Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Netsupport client application suddenly showed up


  • This topic is locked This topic is locked
14 replies to this topic

#1 FlaminPhoenix

FlaminPhoenix

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 27 October 2017 - 05:16 PM

A friend send me a link in the middle of the night and without thinking I clicked on it and it downloaded. I went into panic mode and did scans and stuff with Malwarebytes and nothing came up. I thought I was fine until I opened my sound manager and NetSupport client application was there. I think I read somewhere that this was bad malware and I have no idea how to remove it. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
Ran by user (administrator) on DESKTOP-1NF4F7C (27-10-2017 16:56:13)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: defaultuser0 & user)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
() C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NetSupport Ltd) C:\Users\user\AppData\Roaming\Support\diskmgr.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\user\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Discord Inc.) C:\Users\user\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\user\AppData\Local\Discord\app-0.0.298\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-05] (Hewlett-Packard )
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [1061104 2017-10-12] (Webroot)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-07-21] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3101984 2017-10-17] (Valve Corporation)
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Run: [Discord] => C:\Users\user\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-10-18] (Nota Inc.)
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Run: [WallpaperEngine] => C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [1268224 2017-07-20] ()
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1451352 2017-09-21] (Google Inc.)
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Run: [Disk Management] => C:\Users\user\AppData\Roaming\Support\diskmgr.exe [30128 2008-10-14] (NetSupport Ltd)
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2017-05-07]
ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-03-20]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ca1a4336-7848-4d42-a1b1-10b1dd5e72a5}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{f0e0e5c2-a764-4f73-a4f8-9bdde5459973}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{faf5a2ff-4418-4c9e-a54a-f1b8a56e10ae}: [DhcpNameServer] 10.0.5.20 10.0.1.2 10.0.1.3 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-26] (Oracle Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-06-22] (Webroot)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-26] (Oracle Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-06-22] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-26] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: jrc1yvl8.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jrc1yvl8.default [2017-10-25]
FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jrc1yvl8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-20]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FF_WEBEX
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FF_WEBEX [2017-06-22]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecurewebextensions@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: (Webroot Filtering Extension - XUL/XPCOM) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2017-06-22]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-26] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-26] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3299568&SearchSource=48&CUI=UN36437543891517930&UM=2&sspv=&UP=SPB5CC86A7-4552-488D-9289-C03D463F1E52","hxxp://search.conduit.com/?ctid=CT3299568&SearchSource=48&CUI=UN36437543891517930&UM=2&sspv=&UP=SPB5CC86A7-4552-488D-9289-C03D463F1E52","hxxp://yahoo.genieo.com/?v=w3i8"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-10-27]
CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-24]
CHR Extension: (From Dust) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2017-03-20]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-20]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-20]
CHR Extension: (Classic Games) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2017-03-20]
CHR Extension: (Steam Inventory Helper) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-10-24]
CHR Extension: (Search by Image (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-03-20]
CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24]
CHR Extension: (Gyazo) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdaeeijbbijklfcpahbghahojgfgebo [2017-08-01]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-20]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-24]
CHR Extension: (Google Play Music) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2017-03-20]
CHR Extension: (Auto Refresh) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2017-10-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-10-26]
CHR Extension: (Webroot Filtering Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2017-08-02]
CHR Extension: (Discord Screen Sharing) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbhdgefieegnkbopmgklhlpjjdgmbog [2017-08-18]
CHR Extension: (Zelda Dark) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lilddpnkkhkcjkdaaglfminjopbijomp [2017-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-20]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-11]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-10-27]
CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-06]
CHR Extension: (FastStunnel VPN Unblack Sites & Proxy Free) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bblcccknbdbplgmdjnnikffefhdlobhp [2017-08-18]
CHR Extension: (Link All) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbplhdcnpcenkdciibplnkgmiffjfnni [2017-04-06]
CHR Extension: (Discord Kiosk) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\beolnaffiilgdnlpggjjmgaobllekdog [2017-04-06]
CHR Extension: (Quizlet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgofflgeghkhocbociocnckocbjmomjh [2017-04-06]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-06]
CHR Extension: (Solitaire) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpebaehgfgkcmmjjknibibbjacnplim [2017-04-06]
CHR Extension: (Chrome Snake) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cbdobfnjgnmlcajcamdfjeofmnecepdl [2017-04-06]
CHR Extension: (Launcher for Steam) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cieeogkfefbpgbdknhcolehnnfflffba [2017-04-06]
CHR Extension: (HP Print for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjanmonomjogheabiocdamfpknlpdehm [2017-08-05]
CHR Extension: (Valve - Theme) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnbcidammgeongfapagnjjoeafpekali [2017-04-06]
CHR Extension: (Search by Image (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-04-06]
