Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with several malware, adware, roots


  • This topic is locked This topic is locked
30 replies to this topic

#1 ShadowBorne

ShadowBorne

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 13 October 2017 - 12:01 AM

First of all, thank you to whomever is able to help me out. I was extremely careless and while multitasking I just clicked an .exe that was supposed to be plug-ins and fonts and such for Photoshop and it started a chain of auto installs and popups/redirects from chrome. I immediately unplugged my ethernet and tried to manually uninstall whatever I saw and use the useless windows defender threat cleaner. After I felt safe enough I plugged back in and nothing was force installed or popping up so I reset chrome settings to defaults, installed some known virus removal from here (malwarebytes, adwcleaner) nothing scary or unknown to me. I even tried hitmanpro to anyone familiar with it. I removed what I could but I still see processes that I don't recognize, as well as files I cannot access, random unrecognizable .exes or dlls in my sys32 and this all goes beyond my limited knowledge so I came to the best place I know for answers. here are my FRST logs.

 

Logs

Everytime I paste the FRST and the Addition it says I donot have permission to do that

 

Edit: here is the pastebin for FRST.txt

https://pastebin.com/Q6f7RAfu

 

pastebin for Addition.txt

https://pastebin.com/qEizTaeg

 

Thank you so much in advance for all the help. I am willing to try whatever is needed to ensure there isn't anything fishy left on this machine. I just wanna note that I tried a system restore from 10/10 and the recovery doesn't even open up when I try to do a restore (I assume something is blocking this) This virus(s) happened around 4pm central time on 10/11 if that helps at all.
 
Thank you again,
SB

Edited by ShadowBorne, 13 October 2017 - 12:09 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 17 October 2017 - 05:41 PM

ShadowBorneGreetings ShadowBorne and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please run a fresh FRST scan. If you are still unable to copy and paste the information in your reply then attach the reports to your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 ShadowBorne

ShadowBorne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 17 October 2017 - 08:32 PM

Hey Gary, thanks for the response, and since we are "friends" I guess you can call me Abdullah :)
 
Alright so I ran FRST again, and here are fresh FRST and Addition txts attached. Can't wait to hear back from you man, thanks again for all the help!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2017
Ran by Adiga (administrator) on DESKTOP-8DJCF1C (17-10-2017 20:27:39)
Running from C:\Users\Adiga\Desktop\clean
Loaded Profiles: Adiga (Available Profiles: Adiga)
Platform: Windows 10 Home Version 1703 170317-1834 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\dtnvplgsvc.exe
(Interezen. Co., Ltd.) C:\Program Files (x86)\IPinside_LWS\I3GMainSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Plex, Inc.) G:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
Failed to access process -> Battle.net.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Wizvera) C:\Program Files (x86)\Wizvera\Delfino-G3\delfino.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe
(Interezen. Co., Ltd.) C:\Program Files (x86)\IPinside_LWS\I3GProc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\LicensingUI.exe
(iniLINE Co., Ltd.) C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9229280 2017-05-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [18299088 2017-05-26] (Corsair Components, Inc.)
HKLM-x32\...\Run: [wizvera-veraport] => C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe [1721008 2016-11-28] (WIZVERA)
HKLM-x32\...\Run: [wizvera-delfino-pc] => C:\Program Files (x86)\Wizvera\Delfino-G3\delfino.exe [2126544 2017-05-08] (Wizvera)
HKLM-x32\...\Run: [ipinside-lws] => C:\Program Files (x86)\IPinside_LWS\I3GProc.exe [269088 2017-07-12] (Interezen. Co., Ltd.)
HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3101984 2017-10-13] (Valve Corporation)
HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\Run: [Discord] => C:\Users\Adiga\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\Run: [GalaxyClient] => G:\Games\GOG Galaxy\GalaxyClient.exe [5161536 2017-09-18] (GOG.com)
HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\Run: [CrossEXService] => C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe [1414168 2016-07-14] (iniLINE Co., Ltd.)
HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\Run: [Plex Media Server] => G:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [16309736 2017-09-19] (Plex, Inc.)
HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\Run: [AceStream] => C:\Users\Adiga\AppData\Roaming\ACEStream\engine\ace_engine.exe
HKU\S-1-5-18\...\Run: [Plex Media Server] => G:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [16309736 2017-09-19] (Plex, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{877921de-5f7c-4a54-8682-e8e838678280}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-10-13] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11019.dll [2017-10-03] (© INITECH)
Handler-x32: touchenex - {4a20e600-8604-11e6-a5d1-005056c00008} - C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.981\CrossEXProtocol.dll [2016-09-29] (iniLINE Co., Ltd.)

