}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [TCP Query User{3B3BC018-CC7A-49E0-82B6-2DEDCF17B0B0}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [{9D4738C4-F4B5-4A0D-AD62-96012FE314D9}] => (Allow) D:\SteamLibrary\steamapps\common\Bayonetta\Bayonetta.exe
FirewallRules: [{302FCA18-5A21-488D-8342-D1560709382D}] => (Allow) D:\SteamLibrary\steamapps\common\Bayonetta\Bayonetta.exe
FirewallRules: [UDP Query User{1E25A27D-2BA7-4E5D-AE47-3C12D3D1B8BC}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{A344A21E-F80F-42D0-AA1F-8B767C881A90}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{98E11A9A-29ED-4B73-9263-4BE8F1EC9F99}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{81BDDC9A-6054-4007-B77B-EB8C0ACE2E05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FDB3A506-1571-4374-9B15-F74586F64BCC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F199D154-1605-4AB7-9961-C796C44B5644}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{01B902DF-0C89-471C-8908-8FA8E43EE5A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{BD20D2D4-745A-48DF-8445-832D71F54E63}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{AB8C796E-02B7-4C79-B50A-4DF75FDBF406}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{0750CE55-19E4-4CDA-86E9-41C5E062C53F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Furi\Furi.exe
FirewallRules: [{76F48BA2-92E9-40B3-91DB-DA58B8FA31ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Furi\Furi.exe
FirewallRules: [{6785D6B5-BA41-40FE-8082-10A1E4D208C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{DA70A942-7F8B-42A3-93A0-8B8876CD3093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{703A1345-ED8E-4508-A817-6C3B462F515B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A3258BD3-2DF3-46A1-B49B-AA7E8BF7E85D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{439757C5-2325-4CC8-965A-EB3077DC5D8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil Biohazard HD REMASTER\bhd.exe
FirewallRules: [{6E33D6A4-832B-47AC-93F4-602E880B79D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil Biohazard HD REMASTER\bhd.exe
FirewallRules: [{792FA98E-F867-430E-B8AC-5C3EC7A81599}] => (Allow) D:\solidworks\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{484A38D4-66BC-4904-B4BE-1A215A81A42B}] => (Allow) D:\solidworks\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{8C3B8272-837D-4ACE-8C73-363CEEC2783C}] => (Allow) C:\Games\Sleeping Dogs Definitive Edition\Mr DJ\Sleeping Dogs Definitive Edition\sdhdship.exe
FirewallRules: [{9035E0C3-65A9-49B4-A974-80445A892CEF}] => (Allow) C:\Games\Sleeping Dogs Definitive Edition\Mr DJ\Sleeping Dogs Definitive Edition\sdhdship.exe
FirewallRules: [{F7DC7A4E-C000-463C-9496-015AA67E51ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{20794769-6B9F-4B6B-9042-09E600BD5438}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{EEB76B10-0A85-4715-8A3B-8CB9CA23D9DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{811EAEFE-6E23-4EE8-969E-C465A2109390}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AE4576AA-37E6-47C9-BCA4-0DB2A369B16F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{E6EE9F02-B950-4CC7-9D6B-AA27F16C1FAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{C55C370E-50B5-4FE9-A5C4-09002CF3A9F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{523A62FB-E1C1-4948-B63D-53CBE30BE9FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{65D175CA-AB27-480F-BFEE-9EA32589FC1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F11CDEED-9FF5-43C2-B637-542211F5B0E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{88992AED-6E1C-47FE-B171-00FCAAC99D08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{BC93931A-652E-4EE3-9778-4F17F024C29C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{DFCCFA30-A6FA-4A3B-89CE-5BC1C55FBB0A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C45967A9-E67C-4BA9-9810-4C50F3947275}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5EB981F0-DCA0-4DEF-BF83-ACF4CE00BB2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{331C9A67-0F51-4837-BF44-9C85C10101E2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{18822B01-3C3B-4391-A2B8-FCBA380B1563}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A226220C-CD52-4F9B-B3B7-772528BB5A65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{54CC7DFC-5CB1-4949-8ACD-AFBED84A9BF7}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{685EB404-A0EA-4680-9C82-C7A326DBDB22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{AE472112-52C5-42EE-953D-71F29