CHR Extension: (Netflix) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\deceagebecbceejblnlcjooeohmmeldh [2017-04-06]
CHR Extension: (Home - New Tab Page) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2017-07-18]
CHR Extension: (Web Paint) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\emeokgokialpjadjaoeiplmnkjoaegng [2017-04-06]
CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Gyazo) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ffdaeeijbbijklfcpahbghahojgfgebo [2017-08-10]
CHR Extension: (Home - Accurate Weather) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\foomlpdinaehlbhlncohiekomfdnicbj [2017-04-06]
CHR Extension: (Edmodo) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fpcdidgjjebefhmlhjlgnkahlimgaemc [2017-04-06]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-23]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-24]
CHR Extension: (Chromium M) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2017-10-24] [UpdateUrl: hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
CHR Extension: (Chromium License) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hpgndaipaddppljndnfgikkonikhiljm [2017-04-06] [UpdateUrl: hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
CHR Extension: (Kindle Cloud Reader) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2017-04-06]
CHR Extension: (Team Fortress 2 Crafting Game) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idemjheodhalnampjokcebmleohpkapd [2017-04-06]
CHR Extension: (G Suite Training) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idkloemkmldbemijiamdiolojbffnjlh [2017-07-07]
CHR Extension: (Alice Keeler Classroom Split) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ifkgpacemihiplnocjocpgmoiefcojik [2017-04-06]
CHR Extension: (Grammarly for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-10-26]
CHR Extension: (Portal) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kiaiohefkfglmlacgndocbmheffjpbgc [2017-04-06]
CHR Extension: (Webroot Filtering Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kjeghcllfecehndceplomkocgfbklffd [2017-08-05]
CHR Extension: (Doom) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mbnpofpbcpmigidknilkmpaiiddbpbmd [2017-04-06]
CHR Extension: (TestNav) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdmkkicfmmkgmpkmkdikhlbggogpicma [2017-09-03]
CHR Extension: (Google Classroom) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2017-04-06]
CHR Extension: (Google Drawings) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2017-04-06]
CHR Extension: (Snake) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlijpphckdfkmcjclnimmbknefojcaol [2017-04-06]
CHR Extension: (Sticky Notes) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nbjdhgkkhefpifbifjiflpaajchdkhpg [2017-04-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (The QR Code Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oijdcdmnjjgnnhgljmhkjlablaejfeeb [2017-04-06]
CHR Extension: (Just Proxy VPN = hide IP + security + unblock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ojedkepkekklpjcgdfiahladdbopbooh [2017-10-24]
CHR Extension: (Khan Academy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko [2017-04-06]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-14]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-08]
CHR HKLM\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-160833441-3391541967-2849483501-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2014-01-05] (Andrea Electronics Corporation) [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1533448 2017-09-14] ()
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [179208 2016-02-10] ()
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [47056 2017-02-17] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-10-13] (Micro-Star INT'L CO., LTD.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [68024 2017-02-16] (Micro-Star INT'L CO., LTD.)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2015-04-20] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-21] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-17] (NVIDIA Corporation)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [435328 2017-09-14] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [745120 2017-09-17] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [238848 2016-02-10] (Mentor Graphics Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-05-07] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [1061104 2017-10-12] (Webroot)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-24] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-10-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-10-24] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-24] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-10-27] (Malwarebytes)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-03-18] (MediaTek Inc.)
S3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-03-08] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ce1961376673184c\nvlddmkm.sys [15600248 2017-08-22] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-17] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-08-21] (NVIDIA Corporation)
S4 RsFx0310; C:\WINDOWS\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek )
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [139704 2017-07-18] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 tilfilter; C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [34424 2016-08-20] (Texas Instruments, Inc.)
R3 tiufilter; C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [39032 2016-08-20] (Texas Instruments, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [127760 2017-10-12] (Webroot)
R3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [66656 2017-06-22] (Webroot)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U0 SR; no ImagePath
U2 srservice; no ImagePath
S3 VBAudioVMAUXVAIOMME; \SystemRoot\system32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [X]
S3 VBAudioVMVAIOMME; \SystemRoot\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-27 16:56 - 2017-10-27 16:56 - 000046454 _____ C:\Users\user\Downloads\FRST.txt
2017-10-27 16:48 - 2017-10-27 16:56 - 000000000 ____D C:\FRST
2017-10-27 16:48 - 2017-10-27 16:48 - 002403328 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2017-10-25 22:53 - 2017-10-25 22:53 - 000185241 _____ C:\Users\user\Downloads\Torque Problem Set 2.pdf
2017-10-25 16:08 - 2017-10-25 16:08 - 000000858 _____ C:\Users\user\Desktop\Destiny 2.lnk
2017-10-24 17:26 - 2017-10-24 17:26 - 000000000 ___HD C:\OneDriveTemp