FireFox:
========
FF HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Adiga\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-28] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> G:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll [2017-05-31] (AhnLab, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @raonsecure.com/npKSCertRelay -> C:\Program Files (x86)\KeySharp\kscertrelay\npKSCertRelay.dll [2016-12-07] (RaonSecure Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-28] (Google Inc.)
FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [2016-11-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: touchenex@raon.com/npCrossEXPlugin -> C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.981\npraontouchenex.dll [2016-09-29] (iniLINE Co., Ltd.)
FF Plugin HKU\S-1-5-21-410821179-523750949-3718088204-1001: @acestream.net/acestreamplugin,version=3.1.16.2.1 -> C:\Users\Adiga\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-410821179-523750949-3718088204-1001: @raonsecure.com/npKSCertRelay -> C:\Program Files (x86)\KeySharp\kscertrelay\npKSCertRelay.dll [2016-12-07] (RaonSecure Co., Ltd.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default [2017-10-17]
CHR Extension: (Dark Skin for Crunchyroll) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\agjiicokbioponboibkfhfgmhcacafph [2017-09-23]
CHR Extension: (Slinky Elegant) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2017-10-11]
CHR Extension: (uBlock Origin) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-10-16]
CHR Extension: (Dark YouTube Theme - Black YouTube & FB Skin) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\djhcepodfooinnfhfccmoeabagbjchhg [2017-10-12]
CHR Extension: (HTTPS Everywhere) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-10-04]
CHR Extension: (Deluminate) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebboopaeangfpceklajfohhbpkkfiaa [2017-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Video Downloader) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbbjnobglkpbfmpabbgogbnlffkmgbii [2017-09-25]
CHR Extension: (Chrome Media Router) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-25]
CHR Profile: C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default.old [2017-06-28] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default.old\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-28]
CHR Extension: (Google Docs) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default.old\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-28]
CHR Extension: (Google Drive) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default.old\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-28]
CHR Extension: (YouTube) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default.old\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-28]
CHR Extension: (Google Search) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default.old\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2017-06-28]
CHR Extension: (Google Sheets) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default.old\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default.old\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2017-06-28]
CHR Extension: (Google Wallet) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default.old\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-28]
CHR Extension: (Quick Searcher) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default.old\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-10-11]
CHR Extension: (Gmail) - C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default.old\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-28]
CHR HKU\S-1-5-21-410821179-523750949-3718088204-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1548808 2017-10-11] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761584 2017-10-04] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2017-07-05] (EasyAntiCheat Ltd)
S3 GalaxyClientService; G:\Games\GOG Galaxy\GalaxyClientService.exe [532544 2017-09-18] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8242752 2017-09-18] (GOG.com)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-07-11] (Hi-Rez Studios) [File not signed]
R2 I3GMainSvc; C:\Program Files (x86)\IPinside_LWS\I3GMainSvc.exe [240440 2017-07-12] (Interezen. Co., Ltd.)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-03-29] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-06] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
R2 PlexUpdateService; G:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2092008 2017-09-19] (Plex, Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2016-03-29] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WizveraPMSvc; C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe [1003248 2017-05-08] (WIZVERA)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [45016 2017-05-16] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21976 2017-05-16] (Corsair)
R4 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-10-15] ()
S3 HSBDrv64; C:\Windows\System32\drivers\HSBDrv64.sys [140096 2017-04-03] (AhnLab, Inc.)
S3 JRSKD24; C:\Windows\system32\JRSKD24.SYS [38632 2017-07-12] (RaonSecure Co., Ltd.)
R3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [40232 2017-07-12] (RaonSecure Co., Ltd.)
R4 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-12] (Malwarebytes)
R4 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-12] (Malwarebytes)
S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [119832 2017-02-01] (AhnLab, Inc.)
S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [160824 2017-04-03] (AhnLab, Inc.)
S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [203016 2017-04-03] (AhnLab, Inc.)
R1 MpKslb55b7ec2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A51826FA-7045-45CE-A461-358E65320EB9}\MpKslb55b7ec2.sys [58120 2017-10-16] (Microsoft Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d0a31ff5946203b6\nvlddmkm.sys [16923064 2017-10-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-10-06] (NVIDIA Corporation)
R3 scskusbf; C:\Windows\SysWow64\drivers\scskusbf.sys [21872 2017-10-15] (SoftCamp)
R3 scskusbs; C:\Windows\SysWow64\drivers\scskusbs.sys [100720 2017-10-15] (SoftCamp)
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X]
S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-16 19:53 - 2017-10-16 19:53 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-10-16 19:53 - 2017-09-13 18:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-10-16 19:53 - 2017-09-13 18:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-10-16 19:53 - 2017-09-13 18:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2017-10-16 19:53 - 2017-09-13 18:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2017-10-16 19:52 - 2017-10-09 07:20 - 000045496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 040237176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 036229056 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 035156600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 029262272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 023261440 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 019035160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 013863184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 013251240 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 011777952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 010880672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 004201408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 003614328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 001988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438792.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 001606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438792.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 001321448 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 001135280 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 001098688 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 001038680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 000981112 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 000932288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 000885496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 000794576 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 000739264 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 000632848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 000615544 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 000598648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 000505792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-10-16 19:52 - 2017-10-06 08:35 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-10-16 19:52 - 2017-10-06 08:35 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2017-10-16 19:47 - 2017-10-16 19:53 - 000000000 ____D C:\Windows\LastGood
2017-10-13 17:45 - 2017-10-13 17:45 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-10-12 23:55 - 2017-10-12 23:55 - 000252232 ____N (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-10-12 23:55 - 2017-10-12 23:55 - 000192952 ____N (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-10-12 23:54 - 2017-10-12 23:54 - 000116560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\niekoruy.sys
2017-10-12 21:36 - 2017-10-12 21:37 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-10-12 21:36 - 2017-10-12 21:37 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2017-10-12 21:36 - 2017-10-12 21:37 - 000000000 ____D C:\Windows\system32\RTCOM
2017-10-12 21:36 - 2017-10-12 21:36 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-10-12 21:36 - 2017-10-12 21:36 - 000000000 ____D C:\Windows\system32\DAX3
2017-10-12 21:36 - 2017-10-12 21:36 - 000000000 ____D C:\Windows\system32\DAX2
2017-10-12 21:36 - 2017-10-12 21:36 - 000000000 ____D C:\ProgramData\Audyssey Labs
2017-10-12 21:36 - 2017-10-12 21:36 - 000000000 ____D C:\Program Files\Realtek
2017-10-12 21:36 - 2017-10-12 21:36 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-10-12 21:36 - 2017-05-18 07:46 - 072520672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2017-10-12 21:36 - 2017-05-18 07:46 - 007172880 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2017-10-12 21:36 - 2017-05-18 07:46 - 005766624 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2017-10-12 21:36 - 2017-05-18 07:46 - 003677128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-10-12 21:36 - 2017-05-18 07:46 - 003205096 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-10-12 21:36 - 2017-05-18 07:46 - 002210760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-10-12 21:36 - 2017-05-18 07:46 - 001133040 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2017-10-12 21:36 - 2017-05-18 07:46 - 001003824 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2017-10-12 21:36 - 2017-05-18 07:46 - 000416472 _____ (Harman) C:\Windows\system32\HMUI.dll
2017-10-12 21:36 - 2017-05-18 07:46 - 000378344 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2017-10-12 21:36 - 2017-05-18 07:46 - 000258832 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2017-10-12 21:36 - 2017-05-18 07:46 - 000154328 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2017-10-12 21:36 - 2017-05-18 07:46 - 000023656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 015202008 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 007096160 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 006410056 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 006264600 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 005938880 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 005593584 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 003509232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 003506600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 003410808 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 003299792 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 003122616 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 003092304 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 002190952 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 001780584 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 001591024 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 001435112 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 001382208 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 001347112 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 001337608 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 001016384 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000984872 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000964992 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000876888 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000873432 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000867120 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000866096 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000852096 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000736912 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000727408 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000708280 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000691648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000680520 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000604768 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000532344 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000525736 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000504280 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000467128 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000447688 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000447152 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000445368 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000406424 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000387288 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000381376 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000366088 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000360312 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000343680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000341112 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000341112 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000321688 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000321680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000253832 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000231888 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000221936 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000214800 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000209504 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000203808 _____ (Harman) C:\Windows\system32\HMHVS.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000192952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000190904 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000190904 _____ (Harman) C:\Windows\system32\HMEQ.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000179568 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000166168 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000158664 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000151760 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000134168 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000122288 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000118560 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000110952 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000105280 _____ C:\Windows\system32\audioLibVc.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000090888 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000088312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000088288 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000084584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000083592 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2017-10-12 21:36 - 2017-05-18 07:45 - 000075512 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 005346968 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 002993688 _____ (Audyssey Labs) C:\Windows\system32\AudysseyEfx.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 002444656 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 001965776 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 001959568 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 001517896 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 001508904 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 001326392 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 001170840 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 000743928 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 000441232 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 000362016 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 000327416 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 000310392 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 000272680 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 000253872 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2017-10-12 21:36 - 2017-05-18 07:44 - 000252848 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2017-10-12 21:36 - 2017-05-18 02:09 - 012870376 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-10-12 21:36 - 2017-05-18 02:09 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2017-10-12 21:36 - 2016-09-22 14:55 - 002839520 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-10-12 21:36 - 2014-04-14 17:52 - 000003008 _____ C:\Windows\system32\Drivers\DTSU2P.DAT