817576D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{124DDCEC-C56C-4C29-8FA7-77A286DD51BF}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{C62258BF-C5BE-44D9-B7BF-21E325AD1AF7}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{40DA75B5-0BAC-4C27-8E1B-FDAAB9AAE4BF}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [{AE8FB190-D0E2-4029-B1E3-78A413667414}] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [{BBAD6C73-7F2E-4455-BC70-3FE54DCD8380}] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{F6D643DC-C1BA-4593-9C22-7F869F8162EF}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{9EBC96B4-5F06-45D1-9A53-3254857CD80E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{9B7AA1EF-6AE7-4F93-B017-6BD51FCB683F}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{BD2CE9BB-EB64-4C79-BF73-AE4D457CC5F5}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{040F7E60-DCD0-4973-AFF3-4D808F5A33B1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E849B758-12EE-4F17-BBAC-F33344EC5821}] => (Allow) LPort=2869
FirewallRules: [{205A46CD-3DFC-4D88-9909-3BC610EEDA62}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2981871C-FC59-4992-9831-97BDC0375655}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{0370BDB9-3EA5-46FA-9589-0473F0C848AB}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{FA455E53-016A-4695-AB90-CD954A94FB4E}] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{0E83E13D-60BE-439B-A907-391BD41B0B3B}] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{763346AF-8043-4B81-B924-F2B1050ACD4E}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{6CCC83DA-02A1-4F1A-8762-B65921830208}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{74099250-D518-4393-A5A9-D89933E55D4C}] => (Block) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{D94EEDA7-268B-492F-AB19-BA095E0FFEB9}] => (Block) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{C4EE7051-BCA5-4693-9CE8-69FD3A1E5DE2}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{F6B120F1-1B70-40C5-8C65-68AD8AF2871F}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{A29BBC06-A2C7-4066-9FDF-E9E3F22C50C7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75CE1CAA-D0F9-43B7-8AAD-4F255FD7EDED}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{20AFBA8E-8E8F-49EA-B992-E950D0780F4C}] => (Allow) D:\SteamLibrary\steamapps\common\Gigantic\ArcSteamHelper.exe
FirewallRules: [{A76FBF1B-A246-432E-B3BF-A5C227CBE97D}] => (Allow) D:\SteamLibrary\steamapps\common\Gigantic\ArcSteamHelper.exe
FirewallRules: [{6A784192-B52B-45B6-9865-32F2DB425390}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{62B64573-C67E-4F92-97EB-8BA6602E89F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2A29EEE7-AFF6-4DF2-A9A8-D55263D45624}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3C9FABBC-D689-4C43-98FF-269CB4F2B6DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{48950B28-4498-414D-8AA6-D3BCCF8BB311}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1B5BFD09-CC4B-4305-A736-E21A0E8DA05D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{1357EC00-C4FD-4BC3-B9F8-63BAA2D18722}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [UDP Query User{A1254681-5B31-4732-9305-81170985AC1C}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [TCP Query User{58DB5878-3EDA-4D66-905C-173455D2AE37}D:\steamlibrary\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe
FirewallRules: [UDP Query User{2300DEEF-1A2E-4234-AA8F-60F88D984A33}D:\steamlibrary\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe
FirewallRules: [TCP Query User{A03C18FB-5158-44F2-BDDD-69F9A9FD5AA4}D:\games\destiny 2\destiny 2\destiny2.exe] => (Allow) D:\games\destiny 2\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{5540B97B-5D88-4697-A2AD-2C9C00CB619E}D:\games\destiny 2\destiny 2\destiny2.exe] => (Allow) D:\games\destiny 2\destiny 2\destiny2.exe
FirewallRules: [{18026E39-C8B6-46AF-BE2C-81536B0350B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C7764519-A3FE-4EEB-9418-5C1C591A1106}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{89F091F9-3E3D-4313-9BBE-39C5B1D05E33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [TCP Query User{6E441F48-E545-494E-B581-D7CF5E2D6730}C:\users\angde\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\angde\appdata\local\vivaldi\application\vivaldi.exe
FirewallRules: [UDP Query User{44CDFFEA-B9A9-402E-B06D-94B2CF7C3C23}C:\users\angde\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\angde\appdata\local\vivaldi\application\vivaldi.exe
 