2017-10-24 17:20 - 2017-10-27 10:37 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-10-24 17:20 - 2017-10-24 17:25 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-10-24 17:20 - 2017-10-24 17:25 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-24 17:20 - 2017-10-24 17:20 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-24 17:20 - 2017-10-24 17:20 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-10-24 17:20 - 2017-10-24 17:20 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-24 17:20 - 2017-10-24 17:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-24 17:20 - 2017-10-24 17:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-24 17:20 - 2017-10-24 17:20 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-24 17:20 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-24 17:19 - 2017-10-24 17:19 - 071535032 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-24 17:00 - 2017-10-24 17:00 - 000000000 ___HD C:\Users\user\AppData\Roaming\Support
2017-10-24 16:25 - 2017-10-25 16:05 - 000000000 ____D C:\Program Files (x86)\Destiny 2
2017-10-14 20:18 - 2017-10-14 20:18 - 000257536 _____ C:\Users\user\Downloads\rolling_ball_coasters.ppt
2017-10-14 20:07 - 2017-10-14 20:07 - 000147030 _____ C:\Users\user\Downloads\Problem Set 3.pdf
2017-10-14 15:25 - 2017-10-14 16:34 - 000000268 _____ C:\Users\user\AppData\Roaming\CSharpAnalytics-MeasurementQueue
2017-10-10 19:42 - 2017-10-10 19:42 - 000000000 ____D C:\Users\user\Documents\Lightshot
2017-10-10 13:51 - 2017-10-10 13:51 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-10 13:50 - 2017-09-30 00:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-10 13:50 - 2017-09-29 21:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-10 13:50 - 2017-09-29 21:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-10 13:50 - 2017-09-29 21:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-10 13:50 - 2017-09-29 21:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-10 13:50 - 2017-09-29 21:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-10 13:50 - 2017-09-29 21:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-10 13:50 - 2017-09-29 21:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-10 13:50 - 2017-09-29 21:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-10 13:50 - 2017-09-29 21:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-10 13:50 - 2017-09-29 21:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-10 13:50 - 2017-09-29 21:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-10 13:50 - 2017-09-29 21:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-10 13:50 - 2017-09-29 21:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-10 13:50 - 2017-09-29 21:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-10 13:50 - 2017-09-29 21:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-10 13:50 - 2017-09-29 21:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-10 13:50 - 2017-09-29 21:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-10 13:50 - 2017-09-29 21:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-10 13:50 - 2017-09-29 21:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-10 13:50 - 2017-09-29 21:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-10 13:50 - 2017-09-29 21:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-10 13:50 - 2017-09-29 21:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-10 13:50 - 2017-09-29 02:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-10 13:50 - 2017-09-29 02:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-10 13:50 - 2017-09-29 02:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-10 13:50 - 2017-09-29 02:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-10 13:50 - 2017-09-29 02:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-10 13:50 - 2017-09-29 02:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-10 13:50 - 2017-09-29 02:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-10 13:50 - 2017-09-29 02:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-10 13:50 - 2017-09-29 02:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-10 13:50 - 2017-09-29 02:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-10 13:50 - 2017-09-29 02:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-10 13:50 - 2017-09-29 02:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-10 13:50 - 2017-09-29 02:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-10 13:50 - 2017-09-29 02:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-10 13:50 - 2017-09-29 02:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-10 13:50 - 2017-09-29 02:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-10 13:50 - 2017-09-29 02:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-10 13:50 - 2017-09-29 02:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-10 13:50 - 2017-09-29 02:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-10 13:50 - 2017-09-29 02:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-10 13:50 - 2017-09-29 02:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-10 13:50 - 2017-09-29 02:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-10 13:50 - 2017-09-29 02:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-10 13:50 - 2017-09-29 02:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-10 13:50 - 2017-09-20 10:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-10 13:50 - 2017-09-20 10:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-10 13:50 - 2017-09-20 10:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-10 13:50 - 2017-09-18 18:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-10 13:49 - 2017-09-30 00:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-10 13:49 - 2017-09-30 00:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-10 13:49 - 2017-09-30 00:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-10 13:49 - 2017-09-30 00:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-10 13:49 - 2017-09-30 00:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-10 13:49 - 2017-09-30 00:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-10 13:49 - 2017-09-30 00:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-10 13:49 - 2017-09-30 00:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-10 13:49 - 2017-09-30 00:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-10 13:49 - 2017-09-30 00:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-10 13:49 - 2017-09-30 00:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-10 13:49 - 2017-09-30 00:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-10 13:49 - 2017-09-30 00:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-10 13:49 - 2017-09-30 00:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-10 13:49 - 2017-09-30 00:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-10 13:49 - 2017-09-30 00:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-10 13:49 - 2017-09-30 00:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-10 13:49 - 2017-09-30 00:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-10 13:49 - 2017-09-30 00:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-10 13:49 - 2017-09-30 00:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-10 13:49 - 2017-09-30 00:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-10 13:49 - 2017-09-30 00:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-10 13:49 - 2017-09-30 00:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-10 