2017-10-12 01:04 - 2017-10-17 20:27 - 000000000 ____D C:\Users\Adiga\Desktop\clean
2017-10-12 00:24 - 2017-10-17 20:27 - 000000000 ____D C:\FRST
2017-10-11 22:19 - 2017-10-11 22:19 - 000370820 _____ (RaonSecure Corporation) C:\Windows\system32\keysharpcrypto.dll
2017-10-11 22:19 - 2017-10-11 22:19 - 000164720 ____R (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\CKAgent.exe
2017-10-11 22:19 - 2017-10-11 22:19 - 000164720 ____R (RaonSecure Co., Ltd.) C:\Windows\system32\CKAgent.exe
2017-10-11 22:18 - 2017-10-11 22:18 - 000000000 ____D C:\Users\Adiga\AppData\LocalLow\KeySharp
2017-10-11 22:12 - 2017-10-11 22:12 - 000000000 ____D C:\Program Files (x86)\KeySharp
2017-10-11 21:59 - 2017-10-11 21:59 - 000000000 ____D C:\Users\Adiga\Desktop\NPKI
2017-10-11 19:08 - 2017-10-12 23:54 - 130547712 _____ C:\Windows\system32\config\SOFTWARE
2017-10-11 16:38 - 2017-10-12 20:59 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-10-11 16:29 - 2017-10-17 00:35 - 000000000 ____D C:\Users\Adiga\AppData\Local\sirgwhk
2017-10-11 16:29 - 2017-10-15 22:47 - 000000000 ____D C:\Users\Adiga\AppData\Local\vsockxt
2017-10-11 16:21 - 2017-10-12 23:54 - 000000000 ____D C:\AdwCleaner
2017-10-11 16:21 - 2017-10-12 00:46 - 000094144 ____N (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-10-11 16:21 - 2017-10-11 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-11 16:21 - 2017-10-11 16:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-11 16:21 - 2017-10-11 16:21 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-11 16:21 - 2017-10-04 13:15 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-10-11 16:13 - 2017-10-11 16:18 - 000000842 _____ C:\Windows\system32\.crusader
2017-10-11 16:12 - 2017-10-15 12:19 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-10-11 16:12 - 2017-10-11 16:13 - 000000000 ____D C:\ProgramData\HitmanPro
2017-10-11 16:03 - 2017-10-12 23:55 - 002843648 _____ (TOSHIBA CORPORATION) C:\Windows\system32\dtnvplgsvc.exe
2017-10-11 16:03 - 2017-10-11 16:13 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\fda52b5198764c6eb2f68a67d035bf45
2017-10-11 16:03 - 2017-10-11 16:03 - 000000000 ____D C:\Windows\SysWOW64\simurzg
2017-10-11 16:03 - 2017-10-11 16:03 - 000000000 ____D C:\Windows\system32\simurzg
2017-10-11 16:03 - 2017-10-11 16:03 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\et
2017-10-11 16:02 - 2017-10-11 16:02 - 000000218 _____ C:\Users\Adiga\AppData\Local\recently-used.xbel
2017-10-11 15:51 - 2017-10-11 15:51 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\Mp3tag
2017-10-10 22:22 - 2017-10-10 22:22 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-10 22:20 - 2017-09-30 00:51 - 000661224 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-10-10 22:20 - 2017-09-30 00:49 - 001004136 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-10-10 22:20 - 2017-09-30 00:49 - 000777400 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-10-10 22:20 - 2017-09-30 00:49 - 000135576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-10 22:20 - 2017-09-30 00:48 - 008319384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-10 22:20 - 2017-09-30 00:48 - 002399728 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-10-10 22:20 - 2017-09-30 00:48 - 002327448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-10 22:20 - 2017-09-30 00:47 - 002969880 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
2017-10-10 22:20 - 2017-09-30 00:47 - 001194792 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-10 22:20 - 2017-09-30 00:45 - 000511896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-10-10 22:20 - 2017-09-30 00:44 - 000181912 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-10 22:20 - 2017-09-30 00:42 - 000820120 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2017-10-10 22:20 - 2017-09-30 00:41 - 005304496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2017-10-10 22:20 - 2017-09-30 00:41 - 000654976 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2017-10-10 22:20 - 2017-09-30 00:41 - 000259400 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2017-10-10 22:20 - 2017-09-30 00:40 - 000724704 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-10-10 22:20 - 2017-09-30 00:40 - 000336320 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2017-10-10 22:20 - 2017-09-30 00:40 - 000173976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-10-10 22:20 - 2017-09-30 00:38 - 007910072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2017-10-10 22:20 - 2017-09-30 00:38 - 002239136 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2017-10-10 22:20 - 2017-09-30 00:36 - 002672024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-10-10 22:20 - 2017-09-30 00:36 - 000057976 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-10 22:20 - 2017-09-29 21:29 - 001408536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-10-10 22:20 - 2017-09-29 21:29 - 000804784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2017-10-10 22:20 - 2017-09-29 21:26 - 001333136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-10-10 22:20 - 2017-09-29 21:26 - 001292872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-10-10 22:20 - 2017-09-29 21:10 - 001839872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-10-10 22:20 - 2017-09-29 21:10 - 001150776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-10-10 22:20 - 2017-09-29 21:10 - 000606072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-10-10 22:20 - 2017-09-29 21:10 - 000508344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-10-10 22:20 - 2017-09-29 21:10 - 000480920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-10-10 22:20 - 2017-09-29 21:09 - 002259760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
2017-10-10 22:20 - 2017-09-29 21:09 - 000787712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-10-10 22:20 - 2017-09-29 21:06 - 004471368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-10-10 22:20 - 2017-09-29 21:05 - 005827744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2017-10-10 22:20 - 2017-09-29 21:05 - 002603744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-10 22:20 - 2017-09-29 21:05 - 001266544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2017-10-10 22:20 - 2017-09-29 21:05 - 000750488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2017-10-10 22:20 - 2017-09-29 21:05 - 000559000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-10-10 22:20 - 2017-09-29 21:04 - 004215184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2017-10-10 22:20 - 2017-09-29 21:04 - 000612120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-10-10 22:20 - 2017-09-29 21:04 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2017-10-10 22:20 - 2017-09-29 21:04 - 000438096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.dll
2017-10-10 22:20 - 2017-09-29 21:04 - 000347544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-10-10 22:20 - 2017-09-29 21:04 - 000182680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2017-10-10 22:20 - 2017-09-29 21:03 - 020373408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-10-10 22:20 - 2017-09-29 21:03 - 006768288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-10 22:20 - 2017-09-29 21:03 - 001439032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2017-10-10 22:20 - 2017-09-29 21:02 - 000175512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2017-10-10 22:20 - 2017-09-29 21:01 - 000124544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-10-10 22:20 - 2017-09-29 02:46 - 023678976 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-10-10 22:20 - 2017-09-29 02:45 - 002953216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-10-10 22:20 - 2017-09-29 02:44 - 000133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-10-10 22:20 - 2017-09-29 02:43 - 002199552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-10 22:20 - 2017-09-29 02:43 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll
2017-10-10 22:20 - 2017-09-29 02:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2017-10-10 22:20 - 2017-09-29 02:42 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mgmtapi.dll
2017-10-10 22:20 - 2017-09-29 02:41 - 013844992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-10-10 22:20 - 2017-09-29 02:41 - 000110080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BitLockerCsp.dll
2017-10-10 22:20 - 2017-09-29 02:40 - 006728192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-10-10 22:20 - 2017-09-29 02:40 - 000371200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2017-10-10 22:20 - 2017-09-29 02:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-10-10 22:20 - 2017-09-29 02:39 - 020511232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-10-10 22:20 - 2017-09-29 02:39 - 011888640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-10-10 22:20 - 2017-09-29 02:39 - 000364032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2017-10-10 22:20 - 2017-09-29 02:38 - 005721600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2017-10-10 22:20 - 2017-09-29 02:38 - 002671616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-10-10 22:20 - 2017-09-29 02:38 - 001135616 ____R (The ICU Project) C:\Windows\SysWOW64\icuuc.dll
2017-10-10 22:20 - 2017-09-29 02:38 - 000471040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll
2017-10-10 22:20 - 2017-09-29 02:38 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-10-10 22:20 - 2017-09-29 02:38 - 000370688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2017-10-10 22:20 - 2017-09-29 02:38 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2017-10-10 22:20 - 2017-09-29 02:38 - 000229376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2017-10-10 22:20 - 2017-09-29 02:37 - 000306688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll
2017-10-10 22:20 - 2017-09-29 02:37 - 000038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerUI.dll
2017-10-10 22:20 - 2017-09-29 02:36 - 019337216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-10-10 22:20 - 2017-09-29 02:36 - 000590336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2017-10-10 22:20 - 2017-09-29 02:35 - 003654656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-10-10 22:20 - 2017-09-29 02:34 - 006255616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-10-10 22:20 - 2017-09-29 02:34 - 002859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-10-10 22:20 - 2017-09-29 02:34 - 000798720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2017-10-10 22:20 - 2017-09-29 02:34 - 000787456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-10-10 22:20 - 2017-09-29 02:34 - 000434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll
2017-10-10 22:20 - 2017-09-29 02:33 - 007598080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-10-10 22:20 - 2017-09-29 02:33 - 004559360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2017-10-10 22:20 - 2017-09-29 02:33 - 001506816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-10-10 22:20 - 2017-09-29 02:33 - 000658944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-10-10 22:20 - 2017-09-29 02:32 - 002782720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2017-10-10 22:20 - 2017-09-29 02:32 - 002340864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-10-10 22:20 - 2017-09-29 02:32 - 001627136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-10-10 22:20 - 2017-09-29 02:32 - 001244160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-10 22:20 - 2017-09-29 02:32 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-10 22:20 - 2017-09-29 02:32 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-10-10 22:20 - 2017-09-29 02:32 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-10 22:20 - 2017-09-29 02:32 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mgmtapi.dll
2017-10-10 22:20 - 2017-09-29 02:31 - 003107328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-10-10 22:20 - 2017-09-29 02:31 - 000306176 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-10-10 22:20 - 2017-09-29 02:31 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2017-10-10 22:20 - 2017-09-29 02:31 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2017-10-10 22:20 - 2017-09-29 02:30 - 023686144 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-10 22:20 - 2017-09-29 02:29 - 008333312 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2017-10-10 22:20 - 2017-09-29 02:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2017-10-10 22:20 - 2017-09-29 02:29 - 001318912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2017-10-10 22:20 - 2017-09-29 02:29 - 000724992 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2017-10-10 22:20 - 2017-09-29 02:29 - 000157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-10-10 22:20 - 2017-09-29 02:29 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-10-10 22:20 - 2017-09-29 02:29 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-10-10 22:20 - 2017-09-29 02:28 - 000699904 _____ (Microsoft Corporation) C:\Windows\system32\FlightSettings.dll
2017-10-10 22:20 - 2017-09-29 02:28 - 000681472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2017-10-10 22:20 - 2017-09-29 02:28 - 000473088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2017-10-10 22:20 - 2017-09-29 02:28 - 000458752 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2017-10-10 22:20 - 2017-09-29 02:28 - 000297984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2017-10-10 22:20 - 2017-09-29 02:28 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2017-10-10 22:20 - 2017-09-29 02:28 - 000040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cipher.exe
2017-10-10 22:20 - 2017-09-29 02:27 - 012803072 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-10 22:20 - 2017-09-29 02:27 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2017-10-10 22:20 - 2017-09-29 02:27 - 000350720 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2017-10-10 22:20 - 2017-09-29 02:26 - 008213504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-10-10 22:20 - 2017-09-29 02:25 - 008199168 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-10-10 22:20 - 2017-09-29 02:25 - 000586240 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2017-10-10 22:20 - 2017-09-29 02:24 - 003377664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-10 22:20 - 2017-09-29 02:24 - 001628672 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2017-10-10 22:20 - 2017-09-29 02:23 - 005557760 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2017-10-10 22:20 - 2017-09-29 02:23 - 004730368 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-10 22:20 - 2017-09-29 02:23 - 003140096 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2017-10-10 22:20 - 2017-09-29 02:23 - 001887744 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-10-10 22:20 - 2017-09-29 02:23 - 001398784 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2017-10-10 22:20 - 2017-09-29 02:23 - 000756224 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-10 22:20 - 2017-09-29 02:22 - 002829824 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-10-10 22:20 - 2017-09-29 02:21 - 003304448 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-10-10 22:20 - 2017-09-29 02:21 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2017-10-10 22:20 - 2017-09-29 02:21 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-10 22:20 - 2017-09-29 02:21 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2017-10-10 22:20 - 2017-09-29 02:20 - 000804864 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2017-10-10 22:20 - 2017-09-29 02:20 - 000385536 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2017-10-10 22:20 - 2017-09-29 02:20 - 000286208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-10 22:20 - 2017-09-29 02:20 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-10 22:20 - 2017-09-29 02:19 - 000325120 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2017-10-10 22:20 - 2017-09-29 02:19 - 000306176 _____ (Microsoft Corporation) C:\Windows\system32\fveui.dll