==================== Restore Points =========================
 
11-09-2017 00:28:43 Installed Gtk# for .Net 2.12.45
15-09-2017 15:08:26 Removed Bonjour
23-09-2017 23:38:30 Scheduled Checkpoint
26-09-2017 10:42:47 Malwarebytes Anti-Rootkit Restore Point
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/27/2017 03:24:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: win32u.dll, version: 10.0.15063.608, time stamp: 0xd9592a17
Exception code: 0xcfffffff
Fault offset: 0x0000000000001144
Faulting process id: 0x2db8
Faulting application start time: 0x01d337df4f6173a5
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\System32\win32u.dll
Report Id: aa40bd6e-d3c7-4575-a4e7-a904d2fa25e5
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (09/27/2017 12:42:26 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003
 
Error: (09/27/2017 11:26:10 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files\Mono\lib\mono\4.5\nunit-console.exe".Error in manifest or policy file "C:\Program Files\Mono\lib\mono\4.5\nunit-console.exe.Config" on line 1.
Invalid Xml syntax.
 
Error: (09/27/2017 11:24:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/27/2017 11:24:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/27/2017 12:13:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BEAST)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.15063.608_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
Error: (09/26/2017 06:41:53 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files\Mono\lib\mono\4.5\nunit-console.exe".Error in manifest or policy file "C:\Program Files\Mono\lib\mono\4.5\nunit-console.exe.Config" on line 1.
Invalid Xml syntax.
 
Error: (09/26/2017 06:40:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/26/2017 06:40:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/26/2017 06:32:39 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files\Mono\lib\mono\4.5\nunit-console.exe".Error in manifest or policy file "C:\Program Files\Mono\lib\mono\4.5\nunit-console.exe.Config" on line 1.
Invalid Xml syntax.
 
 
System errors:
=============
Error: (09/27/2017 03:20:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/27/2017 03:20:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/27/2017 03:20:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/27/2017 03:20:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/27/2017 03:19:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error Code: 258
 
Error: (09/27/2017 03:19:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZeroConfigService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/27/2017 03:19:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ZeroConfigService service to connect.
 
Error: (09/27/2017 03:18:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (09/27/2017 03:18:10 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The SOLIDWORKS Electrical Collaborative Server service has reported an invalid current state 0.
 
Error: (09/27/2017 03:10:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-09-27 15:23:57.336
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-27 15:23:43.252
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-27 15:23:42.403
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-27 15:23:42.135
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-27 15:17:49.239
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-27 15:17:46.149
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-27 15:17:45.906
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-27 15:17:45.756
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-27 15:15:17.510
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-27 15:15:13.250
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 43%
Total physical RAM: 8081.01 MB
Available physical RAM: 4533.47 MB
Total Virtual: 14993.01 MB
Available Virtual: 10842.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:111.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:39.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5FF57405)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 27 September 2017 - 06:57 PM

Almost done.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply
How's your system behaving now? Are there any other issues to address?

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Daggda

Daggda
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 27 September 2017 - 07:22 PM

As of now, my issues were addressed. tprdpw64.exe and ndistpr64.sys are no longer present in my computer's system32 folder. Antivirus programs are working again without the "The requested resource is in use" message. Thanks for the help, Aura. 

 

Contents of the fixlog: 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by angde (27-09-2017 17:01:21) Run:1
Running from C:\Users\angde\Desktop
Loaded Profiles: angde (Available Profiles: angde & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
S1 mazituxw; \??\C:\WINDOWS\system32\drivers\mazituxw.sys [X]
 
Task: {AD70A279-6374-4D53-93BA-2073E6634267} - System32\Tasks\{8FD576C7-C1D4-4A87-A2F0-1DC3CC7D2FE6} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\AnonymizerGadget\uninstaller.exe"
Task: {DB06991F-B19E-42C9-9ECC-A5CED76FE8C2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F059D487-7D69-45E7-8C03-5F290A34704A} - System32\Tasks\{84D5611C-D8EE-4E9D-93A5-5E3D70D2F50E} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Overwatch\Overwatch Launcher.exe" -d "C:\Program Files (x86)\Overwatch"
 
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\StartupApproved\Run: => "#KI0A8&+t7.exe"
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\...\StartupApproved\Run: => "sxcoyl"
 
C:\Program Files (x86)\AnonymizerGadget
C:\ProgramData\mntemp
C:\Users\angde\AppData\Roaming\sp_data.sys
 