13:49 - 2017-09-30 00:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-10 13:49 - 2017-09-30 00:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-10 13:49 - 2017-09-30 00:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-10 13:49 - 2017-09-30 00:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-10 13:49 - 2017-09-30 00:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-10 13:49 - 2017-09-30 00:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-10 13:49 - 2017-09-30 00:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-10 13:49 - 2017-09-30 00:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-10 13:49 - 2017-09-30 00:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-10 13:49 - 2017-09-30 00:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-10 13:49 - 2017-09-30 00:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-10 13:49 - 2017-09-30 00:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-10 13:49 - 2017-09-30 00:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-10 13:49 - 2017-09-30 00:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-10 13:49 - 2017-09-30 00:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-10 13:49 - 2017-09-30 00:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-10 13:49 - 2017-09-30 00:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-10 13:49 - 2017-09-30 00:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-10 13:49 - 2017-09-30 00:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-10 13:49 - 2017-09-30 00:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-10 13:49 - 2017-09-30 00:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-10 13:49 - 2017-09-30 00:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-10 13:49 - 2017-09-30 00:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-10 13:49 - 2017-09-29 21:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-10 13:49 - 2017-09-29 21:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-10 13:49 - 2017-09-29 21:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-10 13:49 - 2017-09-29 21:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-10 13:49 - 2017-09-29 21:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-10 13:49 - 2017-09-29 21:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-10 13:49 - 2017-09-29 02:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-10 13:49 - 2017-09-29 02:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-10 13:49 - 2017-09-29 02:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-10 13:49 - 2017-09-29 02:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-10 13:49 - 2017-09-29 02:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-10 13:49 - 2017-09-29 02:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-10 13:49 - 2017-09-29 02:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-10 13:49 - 2017-09-29 02:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-10 13:49 - 2017-09-29 02:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-10 13:49 - 2017-09-29 02:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-10 13:49 - 2017-09-29 02:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-10 13:49 - 2017-09-29 02:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-10 13:49 - 2017-09-29 02:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-10 13:49 - 2017-09-29 02:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-10 13:49 - 2017-09-29 02:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-10 13:49 - 2017-09-29 02:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-10 13:49 - 2017-09-29 02:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-10 13:49 - 2017-09-29 02:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-10 13:49 - 2017-09-29 02:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-10 13:49 - 2017-09-29 02:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-10 13:49 - 2017-09-29 02:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-10 13:49 - 2017-09-29 02:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-10 13:49 - 2017-09-29 02:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-10 13:49 - 2017-09-29 02:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-10 13:49 - 2017-09-29 02:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-10 13:49 - 2017-09-29 02:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-10 13:49 - 2017-09-29 02:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-10 13:49 - 2017-09-29 02:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-10 13:49 - 2017-09-29 02:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-10 13:49 - 2017-09-29 02:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-10 13:49 - 2017-09-29 02:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-10 13:49 - 2017-09-29 02:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-10 13:49 - 2017-09-29 02:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-10 13:49 - 2017-09-29 02:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-10 13:49 - 2017-09-29 02:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-10 13:49 - 2017-09-29 02:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-10 13:49 - 2017-09-29 02:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-10 13:49 - 2017-09-29 02:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-10 13:49 - 2017-09-29 02:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-10 13:49 - 2017-09-29 02:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-10 13:49 - 2017-09-29 02:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-10 13:49 - 2017-09-29 02:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-10 13:49 - 2017-09-29 02:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-10 13:49 - 2017-09-29 02:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-10 13:49 - 2017-09-29 02:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-10 13:49 - 2017-09-29 02:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-10 13:49 - 2017-09-29 02:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-10 13:49 - 2017-09-29 02:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-10 13:49 - 2017-09-29 02:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-10 13:49 - 2017-09-29 02:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-10 13:49 - 2017-09-29 02:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-10 13:49 - 2017-09-29 02:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-10 13:49 - 2017-09-29 02:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-10 13:49 - 2017-09-29 02:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-10 13:49 - 2017-09-29 02:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-10 13:49 - 2017-09-29 02:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-10 13:49 - 2017-09-29 02:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-10 13:49 - 2017-09-29 02:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-10 13:49 - 2017-09-29 02:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-10 13:49 - 2017-09-29 02:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-10 13:49 - 2017-09-29 02:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-10 13:49 - 2017-09-29 02:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-10 13:49 - 2017-09-29 02:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-10 13:49 - 2017-09-29 02:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-10 13:49 - 2017-09-29 02:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-10 13:49 - 2017-09-29 02:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-10 13:49 - 2017-09-29 02:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-10 13:49 - 2017-09-29 02:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-10 13:49 - 2017-09-29 02:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-10 13:49 - 2017-09-29 02:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-10 13:49 - 2017-09-29 02:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-10 13:49 - 2017-09-29 02:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-10 13:49 - 2017-09-29 02:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-10 13:49 - 2017-09-29 02:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-10 13:49 - 2017-09-29 02:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-10 13:49 - 2017-09-29 02:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-10 13:49 - 2017-09-29 02:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-10 13:49 - 2017-09-29 02:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-10 13:49 - 2017-09-29 02:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-10 13:49 - 2017-09-29 02:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-10 13:49 - 2017-09-29 02:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-10 13:49 - 2017-09-29 02:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-10 13:49 - 2017-09-29 02:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-10 13:49 - 2017-09-29 02:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-10 13:49 - 2017-09-29 02:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-10 13:49 - 2017-09-29 02:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-10 13:49 - 2017-09-29 02:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-10 13:49 - 2017-09-29 02:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-10 13:49 - 2017-09-29 02:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-10 13:49 - 2017-09-29 02:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-10 13:49 - 2017-09-29 02:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-10 13:49 - 2017-09-29 02:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-10 13:49 - 2017-09-29 02:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-10 13:49 - 2017-09-29 02:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-10 13:49 - 2017-09-29 02:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-10 13:49 - 2017-09-29 02:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-10 13:49 - 2017-09-29 02:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-10 13:49 - 2017-09-29 02:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-10 13:49 - 2017-09-29 02:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-10 13:49 - 2017-09-29 02:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-10 13:49 - 2017-09-29 02:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-10 13:49 - 2017-09-29 02:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-10 13:49 - 2017-09-29 02:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-10 13:49 - 2017-09-29 02:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-10 13:49 - 2017-09-29 02:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-10 13:49 - 2017-09-29 02:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-10 13:49 - 2017-09-29 02:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-10 13:49 - 2017-09-29 02:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-10 13:49 - 2017-09-29 02:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-10 13:49 - 2017-09-29 02:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-10 13:49 - 2017-09-29 02:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-10 13:49 - 2017-09-29 02:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-10 13:49 - 2017-09-29 02:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-10 13:49 - 2017-09-29 02:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-10 13:49 - 2017-09-29 02:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-10 13:49 - 2017-09-29 02:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-10 13:49 - 2017-09-29 02:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-10 13:49 - 2017-09-29 02:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-10 13:49 - 2017-09-29 02:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-10 13:49 - 2017-09-29 02:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-10 13:49 - 2017-09-29 02:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-10 13:49 - 2017-09-29 02:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-10 13:49 - 2017-09-29 02:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-10 13:49 - 2017-09-29 02:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-10 13:49 - 2017-09-29 00:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-10 13:49 - 2017-09-29 00:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-10 13:49 - 2017-09-18 18:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-10 13:49 - 2017-09-18 18:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-10 13:49 - 2017-09-18 18:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-10 13:49 - 2017-09-18 18:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-10 13:49 - 2017-09-18 18:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-10 13:49 - 2017-09-18 18:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-10 13:49 - 2017-09-18 18:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-10 13:49 - 2017-09-18 17:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-10 13:49 - 2017-09-18 17:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-10 13:49 - 2017-09-18 17:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-10 13:49 - 2017-09-18 17:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-10-10 13:49 - 2017-09-18 17:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-10 13:49 - 2017-09-18 17:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-09 03:03 - 2017-10-11 00:13 - 000000418 _____ C:\WINDOWS\Tasks\update-sys.job
2017-10-09 03:03 - 2017-10-11 00:13 - 000000418 _____ C:\WINDOWS\Tasks\update-S-1-5-21-160833441-3391541967-2849483501-1001.job
2017-10-09 03:03 - 2017-10-09 03:03 - 000003404 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-160833441-3391541967-2849483501-1001
2017-10-09 03:03 - 2017-10-09 03:03 - 000003344 _____ C:\WINDOWS\System32\Tasks\update-sys
2017-10-09 03:03 - 2017-10-09 03:03 - 000000425 _____ C:\Users\user\AppData\Local\UserProducts.xml
2017-10-09 03:03 - 2017-10-09 03:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-10-09 03:03 - 2017-10-09 03:03 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2017-10-09 03:02 - 2017-10-09 03:02 - 002732544 _____ (Skillbrains ) C:\Users\user\Downloads\setup-lightshot.exe