2017-10-10 22:20 - 2017-09-29 02:19 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2017-10-10 22:20 - 2017-09-29 02:18 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\manage-bde.exe
2017-10-10 22:20 - 2017-09-29 02:18 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerDeviceEncryption.exe
2017-10-10 22:20 - 2017-09-29 00:40 - 000804312 _____ C:\Windows\SysWOW64\locale.nls
2017-10-10 22:20 - 2017-09-29 00:40 - 000804312 _____ C:\Windows\system32\locale.nls
2017-10-10 22:20 - 2017-09-20 10:08 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-10-10 22:20 - 2017-09-20 10:08 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-10-10 22:20 - 2017-09-20 10:08 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-10-10 22:20 - 2017-09-18 18:20 - 001065104 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-10-10 22:20 - 2017-09-18 18:20 - 000900376 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-10-10 22:20 - 2017-09-18 18:17 - 001395664 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-10-10 22:20 - 2017-09-18 18:17 - 001186464 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-10-10 22:20 - 2017-09-18 18:09 - 000554400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2017-10-10 22:20 - 2017-09-18 17:25 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\eShims.dll
2017-10-10 22:20 - 2017-09-18 17:20 - 000831488 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2017-10-10 22:20 - 2017-09-18 17:20 - 000049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tetheringclient.dll
2017-10-10 22:20 - 2017-09-18 17:15 - 000648704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2017-10-10 22:19 - 2017-09-30 00:52 - 001595152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-10-10 22:19 - 2017-09-30 00:51 - 001458320 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-10 22:19 - 2017-09-30 00:51 - 001147288 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-10-10 22:19 - 2017-09-30 00:50 - 001346112 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-10-10 22:19 - 2017-09-30 00:50 - 001068208 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2017-10-10 22:19 - 2017-09-30 00:50 - 001024920 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-10-10 22:19 - 2017-09-30 00:48 - 000644696 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-10 22:19 - 2017-09-30 00:44 - 000712600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2017-10-10 22:19 - 2017-09-30 00:43 - 007318888 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2017-10-10 22:19 - 2017-09-30 00:43 - 002442136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-10-10 22:19 - 2017-09-30 00:42 - 004848952 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-10-10 22:19 - 2017-09-30 00:42 - 001506712 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2017-10-10 22:19 - 2017-09-30 00:41 - 005477600 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2017-10-10 22:19 - 2017-09-30 00:41 - 002086808 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2017-10-10 22:19 - 2017-09-30 00:41 - 000961944 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2017-10-10 22:19 - 2017-09-30 00:41 - 000651672 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-10-10 22:19 - 2017-09-30 00:41 - 000257432 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2017-10-10 22:19 - 2017-09-30 00:41 - 000228248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-10 22:19 - 2017-09-30 00:40 - 000642680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-10-10 22:19 - 2017-09-30 00:40 - 000558912 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.dll
2017-10-10 22:19 - 2017-09-30 00:40 - 000408984 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-10 22:19 - 2017-09-30 00:40 - 000184728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-10-10 22:19 - 2017-09-30 00:40 - 000072944 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2017-10-10 22:19 - 2017-09-30 00:39 - 021351760 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-10-10 22:19 - 2017-09-30 00:39 - 000203672 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2017-10-10 22:19 - 2017-09-29 02:34 - 017370624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-10-10 22:19 - 2017-09-29 02:34 - 003669504 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-10-10 22:19 - 2017-09-29 02:33 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-10 22:19 - 2017-09-29 02:32 - 002199552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-10-10 22:19 - 2017-09-29 02:32 - 000209920 _____ (Microsoft Corporation) C:\Windows\system32\smartscreenps.dll
2017-10-10 22:19 - 2017-09-29 02:32 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
2017-10-10 22:19 - 2017-09-29 02:32 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-10-10 22:19 - 2017-09-29 02:31 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2017-10-10 22:19 - 2017-09-29 02:31 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\efssvc.dll
2017-10-10 22:19 - 2017-09-29 02:30 - 007931392 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-10-10 22:19 - 2017-09-29 02:30 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2017-10-10 22:19 - 2017-09-29 02:30 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerCsp.dll
2017-10-10 22:19 - 2017-09-29 02:30 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-10-10 22:19 - 2017-09-29 02:30 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-10-10 22:19 - 2017-09-29 02:29 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-10 22:19 - 2017-09-29 02:29 - 000461824 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-10 22:19 - 2017-09-29 02:29 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
2017-10-10 22:19 - 2017-09-29 02:29 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
2017-10-10 22:19 - 2017-09-29 02:29 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\ServiceWorkerHost.exe
2017-10-10 22:19 - 2017-09-29 02:28 - 000556032 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll
2017-10-10 22:19 - 2017-09-29 02:28 - 000527360 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-10-10 22:19 - 2017-09-29 02:28 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-10-10 22:19 - 2017-09-29 02:28 - 000254976 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2017-10-10 22:19 - 2017-09-29 02:27 - 001321984 ____R (The ICU Project) C:\Windows\system32\icuuc.dll
2017-10-10 22:19 - 2017-09-29 02:27 - 000616960 _____ (Microsoft Corporation) C:\Windows\system32\WindowManagement.dll
2017-10-10 22:19 - 2017-09-29 02:27 - 000565760 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-10-10 22:19 - 2017-09-29 02:27 - 000538624 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2017-10-10 22:19 - 2017-09-29 02:27 - 000524800 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2017-10-10 22:19 - 2017-09-29 02:27 - 000412160 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-10-10 22:19 - 2017-09-29 02:26 - 002809344 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-10-10 22:19 - 2017-09-29 02:26 - 001468928 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2017-10-10 22:19 - 2017-09-29 02:26 - 001269760 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2017-10-10 22:19 - 2017-09-29 02:26 - 000772096 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2017-10-10 22:19 - 2017-09-29 02:26 - 000356864 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2017-10-10 22:19 - 2017-09-29 02:26 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerUI.dll
2017-10-10 22:19 - 2017-09-29 02:25 - 004175872 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2017-10-10 22:19 - 2017-09-29 02:25 - 002760704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-10 22:19 - 2017-09-29 02:24 - 003307008 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-10 22:19 - 2017-09-29 02:24 - 002503680 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2017-10-10 22:19 - 2017-09-29 02:24 - 001886208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-10-10 22:19 - 2017-09-29 02:24 - 001307648 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-10-10 22:19 - 2017-09-29 02:24 - 000684032 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-10-10 22:19 - 2017-09-29 02:23 - 002730496 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe
2017-10-10 22:19 - 2017-09-29 02:23 - 002446336 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-10-10 22:19 - 2017-09-29 02:23 - 002055680 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-10-10 22:19 - 2017-09-29 02:23 - 001605632 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-10-10 22:19 - 2017-09-29 02:23 - 001460224 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-10 22:19 - 2017-09-29 02:23 - 001052672 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2017-10-10 22:19 - 2017-09-29 02:23 - 000986624 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-10-10 22:19 - 2017-09-29 02:23 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2017-10-10 22:19 - 2017-09-29 02:23 - 000841216 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2017-10-10 22:19 - 2017-09-29 02:23 - 000647168 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2017-10-10 22:19 - 2017-09-29 02:23 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2017-10-10 22:19 - 2017-09-29 02:22 - 001802240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-10 22:19 - 2017-09-29 02:22 - 001438208 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Phone.dll
2017-10-10 22:19 - 2017-09-29 02:22 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-10-10 22:19 - 2017-09-29 02:21 - 000722944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-10 22:19 - 2017-09-29 02:21 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2017-10-10 22:19 - 2017-09-29 02:21 - 000154624 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll
2017-10-10 22:19 - 2017-09-29 02:21 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2017-10-10 22:19 - 2017-09-29 02:20 - 001811456 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2017-10-10 22:19 - 2017-09-29 02:20 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\iscsiexe.dll
2017-10-10 22:19 - 2017-09-29 02:19 - 002088448 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2017-10-10 22:19 - 2017-09-29 02:18 - 002438656 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2017-10-10 22:19 - 2017-09-29 02:18 - 001527296 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2017-10-10 22:19 - 2017-09-29 02:18 - 000893440 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2017-10-10 22:19 - 2017-09-29 02:18 - 000603136 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2017-10-10 22:19 - 2017-09-29 02:18 - 000347648 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2017-10-10 22:19 - 2017-09-29 02:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2017-10-10 22:19 - 2017-09-29 02:18 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\cipher.exe
2017-10-10 22:19 - 2017-09-18 18:18 - 000965024 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2017-10-10 22:19 - 2017-09-18 18:17 - 000821664 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2017-10-10 22:19 - 2017-09-18 18:11 - 001018272 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2017-10-10 22:19 - 2017-09-18 17:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\tetheringclient.dll
2017-10-10 22:19 - 2017-09-18 17:23 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2017-10-10 13:40 - 2017-10-10 13:40 - 000448000 _____ C:\Windows\0b4e6587ce71a1d2ea123723cd18f7b1.exe
2017-10-10 13:40 - 2017-10-10 13:40 - 000088008 _____ (K04A2F) C:\Windows\system32\Drivers\70ca78226b1aced45c7530c58f747b36.sys
2017-10-10 13:40 - 2017-10-10 13:40 - 000051615 _____ C:\Windows\uninstaller.dat
2017-10-07 14:31 - 2017-10-07 14:31 - 000093719 _____ C:\Users\Adiga\Desktop\That One Privacy Guy's VPN Comparison Chart.xlsx
2017-10-04 13:35 - 2017-10-04 13:35 - 000000000 ____D C:\Users\Adiga\AppData\LocalLow\Thunder Lotus Games
2017-10-04 08:51 - 2017-10-04 08:51 - 000000000 ____D C:\Users\Adiga\AppData\Local\Microsoft Help
2017-10-03 20:02 - 2017-10-03 20:02 - 035092674 _____ C:\Users\Adiga\Desktop\주식회사 패츠카자마스 - 등기소 제출용 구비서류.pdf
2017-10-03 19:31 - 2017-10-15 19:02 - 000337920 _____ (TODO: <회사 이름>) C:\Windows\SysWOW64\SCSKUSB64Restarter.exe
2017-10-03 19:31 - 2017-10-15 19:02 - 000100720 _____ (SoftCamp) C:\Windows\SysWOW64\Drivers\scskusbs.sys
2017-10-03 19:31 - 2017-10-15 19:02 - 000021872 _____ (SoftCamp) C:\Windows\SysWOW64\Drivers\scskusbf.sys
2017-10-03 19:31 - 2017-10-12 18:32 - 000021872 _____ (SoftCamp) C:\Windows\SysWOW64\Drivers\scskusbf.sys_bak
2017-10-03 19:31 - 2017-10-03 19:31 - 002761600 _____ (SoftCamp Co.,Ltd.) C:\Windows\SysWOW64\SCSK4.ocx
2017-10-03 19:31 - 2017-10-03 19:31 - 001467272 _____ (SoftCamp Co.,Ltd.) C:\Windows\SysWOW64\SCSKAppLink.dll
2017-10-03 19:31 - 2017-10-03 19:31 - 000217920 _____ (SoftCamp Co.,Ltd.) C:\Windows\SysWOW64\SCSKLoader.exe
2017-10-03 19:31 - 2017-10-03 19:31 - 000109408 _____ (TODO: <SoftCamp>) C:\Windows\SysWOW64\SCSKCOM.DLL
2017-10-03 19:31 - 2017-10-03 19:31 - 000060792 _____ (Kings Information & Network) C:\Windows\SysWOW64\Drivers\kck64s.sys
2017-10-03 19:31 - 2017-10-03 19:31 - 000041792 _____ (SoftCamp Co.,Ltd.) C:\Windows\SysWOW64\UnSCSK.exe
2017-10-03 19:31 - 2017-10-03 19:31 - 000029504 _____ (SoftCamp Co.,Ltd.) C:\Windows\SysWOW64\SCSKSender.exe
2017-10-03 19:31 - 2017-10-03 19:31 - 000000024 _____ C:\Windows\SysWOW64\scskConfigEH.ini
2017-10-03 19:31 - 2017-10-03 19:31 - 000000000 ____D C:\ProgramData\SoftCamp
2017-10-03 19:31 - 2017-10-03 19:31 - 000000000 ____D C:\Program Files (x86)\Webcash
2017-10-03 19:31 - 2017-10-03 19:31 - 000000000 ____D C:\Program Files (x86)\AhnLab
2017-10-03 19:23 - 2017-10-03 19:23 - 000000000 ____D C:\Users\Adiga\AppData\LocalLow\INITECH
2017-10-03 19:23 - 2017-10-03 19:23 - 000000000 ____D C:\Program Files (x86)\Initech
2017-10-02 23:17 - 2017-10-02 23:17 - 000000000 ____D C:\Users\Adiga\ansel
2017-10-02 20:46 - 2017-10-02 20:46 - 001090048 _____ C:\Users\Adiga\Desktop\merh.exe
2017-09-25 15:09 - 2017-09-25 15:10 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\Bigasoft Video Downloader Pro
2017-09-25 15:09 - 2017-09-25 15:09 - 000000000 ____D C:\Users\Adiga\Documents\Bigasoft Video Downloader Pro
2017-09-25 15:09 - 2017-09-25 15:09 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\youtubejs
2017-09-24 11:31 - 2017-09-24 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2017-09-23 21:34 - 2017-09-23 21:34 - 000000000 ____D C:\Users\Adiga\AppData\Local\FortniteGame
2017-09-20 17:09 - 2017-09-20 17:09 - 000000000 ____D C:\Users\Adiga\AppData\Local\Notepad++
2017-09-20 17:08 - 2017-09-20 17:11 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\Notepad++
2017-09-20 17:08 - 2017-09-20 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-09-20 16:55 - 2017-09-20 16:55 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2017-09-20 16:55 - 2017-09-20 16:55 - 000000000 ____D C:\Users\Adiga\AppData\Local\pip
2017-09-20 16:53 - 2017-09-20 16:53 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-09-17 17:15 - 2017-09-17 17:15 - 000001047 _____ C:\Users\Adiga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-09-17 00:03 - 2017-09-17 00:03 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\.mono
2017-09-17 00:03 - 2017-09-17 00:03 - 000000000 ____D C:\Users\Adiga\AppData\LocalLow\Blizzard Entertainment
2017-09-17 00:03 - 2017-09-17 00:03 - 000000000 ____D C:\Users\Adiga\AppData\Local\Blizzard
2017-09-17 00:03 - 2017-09-17 00:03 - 000000000 ____D C:\ProgramData\.mono