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\System\CurrentControlSet\Services\mazituxw => key removed successfully
mazituxw => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD70A279-6374-4D53-93BA-2073E6634267} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD70A279-6374-4D53-93BA-2073E6634267} => key removed successfully
C:\WINDOWS\System32\Tasks\{8FD576C7-C1D4-4A87-A2F0-1DC3CC7D2FE6} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8FD576C7-C1D4-4A87-A2F0-1DC3CC7D2FE6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB06991F-B19E-42C9-9ECC-A5CED76FE8C2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB06991F-B19E-42C9-9ECC-A5CED76FE8C2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F059D487-7D69-45E7-8C03-5F290A34704A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F059D487-7D69-45E7-8C03-5F290A34704A} => key removed successfully
C:\WINDOWS\System32\Tasks\{84D5611C-D8EE-4E9D-93A5-5E3D70D2F50E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84D5611C-D8EE-4E9D-93A5-5E3D70D2F50E} => key removed successfully
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\#KI0A8&+t7.exe => value removed successfully
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\#KI0A8&+t7.exe => value not found.
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\sxcoyl => value removed successfully
HKU\S-1-5-21-1891659179-3385980120-3754613756-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sxcoyl => value not found.
"C:\Program Files (x86)\AnonymizerGadget" => not found.
C:\ProgramData\mntemp => moved successfully
C:\Users\angde\AppData\Roaming\sp_data.sys => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32841258 B
Java, Flash, Steam htmlcache => 11609 B
Windows/system/drivers => 203504609 B
Edge => 2348532 B
Chrome => 0 B
Firefox => 40062785 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 32802 B
NetworkService => 6589740 B
angde => 845238448 B
Administrator => 26096571 B
 
RecycleBin => 17691952174 B
EmptyTemp: => 17.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:03:50 ====

 

 

#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 27 September 2017 - 07:46 PM

Awesome!

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Check the following options :
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Once all the options mentionned above are checked, click on Run
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eF2jhaz.pngUCheck, eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.Anti-Virus, Anti-Malware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (which also includes an Anti-Virus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Anti-VirusAnti-Malware
  • j1Bynr2.pngMalwarebytes - Has both a free and paid version. The Premium version of Malwarebytes also offers Exploit and Ransomware protection, for a complete package of: Malware, Web, Exploit and Ransomware protection
  • S2NFpNw.pngHitmanPro 3 - Free 30 day trial
  • ncqvIpu.pngZemana AntiMalware - Free 30 day trial
Firewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages)
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :The End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Daggda

Daggda
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 27 September 2017 - 07:59 PM

I don't have any further questions, thanks for the recommendations and assistance, Aura. 

 

Contents of DelFix.txt:

 

# DelFix v1.013 - Logfile created 27/09/2017 at 17:54:05
# Updated 17/04/2016 by Xplode
# Username : angde - BEAST
# Operating System : Windows 10 Home  (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\angde\Desktop\FRST-OlderVersion
Deleted : C:\Users\angde\Desktop\mbar
Deleted : C:\Users\angde\Desktop\Addition.txt
Deleted : C:\Users\angde\Desktop\AdwCleaner.exe
Deleted : C:\Users\angde\Desktop\AdwCleaner[C0].txt
Deleted : C:\Users\angde\Desktop\Fixlog.txt
Deleted : C:\Users\angde\Desktop\FRST.txt
Deleted : C:\Users\angde\Desktop\FRST64.exe
Deleted : C:\Users\angde\Desktop\rkiller-unsigned.exe
Deleted : C:\Users\angde\Desktop\RogueKillerLog.txt
Deleted : C:\Users\angde\Desktop\RogueKiller_portable64.exe
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #18 [Installed Gtk# for .Net 2.12.45 | 09/11/2017 07:28:43]
Deleted : RP #22 [Removed Bonjour | 09/15/2017 22:08:26]
Deleted : RP #23 [Scheduled Checkpoint | 09/24/2017 06:38:30]
Deleted : RP #24 [Malwarebytes Anti-Rootkit Restore Point | 09/26/2017 17:42:47]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 27 September 2017 - 08:30 PM

No problem Daggda, you're welcome!

Stay safe :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 27 September 2017 - 08:31 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users