2017-10-07 02:36 - 2017-10-07 02:36 - 001407474 _____ C:\Users\user\Downloads\idle_master (1).zip
2017-10-07 02:35 - 2017-10-07 13:47 - 000000000 ____D C:\Users\user\Desktop\Idle Master
2017-10-07 02:34 - 2017-10-07 02:34 - 001407474 _____ C:\Users\user\Downloads\idle_master.zip
2017-10-07 02:34 - 2017-10-07 02:34 - 001407474 _____ C:\Users\user\Desktop\idle_master.zip
2017-10-04 21:17 - 2017-10-04 21:17 - 001300660 _____ C:\Users\user\Downloads\video (3).mov
2017-10-04 20:05 - 2017-10-04 20:05 - 000001024 _____ C:\Users\user\Downloads\fay.txt
2017-10-03 20:02 - 2017-10-03 20:03 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-10-03 19:50 - 2017-10-03 19:50 - 000000000 ____D C:\Users\user\AppData\Local\Tempzxpsign25c949fdae685efa
2017-10-03 19:47 - 2017-10-03 19:47 - 000000000 ____D C:\Users\user\AppData\LocalLow\Adobe
2017-10-03 19:44 - 2017-10-03 19:44 - 000000000 ____D C:\Users\user\AppData\Local\Tempzxpsignd472ff983c5cbc5b
2017-10-03 19:43 - 2017-10-03 19:43 - 000000000 ___RD C:\Users\user\Creative Cloud Files
2017-10-03 19:43 - 2017-10-03 19:43 - 000000000 ____D C:\Users\user\AppData\Local\Tempzxpsign70d9504127baf21f
2017-10-03 19:43 - 2017-10-03 19:43 - 000000000 ____D C:\Users\user\AppData\Local\Tempzxpsign165b05a4201bc1b0
2017-10-03 19:43 - 2017-10-03 19:43 - 000000000 ____D C:\Users\user\AppData\Local\Tempzxpsign00a6c33b47710f55
2017-10-03 19:42 - 2017-10-03 19:42 - 000003674 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-flaminphoenix25@gmail.com
2017-10-03 19:42 - 2017-10-03 19:42 - 000000000 ____D C:\Users\user\Documents\Adobe
2017-10-03 19:42 - 2017-10-03 19:42 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-10-03 19:34 - 2017-10-03 20:07 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-10-03 19:34 - 2017-10-03 20:06 - 000000000 ____D C:\ProgramData\Adobe
2017-10-03 19:30 - 2017-10-03 19:43 - 000000000 ____D C:\Users\user\AppData\Local\Adobe
2017-10-03 19:30 - 2017-10-03 19:30 - 001908280 _____ (Adobe Systems Incorporated) C:\Users\user\Downloads\Photoshop_Set-Up.exe
2017-10-01 22:00 - 2017-10-01 22:00 - 001335823 _____ C:\Users\user\Downloads\new doc 2017-10-01 21.47.47 (1).pdf
2017-10-01 21:56 - 2017-10-01 21:56 - 001335823 _____ C:\Users\user\Downloads\new doc 2017-10-01 21.47.47.pdf
2017-10-01 21:46 - 2017-10-01 21:46 - 000070339 _____ C:\Users\user\Downloads\Vector Addition worksheet - 2.pdf
2017-09-28 22:35 - 2017-09-28 22:35 - 001329983 _____ C:\Users\user\Downloads\2017-08-31_17-33-28_1 (2).mp4
2017-09-28 22:32 - 2017-09-28 22:32 - 001329983 _____ C:\Users\user\Downloads\2017-08-31_17-33-28_1 (1).mp4
2017-09-28 22:30 - 2017-09-28 22:30 - 001329983 _____ C:\Users\user\Downloads\2017-08-31_17-33-28_1.mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-27 16:54 - 2017-04-08 20:42 - 000000000 ____D C:\Users\user\AppData\Roaming\BetterDiscord
2017-10-27 16:14 - 2017-03-20 17:54 - 000000000 ____D C:\Users\user\AppData\Local\Battle.net
2017-10-27 16:13 - 2017-05-27 13:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-27 13:38 - 2017-03-20 17:33 - 000000000 ____D C:\ProgramData\WRData
2017-10-27 12:25 - 2017-05-27 13:48 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-27 09:11 - 2017-04-06 11:54 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-10-27 00:27 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-27 00:27 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-26 22:59 - 2017-07-07 16:58 - 000000000 ____D C:\Users\user\AppData\Roaming\eve Updater
2017-10-26 19:46 - 2017-03-20 17:31 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-26 17:42 - 2017-05-27 13:53 - 000003540 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-10-26 17:42 - 2017-05-27 13:53 - 000003404 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-10-26 17:42 - 2017-03-20 19:42 - 000000000 ____D C:\Program Files (x86)\Gyazo
2017-10-25 17:53 - 2017-08-20 22:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-25 17:53 - 2017-08-20 22:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-25 16:08 - 2017-03-20 17:50 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-10-24 17:31 - 2017-05-27 13:52 - 001934752 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-24 17:26 - 2017-03-16 17:08 - 000000000 ___RD C:\Users\user\OneDrive
2017-10-24 17:25 - 2017-05-27 13:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-24 17:25 - 2017-03-20 17:33 - 000182192 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2017-10-24 17:25 - 2017-03-20 17:33 - 000114672 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2017-10-24 17:24 - 2017-07-29 22:53 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.7
2017-10-24 17:24 - 2017-03-18 06:40 - 002883584 _____ C:\WINDOWS\system32\config\BBI
2017-10-24 16:39 - 2017-03-17 17:50 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-10-23 20:40 - 2017-07-26 20:09 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-160833441-3391541967-2849483501-1001
2017-10-23 20:40 - 2017-03-16 17:08 - 000002360 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-17 16:15 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-14 15:57 - 2017-07-29 20:31 - 000000444 _____ C:\Users\user\AppData\Roaming\CSharpAnalytics-MeasurementSession
2017-10-12 19:21 - 2017-03-18 16:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-12 19:21 - 2017-03-18 16:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 00:59 - 2017-03-20 17:33 - 000127760 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2017-10-11 18:01 - 2017-06-26 13:35 - 000000000 ____D C:\Users\user\AppData\Roaming\Twitch
2017-10-11 15:20 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-11 09:26 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-11 09:26 - 2016-11-20 13:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-11 00:13 - 2017-05-27 13:47 - 001163520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-11 00:12 - 2017-03-18 16:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-11 00:12 - 2017-03-18 16:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-11 00:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-11 00:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-10 13:52 - 2017-03-16 19:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-10 13:51 - 2017-03-16 19:40 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-08 14:26 - 2017-08-24 12:22 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-10-08 13:39 - 2017-03-20 17:41 - 000000000 ____D C:\Users\user\AppData\Roaming\discord
2017-10-03 20:02 - 2017-03-16 17:07 - 000000000 ____D C:\Users\user\AppData\Roaming\Adobe
2017-10-01 21:59 - 2017-08-13 20:16 - 000000000 ____D C:\Users\user\Desktop\School stuff
 
==================== Files in the root of some directories =======
 
2017-10-14 15:25 - 2017-10-14 16:34 - 000000268 _____ () C:\Users\user\AppData\Roaming\CSharpAnalytics-MeasurementQueue
2017-07-29 20:31 - 2017-10-14 15:57 - 000000444 _____ () C:\Users\user\AppData\Roaming\CSharpAnalytics-MeasurementSession