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-17 20:25 - 2017-07-12 17:27 - 000000017 _____ C:\Users\Adiga\AppData\LocalLow\.delfino.conf
2017-10-17 20:25 - 2017-06-28 12:39 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-17 00:41 - 2017-08-26 19:36 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\vlc
2017-10-17 00:41 - 2017-06-28 13:56 - 000000000 ___RD C:\Users\Adiga
2017-10-17 00:10 - 2017-06-29 03:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-10-16 23:52 - 2017-06-28 16:50 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-16 21:07 - 2017-06-28 17:04 - 000000000 ____D C:\Users\Adiga\AppData\Local\Battle.net
2017-10-16 19:57 - 2017-06-28 12:40 - 001623436 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-16 19:56 - 2017-06-28 17:05 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-10-16 19:53 - 2017-07-12 17:47 - 000000000 ____D C:\Temp
2017-10-16 19:53 - 2017-07-04 15:02 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\NVIDIA
2017-10-16 19:53 - 2017-06-28 12:39 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-10-16 19:53 - 2017-06-28 12:39 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-10-16 19:53 - 2017-03-18 16:01 - 000000000 ____D C:\Windows\INF
2017-10-16 19:48 - 2017-06-28 12:39 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-10-16 19:47 - 2017-06-28 21:09 - 000002233 _____ C:\Users\Adiga\Desktop\Discord.lnk
2017-10-16 19:47 - 2017-06-28 16:52 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-16 19:47 - 2017-06-28 16:52 - 000004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-16 19:47 - 2017-06-28 16:52 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-16 19:47 - 2017-06-28 16:52 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-16 19:47 - 2017-06-28 16:52 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-16 19:47 - 2017-06-28 16:52 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-16 19:47 - 2017-06-28 16:52 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-16 19:47 - 2017-06-28 16:52 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-15 22:49 - 2017-06-28 13:57 - 000000000 ____D C:\Users\Adiga\AppData\Local\Packages
2017-10-14 22:15 - 2017-06-28 16:52 - 000000000 ____D C:\Users\Adiga\AppData\Local\CrashDumps
2017-10-14 00:31 - 2017-08-13 10:08 - 303969226 _____ C:\Users\Adiga\Downloads\All Activation Windows 7-8-10 v12.0 (Windows & Office Activator) [SadeemPC].zip
2017-10-13 22:39 - 2017-03-18 15:51 - 000000000 ____D C:\Windows\CbsTemp
2017-10-13 17:45 - 2017-07-23 10:10 - 000000000 ____D C:\Program Files\Microsoft Office
2017-10-13 17:45 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-13 17:45 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-10-13 00:29 - 2017-07-02 09:31 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2017-10-12 23:55 - 2017-07-05 11:22 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-10-12 23:55 - 2017-06-29 03:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-12 23:54 - 2017-03-18 06:40 - 012845056 _____ C:\Windows\system32\config\HARDWARE
2017-10-12 23:54 - 2017-03-18 06:40 - 000524288 _____ C:\Windows\system32\config\BBI
2017-10-12 21:43 - 2017-08-06 14:53 - 000000000 ____D C:\Users\Adiga\AppData\Local\ElevatedDiagnostics
2017-10-12 21:36 - 2017-07-05 11:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-10-11 22:12 - 2017-07-12 17:29 - 000000000 ____D C:\Program Files (x86)\RaonSecure
2017-10-11 19:06 - 2017-07-23 13:27 - 000000000 ____D C:\Windows\Microsoft Antimalware
2017-10-11 16:03 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-10-11 16:02 - 2017-08-13 10:07 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\deluge
2017-10-11 14:07 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-11 14:07 - 2017-03-18 16:03 - 000000000 ____D C:\Windows\AppReadiness
2017-10-11 09:09 - 2017-03-18 16:03 - 000000000 ____D C:\Windows\rescache
2017-10-11 08:59 - 2017-06-29 03:30 - 000399288 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-11 08:59 - 2017-06-28 13:57 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-11 00:54 - 2017-03-18 16:03 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2017-10-11 00:54 - 2017-03-18 16:03 - 000207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2017-10-11 00:54 - 2017-03-18 16:03 - 000000000 ____D C:\Windows\ShellExperiences
2017-10-11 00:54 - 2017-03-18 16:03 - 000000000 ____D C:\Windows\Provisioning
2017-10-10 22:24 - 2017-06-28 16:04 - 000000000 ____D C:\Windows\system32\MRT
2017-10-10 22:22 - 2017-06-28 16:04 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-10 20:05 - 2017-06-28 16:52 - 001796032 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-10-10 20:05 - 2017-06-28 16:52 - 001577920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-10-10 20:05 - 2017-06-28 16:52 - 000918976 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2017-10-10 20:05 - 2017-06-28 16:52 - 000186304 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-10-10 20:05 - 2017-06-28 16:52 - 000152512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-10-10 20:05 - 2017-06-28 16:52 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\SET91C4.tmp
2017-10-10 20:05 - 2017-06-28 16:52 - 000050624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-10-10 19:56 - 2017-06-28 17:06 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-10-10 18:26 - 2017-06-28 16:52 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-10-09 07:20 - 2017-05-19 20:03 - 001615472 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-10-09 07:20 - 2017-05-19 20:03 - 000225208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-10-06 08:35 - 2017-08-24 23:09 - 001030264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-10-06 08:35 - 2017-06-28 16:52 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-10-06 08:35 - 2017-05-19 19:47 - 004482976 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-10-06 08:35 - 2017-05-19 19:47 - 003816560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-10-06 08:35 - 2017-05-19 16:22 - 000048442 _____ C:\Windows\system32\nvinfo.pb
2017-10-06 07:17 - 2017-06-28 12:39 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-10-06 06:44 - 2017-06-28 12:39 - 005960312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-10-06 06:44 - 2017-06-28 12:39 - 002587584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-10-06 06:44 - 2017-06-28 12:39 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-10-06 06:44 - 2017-06-28 12:39 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-10-06 06:44 - 2017-06-28 12:39 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-10-06 06:44 - 2017-06-28 12:39 - 000122816 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-10-06 06:44 - 2017-06-28 12:39 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-10-03 19:31 - 2017-07-12 17:28 - 000000000 ____D C:\Users\Adiga\AppData\LocalLow\Ahnlab
2017-09-29 10:02 - 2017-06-28 12:39 - 008257351 _____ C:\Windows\system32\nvcoproc.bin
2017-09-25 14:35 - 2017-06-28 16:19 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-24 23:15 - 2017-07-02 10:20 - 000001170 _____ C:\Users\Adiga\Desktop\Core Temp.lnk
2017-09-24 23:15 - 2017-07-02 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2017-09-24 23:15 - 2017-07-02 10:20 - 000000000 ____D C:\Program Files\Core Temp
2017-09-24 11:31 - 2017-06-28 16:52 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-24 11:30 - 2017-07-26 13:07 - 000000000 ____D C:\Users\Adiga\AppData\Local\Plex Media Server
2017-09-20 16:55 - 2017-07-09 22:37 - 000000000 ____D C:\Users\Adiga\AppData\Local\Package Cache
2017-09-20 16:39 - 2017-07-02 01:16 - 000000000 ____D C:\Program Files\Epic Games
2017-09-20 00:36 - 2017-08-23 23:26 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\HandBrake
2017-09-20 00:35 - 2017-08-18 23:31 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\avidemux
2017-09-18 19:36 - 2017-07-07 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwent [GOG.com]
2017-09-18 19:32 - 2017-09-16 20:02 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-09-18 19:31 - 2017-06-28 21:32 - 000000000 ____D C:\Users\Adiga\AppData\Local\UnrealEngine
2017-09-17 18:12 - 2017-03-18 21:30 - 000000000 ____D C:\Windows\OCR