2017-06-27 23:11 - 2017-07-16 16:16 - 000033964 _____ () C:\Users\user\AppData\Roaming\VoiceMeeterDefault.xml
2017-10-09 03:03 - 2017-10-09 03:03 - 000000003 _____ () C:\Users\user\AppData\Local\updater.log
2017-10-09 03:03 - 2017-10-09 03:03 - 000000425 _____ () C:\Users\user\AppData\Local\UserProducts.xml
2017-07-29 18:18 - 2017-07-29 18:18 - 000000016 _____ () C:\ProgramData\mntemp
 
Some files in TEMP:
====================
2017-06-26 15:17 - 2017-06-26 15:17 - 000019968 ____N (Red Hat®, Inc.) C:\Users\user\AppData\Local\Temp\jansi-64-1153621337099701809.dll
2017-06-26 12:45 - 2017-06-26 12:45 - 000019968 _____ (Red Hat®, Inc.) C:\Users\user\AppData\Local\Temp\jansi-64-1583859473188082189.dll
2017-07-11 17:08 - 2017-07-11 17:08 - 000019968 ____N (Red Hat®, Inc.) C:\Users\user\AppData\Local\Temp\jansi-64-4059586364703296191.dll
2017-06-26 13:06 - 2017-06-26 13:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\user\AppData\Local\Temp\jansi-64-4460051283586641038.dll
2017-06-26 13:43 - 2017-06-26 13:43 - 000019968 ____N (Red Hat®, Inc.) C:\Users\user\AppData\Local\Temp\jansi-64-4729014190565925304.dll
2017-06-27 15:42 - 2017-06-27 15:42 - 000019968 ____N (Red Hat®, Inc.) C:\Users\user\AppData\Local\Temp\jansi-64-5377796760907648331.dll
2017-06-26 13:16 - 2017-06-26 13:16 - 000019968 _____ (Red Hat®, Inc.) C:\Users\user\AppData\Local\Temp\jansi-64-6262855202503746982.dll
2017-06-26 12:56 - 2017-06-26 12:56 - 000019968 _____ (Red Hat®, Inc.) C:\Users\user\AppData\Local\Temp\jansi-64-7532815527716002768.dll
2017-07-14 14:15 - 2017-07-14 14:15 - 000019968 ____N (Red Hat®, Inc.) C:\Users\user\AppData\Local\Temp\jansi-64-7808069884069009690.dll
2017-06-27 23:04 - 2017-06-27 23:04 - 000058821 ____N () C:\Users\user\AppData\Local\Temp\JNativeHook_1614535924132877710.dll
2017-07-06 00:18 - 2017-07-06 00:18 - 000058821 ____N () C:\Users\user\AppData\Local\Temp\JNativeHook_244764270571610048.dll
2017-06-27 23:10 - 2017-06-27 23:10 - 000058821 ____N () C:\Users\user\AppData\Local\Temp\JNativeHook_2492463444556841743.dll
2017-06-27 23:44 - 2017-06-27 23:44 - 000058821 ____N () C:\Users\user\AppData\Local\Temp\JNativeHook_2849811495359977681.dll
2017-06-28 18:05 - 2017-06-28 18:05 - 000058821 ____N () C:\Users\user\AppData\Local\Temp\JNativeHook_3011896998972924128.dll
2017-06-27 23:06 - 2017-06-27 23:06 - 000058821 ____N () C:\Users\user\AppData\Local\Temp\JNativeHook_3307264753831753027.dll
2017-06-28 12:10 - 2017-06-28 12:10 - 000058821 ____N () C:\Users\user\AppData\Local\Temp\JNativeHook_3757884545749123488.dll
2017-06-27 23:20 - 2017-06-27 23:20 - 000058821 ____N () C:\Users\user\AppData\Local\Temp\JNativeHook_4402556843033872644.dll
2017-06-28 12:08 - 2017-06-28 12:08 - 000058821 ____N () C:\Users\user\AppData\Local\Temp\JNativeHook_4656991519719398366.dll
2017-06-27 23:06 - 2017-06-27 23:06 - 000058821 ____N () C:\Users\user\AppData\Local\Temp\JNativeHook_4981964892316915204.dll
2017-07-05 16:12 - 2017-07-05 16:12 - 000058821 ____N () C:\Users\user\AppData\Local\Temp\JNativeHook_5684079438848653055.dll
2017-07-06 21:03 - 2017-07-06 21:03 - 000058821 ____N () C:\Users\user\AppData\Local\Temp\JNativeHook_5722567077199106159.dll
2017-06-28 00:14 - 2017-06-28 00:14 - 000058821 _____ () C:\Users\user\AppData\Local\Temp\JNativeHook_8027456742230598621.dll
2017-06-28 00:14 - 2017-06-28 00:14 - 000058821 ____N () C:\Users\user\AppData\Local\Temp\JNativeHook_8195320395080829193.dll
2017-06-27 23:46 - 2017-06-27 23:46 - 000058821 ____N () C:\Users\user\AppData\Local\Temp\JNativeHook_8508052680258312720.dll
2017-07-28 13:26 - 2017-07-28 13:26 - 000740416 _____ (Oracle Corporation) C:\Users\user\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-10-20 13:26 - 2017-10-20 13:26 - 001856576 _____ (Oracle Corporation) C:\Users\user\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-05-23 17:05 - 2017-08-09 17:21 - 000758288 _____ (NVIDIA Corporation) C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll
2017-05-23 17:05 - 2017-08-09 17:21 - 000873136 _____ (NVIDIA Corporation) C:\Users\user\AppData\Local\Temp\nvSCPAPI64.dll
2017-07-11 01:07 - 2017-08-09 17:21 - 000368576 _____ (NVIDIA Corporation) C:\Users\user\AppData\Local\Temp\nvStInst.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-10-26 19:20
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by user (27-10-2017 16:56:49)
Running from C:\Users\user\Downloads
Windows 10 Home Version 1703 15063.674 (X64) (2017-05-27 18:55:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-160833441-3391541967-2849483501-500 - Administrator - Disabled)
bigol (S-1-5-21-160833441-3391541967-2849483501-1002 - Limited - Disabled)
DefaultAccount (S-1-5-21-160833441-3391541967-2849483501-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-160833441-3391541967-2849483501-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-160833441-3391541967-2849483501-501 - Limited - Disabled)
user (S-1-5-21-160833441-3391541967-2849483501-1001 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gyazo 3.3.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BF5ABBDB-D3AA-4BCB-8D10-FCD4A4BB7F93}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\OneDriveSetup.exe) (Version: 17.3.7073.1013 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{C7E2483C-10A4-41E3-A2F6-240186FE3E41}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 56.0 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0 (x64 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.03 - MSI)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
osu! (HKLM-x32\...\{61311232-739b-43c1-b2cf-46a6bda3263d}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.6.4 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.721 - Razer Inc.)
ROBLOX Player for user (HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SOLIDWORKS 2016 x64 Edition SP02 (HKLM\...\{768F3B65-1695-47B7-9002-B11400CB111D}) (Version: 24.120.50 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2016 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20160-40200-1100-100) (Version: 24.2.0.50 - SolidWorks Corporation)
SOLIDWORKS Composer Player 2016 SP02 x64 Edition (HKLM\...\{8537E059-C18B-4DE6-AED6-CD9B90240C35}) (Version: 24.20.50 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2016 x64 Edition SP02 (HKLM\...\{BCB9F00D-D23D-465C-B7BB-629900B7FF51}) (Version: 16.2.0030 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Electrical 2016 SP02 x64 Edition (HKLM\...\{064914EF-A0D8-447D-8E5C-E888CA8FD467}) (Version: 24.20.50 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2016 SP02 x64 Edition  (HKLM\...\{0B7C2320-1D2F-42F1-9941-C88C6B7AB0D5}) (Version: 24.20.51 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2016 SP02 x64 Edition (HKLM\...\{DF6A3557-CE70-4357-81CF-E33CCB5E750D}) (Version: 24.20.50 - Dassault Systemes SolidWorks Corp) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TI xHCI Filter Driver 1.0.0.4 (HKLM-x32\...\TI xHCI Filter Driver) (Version: 1.0.0.4 - Texas Instruments Inc.)