==================== Files in the root of some directories =======

2017-10-11 16:02 - 2017-10-11 16:02 - 000000218 _____ () C:\Users\Adiga\AppData\Local\recently-used.xbel
2017-10-12 21:36 - 2017-10-12 21:36 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-10-11 16:03 - 2017-10-11 16:03 - 000032768 _____ (Sc00bz) C:\Users\Adiga\AppData\Local\Temp\capi.exe
2017-10-11 16:03 - 2017-10-11 16:03 - 001792071 _____ () C:\Users\Adiga\AppData\Local\Temp\pi.exe
2017-10-13 00:29 - 2017-10-13 00:29 - 000192512 _____ () C:\Users\Adiga\AppData\Local\Temp\sfamcc00001.dll
2017-10-11 16:03 - 2017-10-11 16:06 - 000101910 _____ ( ) C:\Users\Adiga\AppData\Local\Temp\shutdowntime.exe
2017-10-11 16:03 - 2017-10-11 16:03 - 001199825 _____ () C:\Users\Adiga\AppData\Local\Temp\unins000.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-06 18:18

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2017
Ran by Adiga (17-10-2017 20:27:57)
Running from C:\Users\Adiga\Desktop\clean
Windows 10 Home Version 1703 170317-1834 (X64) (2017-06-29 08:33:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Adiga (S-1-5-21-410821179-523750949-3718088204-1001 - Administrator - Enabled) => C:\Users\Adiga
Administrator (S-1-5-21-410821179-523750949-3718088204-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-410821179-523750949-3718088204-503 - Limited - Disabled)
Guest (S-1-5-21-410821179-523750949-3718088204-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Core SDK 1.0.4 (x64) (HKLM\...\{11ACCE3C-C179-472C-A8CA-0F467702B2DA}) (Version: 4.1.5012 - Microsoft Corporation) Hidden
.NET Core SDK 1.0.4 (x64) (HKLM-x32\...\{c56e80af-58a4-490b-a1cd-5718290133b9}) (Version: 1.0.4 - Microsoft Corporation)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Albion Online (HKLM-x32\...\SandboxAlbionOnline) (Version: - Sandbox Interactive GmbH)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 387.92 - NVIDIA Corporation) Hidden
Application Verifier x64 External Package (HKLM\...\{55117E45-6881-FF5B-77B2-97FFCF64D2D8}) (Version: 10.1.10586.212 - Microsoft) Hidden
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.0.170814 - )
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Core Temp 1.10.2 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.10.2 - ALCPU)
Corsair Utility Engine (HKLM-x32\...\{A9114889-E4D2-4112-B461-22179C0E122C}) (Version: 2.14.67 - Corsair)
Delfino G3 (x86) version 3.3.2.7 (HKLM-x32\...\{1CBD185A-9CB3-4f30-B7E4-75CC551455F9}_is1) (Version: 3.3.2.7 - Wizvera)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version: - )
DiagnosticsHub_CollectionService (HKLM\...\{90A561D7-0C29-464D-94E1-2A7E1C553230}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Entity Framework 6.1.3 Tools for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{557DE1DA-A23F-42DE-BDB9-6315DD4FD2C6}) (Version: 1.1.112.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Git version 2.10.2 (HKLM\...\Git_is1) (Version: 2.10.2 - The Git Development Community)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GPU Temp version 1.0 (HKLM-x32\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com)
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Gwent (HKLM-x32\...\1971477531_is1) (Version: 0.9.10 public beta - GOG.com)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.4.6 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
icecap_collection_neutral (HKLM-x32\...\{64F3E6FC-68E3-4062-9C2C-ABD93FDFF309}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{0AD162D1-4973-4315-97E9-5DE9A92B4049}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{12C50688-5919-4A7A-8784-B26A7238FCEE}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{400E7885-8851-43F1-849C-5A720CB4F001}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
IDM Crack 6.25 build 25 (HKLM-x32\...\IDM Crack 6.25 build 25) (Version: 5.40 - Crackingpatching.com Team)
IIS 10.0 Express (HKLM\...\{0148E8AA-4A50-4673-B532-DB9F30F804BE}) (Version: 10.0.1737 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iniLINE CrossEX Service (HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\iniLINE_CrossEX) (Version: 1.0.2.2 - iniLINE Co., Ltd.)
INISafe SFilter v7.2 (HKLM-x32\...\UnINISafeWeb7) (Version: 7.2.0.17 - ©INITECH)
Intellisense Lang Pack Mobile Extension SDK 10.0.10586.0 (HKLM-x32\...\{AEFFC56C-3A4B-4A40-BF77-4DC2496A4781}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{51783942-DFB0-4452-97CC-BDF2D4AB3A48}) (Version: 15.0.24.0 - Microsoft Corporation) Hidden
IPinside LWS Agent (HKLM-x32\...\IPinside LWS Agent) (Version: 3.0.0.3 - interezen)
KeyFreeze (HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\266e56dfe0bcee5a) (Version: 1.0.0.1 - KeyFreeze)
KeySharp CertRelay (HKLM-x32\...\KeySharp CertRelay) (Version: 2.1.0.7 - RaonSecure Co., Ltd.)
Kits Configuration Installer (HKLM-x32\...\{EBC73D1A-BF2B-38E0-4E8E-77511F951ABC}) (Version: 10.1.10586.212 - Microsoft) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8431.2107 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30640.0 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{5CB4DD27-6252-4C08-BFCF-22F6A110CBFA}) (Version: 10.0.1972 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 387.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 387.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Plex Media Server (HKLM-x32\...\{ad322503-dec9-4da1-99ea-e40a34fef4d2}) (Version: 1.9.1.4272 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{E7C337D0-BCAF-4F4E-918B-D5B1D1B54BB1}) (Version: 1.9.4272 - Plex, Inc.) Hidden
Python 2.7.13 (64-bit) (HKLM\...\{4A656C6C-D24A-473F-9747-3A8D00907A04}) (Version: 2.7.13150 - Python Software Foundation)
Python 3.5.0 (64-bit) (HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.0 Add to Path (64-bit) (HKLM\...\{810503AC-4E50-4A21-BD5A-BFA973480B35}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Core Interpreter (64-bit) (HKLM\...\{9D059C5B-80A5-46AA-BC8A-FD41E89D0A49}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Development Libraries (64-bit) (HKLM\...\{6EA6724A-71C6-43EE-BE9F-80E3C0DC8A4F}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Documentation (64-bit) (HKLM\...\{3B016F3B-917E-477F-920A-BBBA12E09F8B}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Executables (64-bit) (HKLM\...\{9C67D7CC-26D3-4535-9D0A-F4591AD9B11F}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Launcher (32-bit) (HKLM-x32\...\{A095BD6B-4F39-46A4-9AA1-8F7296492974}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 pip Bootstrap (64-bit) (HKLM\...\{6ADAF31E-EEE6-4251-BE5A-EFD7868D3930}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Standard Library (64-bit) (HKLM\...\{5741118B-D61A-4F27-BB80-0CAED22FE20B}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Tcl/Tk Support (64-bit) (HKLM\...\{47483182-8783-45CB-9120-77FDB241E2FF}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Test Suite (64-bit) (HKLM\...\{B2AB1292-01D1-4972-BF56-43531A2AA3BA}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Utility Scripts (64-bit) (HKLM\...\{2B5129D0-C4C1-4322-8888-D0B6CDA6DCD2}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.6.0 (64-bit) (HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\{37a4e38b-baf7-4500-97f1-0f7c51d9a395}) (Version: 3.6.150.0 - Python Software Foundation)
Python 3.6.0 Core Interpreter (64-bit symbols) (HKLM\...\{DFAA81ED-540F-47B5-9113-814CC427CFD8}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Core Interpreter (64-bit) (HKLM\...\{1944B5D6-0FFB-47C0-BFEC-5C7A2F013FA7}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Development Libraries (64-bit) (HKLM\...\{A6A3184B-748E-46F4-9E28-6B5889506170}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Documentation (64-bit) (HKLM\...\{5D83032F-36B5-42E4-A114-D310119C6F51}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (64-bit symbols) (HKLM\...\{4A928E09-6798-46AB-A4F7-1B52CD164B3B}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (64-bit) (HKLM\...\{C0016766-8F63-4992-9E6F-ECFB2CB12BA6}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 pip Bootstrap (64-bit) (HKLM\...\{F9C1C892-4908-41F4-900C-7B0DAAF2387B}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (64-bit symbols) (HKLM\...\{90676013-5216-48EE-AC8D-07AC0C16DA50}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (64-bit) (HKLM\...\{F3CB2257-C4C7-4C84-AF63-BADCED1E3273}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (64-bit symbols) (HKLM\...\{96C2F083-44B8-4388-B2A5-F48B75A25188}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (64-bit) (HKLM\...\{E24AA157-AD52-42ED-B484-CA5979D4A728}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (64-bit symbols) (HKLM\...\{CFF9C3A7-86C3-410B-9DD1-F1617767D2D6}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (64-bit) (HKLM\...\{631C7E77-5832-40D1-9D6D-7B3766D79BDF}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Utility Scripts (64-bit) (HKLM\...\{FE905DA4-0F23-4F99-9284-50BB4913CEB4}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.2 (32-bit) (HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\{8388fa07-1617-4b8d-8ad8-6a940ad8052c}) (Version: 3.6.2150.0 - Python Software Foundation)
Python 3.6.2 Add to Path (32-bit) (HKLM-x32\...\{5FEE3F00-F984-49A6-880C-CDEB3A9DC308}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Core Interpreter (32-bit) (HKLM-x32\...\{4542573C-6216-4584-BA90-72BAF7954404}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Development Libraries (32-bit) (HKLM-x32\...\{69E3E4A6-2A0F-4A32-9C2D-591EEC107289}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Documentation (32-bit) (HKLM-x32\...\{796410A7-1669-4FE4-8332-F684B61269E2}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Executables (32-bit) (HKLM-x32\...\{348C0EFF-60B1-4E68-88B8-33D7DF70DFCF}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 pip Bootstrap (32-bit) (HKLM-x32\...\{6B2D61BA-C42D-4324-B23F-1D7B5A2808EF}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Standard Library (32-bit) (HKLM-x32\...\{79B4337D-166F-4BC0-B67A-F73806CC730E}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{DF24AFFD-23AB-4A7D-A0E0-6410CE3B6B9D}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Test Suite (32-bit) (HKLM-x32\...\{433FD2E2-839C-4211-88B7-45C90F738842}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Utility Scripts (32-bit) (HKLM-x32\...\{9B79DE7E-E864-4758-8DFC-85DA43B19671}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{2636F1E4-2BC5-4B19-BFFD-A08F72598309}) (Version: 3.6.6032.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8158 - Realtek Semiconductor Corp.)
Secure KeyStroke 4.0 (HKLM-x32\...\SoftcampSCSK) (Version: - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{71C5FF5A-EF44-49E8-B11E-1158E7A8C182}) (Version: 1.9.4272 - Plex, Inc.) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
TouchEn nxKey with E2E for 32bit (HKLM-x32\...\TouchEn nxKey) (Version: 1.0.0.45 - RaonSecure Co., Ltd.)
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
TypeScript Power Tool (HKLM-x32\...\{F0B4CA92-9642-4BE6-8449-A786AD4FA628}) (Version: 2.2.3.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{315BBDA9-CE84-D465-59F8-B9C765D953AC}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{F4E7226B-6A1C-F4D6-1109-6E1CD5B3E633}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{2268A04F-5702-C969-FA06-D4EF52E5C8DA}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{463CE323-9AD6-9DD4-24C8-649032E5CF09}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{162CBC73-EDF0-EBB8-2782-F7ABF9CE5B76}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{AF5B9C51-F99A-59CC-70F5-214E9B535EE3}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{93FDC294-0726-48EA-989D-50E89C67ABF0}) (Version: 14.10.25008 - Microsoft Corporation) Hidden
Veraport20(Security module management) G3 - 3,7,0,1 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 3,7,0,1 - Wizvera)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{D8A4EA2B-1A97-45A5-BF96-7493183F8524}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{3B64C68E-14E0-4214-A53D-502E9FBD32E7}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{9E1EF6F7-ED70-4BD8-A1AE-83C5DEF0DA91}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{B9F4AA09-F4AC-4108-ADA0-27CDD45FCEC3}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{AEF5E0F2-31D1-454A-A992-C523C0007B4D}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{DE8B48BF-82B9-434A-B254-1EA2306E5FBA}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{1210EE60-E253-407D-B537-D36898049CF0}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{F3217611-B414-4A3A-81BF-6A3A4DB7E743}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{D4DCEC6A-BC59-43D5-866A-AB057E64F73F}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{A8B77523-13AB-46B9-B54F-5483E09668F9}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{D396CF10-5F2B-417D-9571-0B669B99440E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{A32A9CF6-E7AA-48B8-A3D3-50C157E69F53}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinAppDeploy (HKLM-x32\...\{78FFF2DE-FA9A-2A05-374D-D8B8B16A79A3}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows SDK AddOn (HKLM-x32\...\{75C39BA6-1D02-4BEA-844F-0EA6C4B7FA1B}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{5344751D-65BA-1995-1643-880B753C4F96}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{81EC5D95-C75A-327E-C42F-6EEFD36FCFF9}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{41616D0E-0BDB-664F-F982-48D730E339FF}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{DF6D11AE-A3BA-3316-C2F7-0F56BA5FDE90}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{FA7B691F-37D3-F76F-3AEC-78A7685E83DC}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{1A6370BB-F59E-80A9-C508-EFED1C29BF1A}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{0148377B-95A0-E3CD-CA6E-D5CA11E7DB7D}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0072A9DC-6895-BACD-6F7D-600FC7B15A1B}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (HKLM-x32\...\{74B9E6F9-1793-4E90-22A1-A42254D04453}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (HKLM-x32\...\{1EE3550B-B5FB-B866-C153-1C609FBC1E89}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WIZVERA Process Manager 1,0,2,7 (HKLM-x32\...\{8941A397-4065-4F41-92CE-0EB610846EED}_is1) (Version: 1,0,2,7 - WIZVERA)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-410821179-523750949-3718088204-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Adiga\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-410821179-523750949-3718088204-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Adiga\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-410821179-523750949-3718088204-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Adiga\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-28] ()
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => E:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => E:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-06] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => E:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {096512E0-1806-4490-9869-19E5E16A04FE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {21202E8A-171B-4693-B64C-251A19DC6BA0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-28] (Google Inc.)
Task: {38C2BD96-8241-4F78-B634-DA71311D5892} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-04] (Microsoft Corporation)
Task: {4BEB6136-1C39-4A73-B719-A39C6DBC202A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-28] (Google Inc.)
Task: {4E85D5BA-670B-430E-A2BF-B1E38AB39529} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {6AECCCC2-6C42-457E-958C-E6C20C427035} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {6F8A8D71-70CE-4CC0-B276-1DF0D26FB553} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {77532283-3F3E-4ED0-898B-19A47DF4CFA1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {AC412A3D-6384-4CEA-816B-EA893EBDC1CB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {B92239BF-6A67-4B06-BAEA-7ACBCCCD7F6C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-10-13] (Microsoft Corporation)
Task: {B93624CF-B45F-49B5-9828-C2F2F3B6D999} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {BED971FF-22EE-49EF-94DE-CE1C20C6E7EB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {C25DAC22-CA6C-49BA-B70D-A62EFCADF6BB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-10-13] (Microsoft Corporation)
Task: {CF54860B-D3A7-4852-8753-ED2F08601C86} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {D48FDD7D-C3DF-4AB5-9E87-E52A69BA2E72} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-04] (Microsoft Corporation)
Task: {DB0377C9-9E57-4F9B-A7F0-5D2E88317B7D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {EFEA1222-CE01-4F22-BF93-062974B90693} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-06-28 16:52 - 2017-10-10 20:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-06-28 12:39 - 2017-10-06 06:44 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-08-22 21:19 - 2017-09-28 17:16 - 008929480 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-08-28 19:43 - 2017-08-28 19:43 - 000230064 _____ () E:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-25 14:35 - 2017-09-21 02:29 - 002692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\swiftshader\libglesv2.dll
2017-09-25 14:35 - 2017-09-21 02:29 - 000138584 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\swiftshader\libegl.dll
2017-09-19 08:44 - 2017-09-19 08:44 - 000083432 _____ () G:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-09-19 08:43 - 2017-09-19 08:43 - 000203240 _____ () G:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-06-28 16:52 - 2017-10-10 20:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-06-28 16:52 - 2017-10-10 20:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-05-26 16:27 - 2017-05-26 16:27 - 000199680 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2017-05-26 16:25 - 2017-05-26 16:25 - 000044544 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2017-05-26 16:37 - 2017-05-26 16:37 - 000086528 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairAudioDevice.dll
2017-05-26 16:25 - 2017-05-26 16:25 - 000097280 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2016-12-01 13:28 - 2016-12-01 13:28 - 001983488 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
2016-12-01 13:28 - 2016-12-01 13:28 - 000013824 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2017-03-18 16:01 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-410821179-523750949-3718088204-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Adiga\Pictures\wormhole-2.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "ipinside-lws"
HKLM\...\StartupApproved\Run32: => "wizvera-delfino-pc"
HKLM\...\StartupApproved\Run32: => "wizvera-veraport"
HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\StartupApproved\Run: => "7QYXpsfQKu.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4FF3C75B-AD1A-41F6-A4D0-121830C2A604}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{49DA185B-737F-4B5B-AF82-A3AE50ED68A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{10C4F52E-B803-4168-A2F5-EEFA3BD718D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{AECEB5B6-FAF0-466C-82B5-B7D660CEB275}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{CA1F469E-2303-429D-97CA-CFB6B98FD65E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{CA7540BF-8216-4C91-9FDF-7C80BAED3EA1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{24C7BD99-676A-4733-B7A0-E42C6E9821FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{38DBDC6E-29CC-4BE7-ABC8-13830A9477CB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4D0840F4-D33B-4CF6-B748-48F9A61D7528}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{BDD1ECFF-2781-4457-A8DE-0D94DD719B51}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{E8E6894E-E5F2-4BCF-A1FE-664C7ED9F986}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{9726CE86-D65A-4CF7-9AFA-113DEFA43D27}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{B5404012-8EA4-4BAC-97FC-B494E50EF916}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{DD61AF49-7E58-499D-8628-003A62542FDF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{90178112-188A-46DB-B892-06BBB1C80162}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{921DE8E8-A687-442C-BCE8-316A1DF83983}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{33FC4ED8-6BFD-4F01-9D25-1D664764D89C}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{B4A59EBE-16CE-4876-B6E3-2F494016EC47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{20AFBBE5-4D9A-443D-A82C-AE8D344F5E28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{A41E11EA-353E-4729-963A-1E45D78D102D}G:\games\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) G:\games\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{5820FD87-AF99-46B9-A2DF-AB54154170A0}G:\games\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) G:\games\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{E695B924-1F5A-4F69-9E42-119034B0D8A5}] => (Allow) G:\Games\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{BCD7729A-8DA9-48BC-A7AB-997F4A7D6542}] => (Allow) G:\Games\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{3344F1BD-F297-4DE3-9C21-C1C159BBD237}] => (Allow) C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe
FirewallRules: [{B2B7DA0B-A7DF-46B8-BCA2-3ED5DBA1FB8F}] => (Allow) C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe
FirewallRules: [{ED091FF7-B67E-4305-8F6E-1948CC015763}] => (Allow) C:\Program Files (x86)\Wizvera\Delfino-G3\delfino.exe
FirewallRules: [{2159209B-4DEF-484E-8CAA-6CA111E2DD15}] => (Allow) C:\Program Files (x86)\Wizvera\Delfino-G3\delfino.exe
FirewallRules: [{0A84E117-F131-40ED-B390-766F10F56DE3}] => (Allow) C:\Program Files (x86)\IPinside_LWS\I3GProc.exe
FirewallRules: [{F6AA4AB2-A3F0-4319-9EAB-9CEA798093A4}] => (Allow) G:\Games\steamapps\common\Jotun\Jotun.exe
FirewallRules: [{1A590EEF-9E30-460B-8B8E-856292F8C36B}] => (Allow) G:\Games\steamapps\common\Jotun\Jotun.exe
FirewallRules: [{0F19DF5D-4EF1-4A61-BB70-D3103B6B6009}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0CE5EA62-F728-44AA-9740-B3D09238A428}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D92E668C-5AB0-4720-8483-05BC5C75F7B7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0AD7E82C-38B9-4FBF-9CFB-C7944DB4CF33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{01C967F3-93A8-4F68-AE29-A917ACD2B792}] => (Allow) G:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{21B84864-EC91-4B30-88B9-8E7E5C590D50}] => (Allow) C:\Program Files\KMS\Windows KMS Activator Ultimate 2017 v3.4.exe
FirewallRules: [{45995CD0-9EC9-48FA-A437-B43F0F5C58C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2C83F288-1B87-47B0-BA9A-E5D568051ED4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{4563C116-ABDA-470F-82BD-2573712CC5C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{406AD9A5-3C39-4BB4-9C7C-9C673FF55EA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{1B500B0C-8FF9-44A6-AD1F-3617DD4AEBBE}G:\program files (x86)\deluge\deluge.exe] => (Allow) G:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{B4EAD24A-B7D0-4A4E-8FE4-D3A803436455}G:\program files (x86)\deluge\deluge.exe] => (Allow) G:\program files (x86)\deluge\deluge.exe
FirewallRules: [{A7EB81BC-B8C1-4B15-978C-A03D9A3EB061}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{F1DD1189-6501-4CAF-9DC0-DC605905BC68}E:\program files\openshot video editor\launch.exe] => (Allow) E:\program files\openshot video editor\launch.exe
FirewallRules: [UDP Query User{C372084A-260F-4249-A5B1-F3FA12D58E54}E:\program files\openshot video editor\launch.exe] => (Allow) E:\program files\openshot video editor\launch.exe
FirewallRules: [{15DC96B0-5019-4DBD-9FAE-D26462BF224F}] => (Allow) C:\Users\Adiga\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{EA8D4F10-DB61-4B24-9B67-0E6AA7B73968}] => (Allow) C:\Users\Adiga\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [TCP Query User{DE77E9A6-2C1C-4C40-99BD-646C978047E7}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{7D032795-3CC4-48AB-AE18-E040BE550776}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{CD61A074-BCFE-4D9D-8041-E8643E67095E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{B0EC1B1C-EC61-4D30-BD7E-AAE9628FCECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{4A89B38D-36BC-4122-AA53-EAA9101A11CE}E:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) E:\program files (x86)\plex\plex media server\plex media server.exe
FirewallRules: [TCP Query User{B4020324-CC82-4C56-AADB-D60506C1F09D}E:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) E:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [UDP Query User{5B326B71-E687-4F92-9273-C1C292DEEAAA}E:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) E:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [{CC001115-6C59-47FE-9174-DC6F58362499}] => (Allow) G:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{25F25661-BDB4-4BA3-A8CD-679C67085758}] => (Allow) G:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{09808114-A230-4C39-B734-3D151A6007CA}] => (Allow) G:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{7C56CB50-1495-46FA-A5C1-DEE7A2CD5EAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{008AFFB6-3BC6-4889-93CA-77B516A1514B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

==================== Restore Points =========================

12-10-2017 20:59:18 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2017 08:26:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (10/17/2017 08:25:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=6

Error: (10/16/2017 11:53:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm\signtool.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2017 11:53:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\signtool.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2017 11:53:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\oleview.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2017 11:53:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\filetypeverifier.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2017 11:53:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio\Shared\14.0\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2017 11:52:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\14.0\Debugger\target\armv4i\vsgraphicsremoteengine.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2017 07:55:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Battle.net.exe version 1.9.0.9397 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1e80

Start Time: 01d346e1be24c423

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Blizzard App\Battle.net.9397\Battle.net.exe

Report Id: ad5fd726-2fad-442b-b2f9-c8ec0ff032c5

Faulting package full name:

Faulting package-relative application ID:

Error: (10/16/2017 07:54:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm\signtool.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (10/17/2017 12:41:49 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8DJCF1C)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/15/2017 06:32:17 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8DJCF1C)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2017 11:37:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/13/2017 11:37:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (10/12/2017 11:55:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (10/12/2017 11:54:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8DJCF1C)
Description: The server Microsoft.Windows.ShellExperienceHost_10.0.15063.674_neutral_neutral_cw5n1h2txyewy!App did not register with DCOM within the required timeout.

Error: (10/12/2017 11:54:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/12/2017 11:54:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WIZVERA Process Manager Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/12/2017 11:54:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (10/12/2017 11:54:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2017-10-11 22:32:08.036
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-11 22:31:30.626
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-11 22:31:24.279
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-11 22:31:23.381
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-11 22:31:23.190
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-11 22:31:23.086
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-11 22:13:02.196
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-11 22:13:02.026
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-11 22:13:01.935
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-11 21:56:15.466
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-7600K CPU @ 3.80GHz
Percentage of memory in use: 18%
Total physical RAM: 16317.37 MB
Available physical RAM: 13325.32 MB
Total Virtual: 18749.37 MB
Available Virtual: 15528.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.4 GB) (Free:33.48 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Local Disk) (Fixed) (Total:931.51 GB) (Free:574.05 GB) NTFS
Drive f: () (Fixed) (Total:74.46 GB) (Free:38.61 GB) NTFS
Drive g: () (Fixed) (Total:119.14 GB) (Free:48.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: FCEBB53B)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: E4DCADE1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F7F35805)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 02CBA9A7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 17 October 2017 - 09:30 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 17 October 2017 - 10:08 PM

Greetings Abdullah. My pleasure to work on this with you.

I will be logging off shortly but will check for a reply in the morning if you are able to complete the below.

Please uninstall any and all programs for which a valid license key is required and you don't have one (cracked/illegal). Once that is complete, please do this.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 ShadowBorne

ShadowBorne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 19 October 2017 - 12:12 AM

Sorry for late reply Gary, here is the CKScanner report
 
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\git\usr\bin\ssh-keygen.exe
c:\program files (x86)\steam\steamapps\sourcemods\counter-strike global offensive\csgo\materials\sprites\store\trails\crackedbeam.vmt
c:\program files (x86)\steam\steamapps\sourcemods\counter-strike global offensive\csgo\materials\sprites\store\trails\crackedbeam.vtf
scanner sequence 3.AB.11.RRNABZ
 ----- EOF ----- 


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 19 October 2017 - 08:26 AM

Greetings Abdullah.

Thank you for your understanding.

Do you know anything about this entry?

CHR Profile: C:\Users\Adiga\AppData\Local\Google\Chrome\User Data\Default.old

Let's start with this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
FF HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Adiga\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Plugin HKU\S-1-5-21-410821179-523750949-3718088204-1001: @acestream.net/acestreamplugin,version=3.1.16.2.1 -> C:\Users\Adiga\AppData\Roaming\ACEStream\player\npace_plugin.dll
2017-10-11 16:03 - 2017-10-12 23:55 - 002843648 _____ (TOSHIBA CORPORATION) C:\Windows\system32\dtnvplgsvc.exe
2017-10-11 16:03 - 2017-10-11 16:13 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\fda52b5198764c6eb2f68a67d035bf45
2017-10-11 16:03 - 2017-10-11 16:03 - 000000000 ____D C:\Windows\SysWOW64\simurzg
2017-10-11 16:03 - 2017-10-11 16:03 - 000000000 ____D C:\Windows\system32\simurzg
2017-10-11 16:03 - 2017-10-11 16:03 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\et
2017-10-11 16:29 - 2017-10-17 00:35 - 000000000 ____D C:\Users\Adiga\AppData\Local\sirgwhk
2017-10-11 16:29 - 2017-10-15 22:47 - 000000000 ____D C:\Users\Adiga\AppData\Local\vsockxt
2017-10-10 13:40 - 2017-10-10 13:40 - 000448000 _____ C:\Windows\0b4e6587ce71a1d2ea123723cd18f7b1.exe
2017-10-10 13:40 - 2017-10-10 13:40 - 000088008 _____ (K04A2F) C:\Windows\system32\Drivers\70ca78226b1aced45c7530c58f747b36.sys
2017-10-10 13:40 - 2017-10-10 13:40 - 000051615 _____ C:\Windows\uninstaller.dat
2017-10-14 00:31 - 2017-08-13 10:08 - 303969226 _____ C:\Users\Adiga\Downloads\All Activation Windows 7-8-10 v12.0 (Windows & Office Activator) [SadeemPC].zip
2017-10-11 16:03 - 2017-10-11 16:03 - 000032768 _____ (Sc00bz) C:\Users\Adiga\AppData\Local\Temp\capi.exe
2017-10-11 16:03 - 2017-10-11 16:03 - 001792071 _____ () C:\Users\Adiga\AppData\Local\Temp\pi.exe
2017-10-13 00:29 - 2017-10-13 00:29 - 000192512 _____ () C:\Users\Adiga\AppData\Local\Temp\sfamcc00001.dll
2017-10-11 16:03 - 2017-10-11 16:06 - 000101910 _____ ( ) C:\Users\Adiga\AppData\Local\Temp\shutdowntime.exe
2017-10-11 16:03 - 2017-10-11 16:03 - 001199825 _____ () C:\Users\Adiga\AppData\Local\Temp\unins000.exe
CustomCLSID: HKU\S-1-5-21-410821179-523750949-3718088204-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Adiga\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll
CustomCLSID: HKU\S-1-5-21-410821179-523750949-3718088204-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Adiga\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll
CustomCLSID: HKU\S-1-5-21-410821179-523750949-3718088204-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Adiga\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll
Virustotal: C:\Users\Adiga\Desktop\merh.exe
Virustotal: C:\Users\Adiga\AppData\LocalLow\.delfino.conf
File: C:\Program Files (x86)\Blizzard App\Battle.net.9397\Battle.net.exe
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search: box
SearchAll: 7QYXpsfQKu.exe
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

RogueKiller Anti-Malware

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Malwarebytes Anti-Rootkit - Scan Only

--------------------
  • Download Malwarebytes Anti-Rootkit and save it to your desktop
  • Right click on the mbar icon then select Run as administrator
  • Click OK to install it on your desktop
  • Click Next, then Update Database
  • When completed click Next
  • On the Scan System: screen place checkmarks in the Drivers, Sectors, and System boxes (should be checked by default) then click Scan. Please be patient and allow the process to complete
  • Click the Exit button not Cleanup then click Yes on the warning screen
  • A system-log.txt report will be created in the mbar folder on your Desktop, please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Search log
  • RogueKiller log
  • MBAR report
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 22 October 2017 - 12:22 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 ShadowBorne

ShadowBorne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 22 October 2017 - 02:48 PM

Hey Gary I am so sorry I never got a notification of your reply. I just finished all the steps you mentioned. I am so very sorry I didn't think to check on this earlier. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-10-2017
Ran by Adiga (22-10-2017 14:37:23) Run:1
Running from C:\Users\Adiga\Desktop\clean
Loaded Profiles: Adiga (Available Profiles: Adiga)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
FF HKU\S-1-5-21-410821179-523750949-3718088204-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Adiga\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Plugin HKU\S-1-5-21-410821179-523750949-3718088204-1001: @acestream.net/acestreamplugin,version=3.1.16.2.1 -> C:\Users\Adiga\AppData\Roaming\ACEStream\player\npace_plugin.dll
2017-10-11 16:03 - 2017-10-12 23:55 - 002843648 _____ (TOSHIBA CORPORATION) C:\Windows\system32\dtnvplgsvc.exe
2017-10-11 16:03 - 2017-10-11 16:13 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\fda52b5198764c6eb2f68a67d035bf45
2017-10-11 16:03 - 2017-10-11 16:03 - 000000000 ____D C:\Windows\SysWOW64\simurzg
2017-10-11 16:03 - 2017-10-11 16:03 - 000000000 ____D C:\Windows\system32\simurzg
2017-10-11 16:03 - 2017-10-11 16:03 - 000000000 ____D C:\Users\Adiga\AppData\Roaming\et
2017-10-11 16:29 - 2017-10-17 00:35 - 000000000 ____D C:\Users\Adiga\AppData\Local\sirgwhk
2017-10-11 16:29 - 2017-10-15 22:47 - 000000000 ____D C:\Users\Adiga\AppData\Local\vsockxt
2017-10-10 13:40 - 2017-10-10 13:40 - 000448000 _____ C:\Windows\0b4e6587ce71a1d2ea123723cd18f7b1.exe
2017-10-10 13:40 - 2017-10-10 13:40 - 000088008 _____ (K04A2F) C:\Windows\system32\Drivers\70ca78226b1aced45c7530c58f747b36.sys
2017-10-10 13:40 - 2017-10-10 13:40 - 000051615 _____ C:\Windows\uninstaller.dat
2017-10-14 00:31 - 2017-08-13 10:08 - 303969226 _____ C:\Users\Adiga\Downloads\All Activation Windows 7-8-10 v12.0 (Windows & Office Activator) [SadeemPC].zip
2017-10-11 16:03 - 2017-10-11 16:03 - 000032768 _____ (Sc00bz) C:\Users\Adiga\AppData\Local\Temp\capi.exe
2017-10-11 16:03 - 2017-10-11 16:03 - 001792071 _____ () C:\Users\Adiga\AppData\Local\Temp\pi.exe
2017-10-13 00:29 - 2017-10-13 00:29 - 000192512 _____ () C:\Users\Adiga\AppData\Local\Temp\sfamcc00001.dll
2017-10-11 16:03 - 2017-10-11 16:06 - 000101910 _____ ( ) C:\Users\Adiga\AppData\Local\Temp\shutdowntime.exe
2017-10-11 16:03 - 2017-10-11 16:03 - 001199825 _____ () C:\Users\Adiga\AppData\Local\Temp\unins000.exe
CustomCLSID: HKU\S-1-5-21-410821179-523750949-3718088204-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Adiga\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll
CustomCLSID: HKU\S-1-5-21-410821179-523750949-3718088204-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Adiga\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll
CustomCLSID: HKU\S-1-5-21-410821179-523750949-3718088204-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Adiga\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll
Virustotal: C:\Users\Adiga\Desktop\merh.exe
Virustotal: C:\Users\Adiga\AppData\LocalLow\.delfino.conf
File: C:\Program Files (x86)\Blizzard App\Battle.net.9397\Battle.net.exe
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-410821179-523750949-3718088204-1001\Software\Mozilla\Firefox\Extensions\\acewebextension_unlisted@acestream.org => value removed successfully
HKU\S-1-5-21-410821179-523750949-3718088204-1001\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.16.2.1 => key removed successfully
FF Plugin HKU\S-1-5-21-410821179-523750949-3718088204-1001: @acestream.net/acestreamplugin,version=3.1.16.2.1 -> C:\Users\Adiga\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
C:\Windows\system32\dtnvplgsvc.exe => moved successfully
C:\Users\Adiga\AppData\Roaming\fda52b5198764c6eb2f68a67d035bf45 => moved successfully
C:\Windows\SysWOW64\simurzg => moved successfully
 
"C:\Windows\system32\simurzg" folder move:
 
Could not move "C:\Windows\system32\simurzg" => Scheduled to move on reboot.
 
C:\Users\Adiga\AppData\Roaming\et => moved successfully
 
"C:\Users\Adiga\AppData\Local\sirgwhk" folder move:
 
Could not move "C:\Users\Adiga\AppData\Local\sirgwhk" => Scheduled to move on reboot.
 
 
"C:\Users\Adiga\AppData\Local\vsockxt" folder move:
 
Could not move "C:\Users\Adiga\AppData\Local\vsockxt" => Scheduled to move on reboot.
 
C:\Windows\0b4e6587ce71a1d2ea123723cd18f7b1.exe => moved successfully
C:\Windows\system32\Drivers\70ca78226b1aced45c7530c58f747b36.sys => moved successfully
C:\Windows\uninstaller.dat => moved successfully
C:\Users\Adiga\Downloads\All Activation Windows 7-8-10 v12.0 (Windows & Office Activator) [SadeemPC].zip => moved successfully
C:\Users\Adiga\AppData\Local\Temp\capi.exe => moved successfully
C:\Users\Adiga\AppData\Local\Temp\pi.exe => moved successfully
C:\Users\Adiga\AppData\Local\Temp\sfamcc00001.dll => moved successfully
C:\Users\Adiga\AppData\Local\Temp\shutdowntime.exe => moved successfully
C:\Users\Adiga\AppData\Local\Temp\unins000.exe => moved successfully
HKU\S-1-5-21-410821179-523750949-3718088204-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-410821179-523750949-3718088204-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-410821179-523750949-3718088204-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully
VirusTotal: C:\Users\Adiga\Desktop\merh.exe => not found
 
========================= File: C:\Program Files (x86)\Blizzard App\Battle.net.9397\Battle.net.exe ========================
 
C:\Program Files (x86)\Blizzard App\Battle.net.9397\Battle.net.exe
File is digitally signed
MD5: A6096D2BA27ED953C482F2D67065EDD2
Creation and modification date: 2017-09-22 19:29 - 2017-09-22 19:29
Size: 016925160
Attributes: ----A
Company Name: Blizzard Entertainment
Internal Name: Blizzard App
Original Name: Battle.net.exe
Product: Blizzard App
Description: Blizzard App
File Version: 1.9.0.9397
Product Version: 1.9.0.9397
Copyright: © 2012-2017 Blizzard Entertainment Inc.
 
====== End of File: ======
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-10-2017 14:39:35)
 
"C:\Windows\system32\simurzg" => Could not move
"C:\Users\Adiga\AppData\Local\sirgwhk" => Could not move
"C:\Users\Adiga\AppData\Local\vsockxt" => Could not move
 
==== End of Fixlog 14:39:41 ====
 
Rogue Killer - would not install, tried administrator and normal double click. When I run as admin, nothing happens at all. its as if i clicked nothing. when i double click, open up the run security warning, I click run and then the small blue wheel appears for two seconds then disappears with nothing happening. Moments after doing this. I get Windows Notifications saying anti virus is turned off or out of date and it will not allow me to turn on windows defender. "Your PC isn't being monitored because the app's service stopped. You should restart it now."
 
 
Malwarebytes Anti-Rootkit -  same as Rogue Killer, blue circle (as if it's loading) then nothing appearing after.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 22 October 2017 - 03:30 PM

Hi Abdullah.

No problem, that happens on occasion. Very rarely do I not reply within 24 hours, most times a lot sooner.

Please do this.

===================================================

GrantPerms by Farbar

--------------------
  • Download GrantPerms for 64 bit systems and save it to your desktop
  • Unzip the file and launch the program
  • Copy and paste the following in the edit box:

C:\Windows\system32\simurzg
C:\Users\Adiga\AppData\Local\sirgwhk
C:\Users\Adiga\AppData\Local\vsockxt

  • Click Unlock. When it is done click OK
  • Click List Permissions and copy/paste the results of the Perms.txt document in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
C:\Windows\system32\simurzg
C:\Users\Adiga\AppData\Local\sirgwhk
C:\Users\Adiga\AppData\Local\vsockxt
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Perms.txt
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 ShadowBorne

ShadowBorne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 22 October 2017 - 11:04 PM

Hey Gary, did the scans but I think same results again. 
 
GrantPerms by Farbar 
Ran by Adiga (administrator) at 2017-10-22 22:51:51
 
===============================================
\\?\C:\Windows\system32\simurzg
 
   Owner: BUILTIN\Administrators
 
   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (CI)(OI)
 
 
\\?\C:\Users\Adiga\AppData\Local\sirgwhk
 
   Owner: BUILTIN\Administrators
 
   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (CI)(OI)
 
 
\\?\C:\Users\Adiga\AppData\Local\vsockxt
 
   Owner: BUILTIN\Administrators
 
   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (CI)(OI)
 
 
 
================ End Of List ================
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-10-2017
Ran by Adiga (22-10-2017 22:57:13) Run:3
Running from C:\Users\Adiga\Desktop\clean
Loaded Profiles: Adiga (Available Profiles: Adiga)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Windows\system32\simurzg
C:\Users\Adiga\AppData\Local\sirgwhk
C:\Users\Adiga\AppData\Local\vsockxt
 
*****************
 
 
"C:\Windows\system32\simurzg" folder move:
 
Could not move "C:\Windows\system32\simurzg" => Scheduled to move on reboot.
 
 
"C:\Users\Adiga\AppData\Local\sirgwhk" folder move:
 
Could not move "C:\Users\Adiga\AppData\Local\sirgwhk" => Scheduled to move on reboot.
 
 
"C:\Users\Adiga\AppData\Local\vsockxt" folder move:
 
Could not move "C:\Users\Adiga\AppData\Local\vsockxt" => Scheduled to move on reboot.
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-10-2017 23:01:05)
 
"C:\Windows\system32\simurzg" => Could not move
"C:\Users\Adiga\AppData\Local\sirgwhk" => Could not move
"C:\Users\Adiga\AppData\Local\vsockxt" => Could not move
 
==== End of Fixlog 23:01:15 ====


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 23 October 2017 - 08:43 AM

Please boot into Safe Mode and run the FRST fixlist steps again. Post the results.


Edited by Oh My!, 23 October 2017 - 08:43 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 ShadowBorne

ShadowBorne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 23 October 2017 - 10:21 PM

Hey Gary, this is the result in Safe Mode,
 
 
PERMS
 
 
GrantPerms by Farbar 
Ran by Adiga (administrator) at 2017-10-23 22:17:39
 
===============================================
\\?\C:\Windows\system32\simurzg
 
   Owner: BUILTIN\Administrators
 
   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (CI)(OI)
 
 
\\?\C:\Users\Adiga\AppData\Local\sirgwhk
 
   Owner: BUILTIN\Administrators
 
   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (CI)(OI)
 
 
\\?\C:\Users\Adiga\AppData\Local\vsockxt
 
   Owner: BUILTIN\Administrators
 
   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (CI)(OI)
 
 
 
================ End Of List ================
 
 
FIXLOG
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 23-10-2017 01
Ran by Adiga (23-10-2017 22:18:53) Run:5
Running from C:\Users\Adiga\Desktop\clean
Loaded Profiles: Adiga &  (Available Profiles: Adiga)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
C:\Windows\system32\simurzg
C:\Users\Adiga\AppData\Local\sirgwhk
C:\Users\Adiga\AppData\Local\vsockxt
 
*****************
 
 
"C:\Windows\system32\simurzg" folder move:
 
Could not move "C:\Windows\system32\simurzg" => Scheduled to move on reboot.
 
 
"C:\Users\Adiga\AppData\Local\sirgwhk" folder move:
 
Could not move "C:\Users\Adiga\AppData\Local\sirgwhk" => Scheduled to move on reboot.
 
 
"C:\Users\Adiga\AppData\Local\vsockxt" folder move:
 
Could not move "C:\Users\Adiga\AppData\Local\vsockxt" => Scheduled to move on reboot.
 
 
Result of scheduled files to move (Boot Mode: Safe Mode (with Networking)) (Date&Time: 23-10-2017 22:20:44)
 
"C:\Windows\system32\simurzg" => Could not move
"C:\Users\Adiga\AppData\Local\sirgwhk" => Could not move
"C:\Users\Adiga\AppData\Local\vsockxt" => Could not move
 
==== End of Fixlog 22:20:51 ====


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 24 October 2017 - 08:24 AM

Thank you for attempting that. I wanted to try the easier way before needing to do it the harder way.

Do you have a Windows Installation or Recovery disk?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 ShadowBorne

ShadowBorne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 24 October 2017 - 04:02 PM

I wish it were that easy too man. Yea I have a recovery disk and a fresh windows 10 CD

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 24 October 2017 - 05:46 PM

Great.

Please do this.

===================================================

Farbar's Recovery Scan Tool Fix in the Recovery Environment

--------------------

For this step you will need a USB flash drive.
  • Press the Windows Key + R at the same time
  • Type notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
C:\Windows\system32\simurzg
C:\Users\Adiga\AppData\Local\sirgwhk
C:\Users\Adiga\AppData\Local\vsockxt
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options
----------

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc
  • Restart your computer
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings
  • Click Repair your computer
  • Select English as the keyboard language settings, and then click Next
  • Select the operating system you want to repair, and then click Next
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • On the left side locate and double click on the drive letter representing your USB drive
  • Change the File type from Text Documents (.txt) to All Files
  • Right click on FRST and select Run as administrator
  • If necessary click Yes to the disclaimer
  • Press Fix button
  • A fixlog.txt file will be saved on the USB drive. Please copy and paste it to your reply.
  • Reboot your computer into Normal Mode and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users