TP-LINK TL-WN881ND Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 29.0 - Ubisoft)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.18.38 - Webroot)
WinDirStat 1.1.2 (HKU\S-1-5-21-160833441-3391541967-2849483501-1001\...\WinDirStat) (Version:  - )
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-160833441-3391541967-2849483501-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2017-10-24] (Webroot)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-08-21] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2017-10-24] (Webroot)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0F9B983E-6ED7-4AE8-B081-A3A2AE5F96CB} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {18E1D5AE-9055-499B-85F3-134E3FF45ED4} - System32\Tasks\MSISW_Host => C:\Windows\SysWoW64\muachost.exe [2015-08-18] (MSI)
Task: {49DEF044-DEB7-4F2F-B5E0-A93FFF6602F7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {54B40BE0-1774-4633-BB58-63D5E36D59D4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-17] (NVIDIA Corporation)
Task: {550B02A7-9E33-4D86-9144-459C297DC38F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-flaminphoenix25@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {5810B261-5D5C-48B3-98E9-20EDF68F58F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-20] (Google Inc.)
Task: {6902FB96-D987-4535-9BE0-D3B56FFB8F99} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-17] (NVIDIA Corporation)
Task: {744ADCBC-53C3-447B-9E54-D873907CE4CE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation)
Task: {76A6F7A6-914A-4156-B222-981BFF3EEDD7} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-10-03] ()
Task: {9336774C-1282-446B-8E1B-30A12FEC5CDE} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation)
Task: {9DB51582-CA11-4F76-8695-5EDE6729D018} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-17] (NVIDIA Corporation)
Task: {A4BFC16D-5D67-484C-8B9D-AD81868E886E} - System32\Tasks\update-S-1-5-21-160833441-3391541967-2849483501-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {AD91864C-8679-4C58-912C-3EE8ABCBE312} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-17] (NVIDIA Corporation)
Task: {C32866DF-ED2E-437B-AC00-875C0F4D2EA9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation)
Task: {CA6E2BAD-FF8D-4BD7-91C3-BD2AE62DE79E} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-10-03] ()
Task: {CE1A9E6A-1703-48BB-95B9-73B0D66576F1} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [2017-01-19] (Micro-Star INT'L CO., LTD.)
Task: {CE8BC3C7-39FE-49AF-ADEB-A1273945F72A} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {D5CB77C6-16E0-43A7-80CB-0AE43FCD04E4} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {D626D64E-CA98-44F2-8318-82942EDB1D03} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation)
Task: {E283BDBA-EFEE-4463-BCB6-57489DEA0891} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-20] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-160833441-3391541967-2849483501-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Discord Kiosk.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=beolnaffiilgdnlpggjjmgaobllekdog
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\HP Print for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=cjanmonomjogheabiocdamfpknlpdehm
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Launcher for Steam.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=cieeogkfefbpgbdknhcolehnnfflffba
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Link All.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=bbplhdcnpcenkdciibplnkgmiffjfnni
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Portal.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=kiaiohefkfglmlacgndocbmheffjpbgc
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Solitaire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=blpebaehgfgkcmmjjknibibbjacnplim
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sticky Notes.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=nbjdhgkkhefpifbifjiflpaajchdkhpg
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Team Fortress 2 Crafting Game.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=idemjheodhalnampjokcebmleohpkapd
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TestNav.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=mdmkkicfmmkgmpkmkdikhlbggogpicma
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\James - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-27 13:48 - 2017-08-21 18:10 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-10 16:37 - 2016-02-10 16:37 - 000179208 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
2017-10-24 17:20 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-24 17:20 - 2017-10-04 13:15 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-17 17:56 - 2017-08-17 23:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-19 17:09 - 2017-07-19 17:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-03-16 16:25 - 2016-06-14 18:35 - 000187392 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\D3D11FontDraw.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-14 03:48 - 2017-08-14 03:48 - 000491600 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2017-07-14 10:27 - 2017-07-14 10:27 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-07-14 10:26 - 2017-07-14 10:26 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-04-04 16:19 - 2017-07-20 10:21 - 001268224 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
2017-09-25 15:13 - 2017-09-21 02:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-25 15:13 - 2017-09-21 02:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2016-02-10 22:27 - 2016-02-10 22:27 - 000267672 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldBodyDiffu.dll
2017-03-20 17:27 - 2013-04-09 13:05 - 000846848 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2017-07-28 21:45 - 2017-07-28 21:45 - 000298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-16 16:25 - 2016-06-14 18:35 - 000163328 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\D3D11FontDraw.dll
2017-03-20 17:32 - 2017-09-09 14:25 - 000688416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-03-20 17:32 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-03-20 17:32 - 2017-10-17 16:24 - 002546976 _____ () C:\Program Files (x86)\Steam\video.dll
2017-03-20 17:32 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-03-20 17:32 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-03-20 17:32 - 2016-01-27 02:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-03-20 17:32 - 2016-01-27 02:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-03-20 17:32 - 2016-01-27 02:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-03-20 17:32 - 2016-01-27 02:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-03-20 17:32 - 2016-01-27 02:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-03-20 17:32 - 2017-10-17 16:24 - 000901408 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-03-20 17:32 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-03-17 17:56 - 2017-08-17 23:36 - 069807552 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-03-20 17:33 - 2017-08-16 17:28 - 073130272 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-14 13:17 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-03-17 17:56 - 2017-08-17 23:36 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-20 17:32 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-03-20 17:27 - 2013-01-22 16:40 - 001411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2017-03-20 17:27 - 2013-04-02 15:41 - 000193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2017-03-20 17:27 - 2013-05-07 13:16 - 000138752 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
2017-03-20 17:27 - 2013-05-07 13:16 - 000115712 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL
2017-05-22 05:13 - 2017-05-22 05:13 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2017-08-23 16:04 - 2017-04-13 12:58 - 050656768 _____ () C:\Users\user\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2017-08-23 16:04 - 2017-04-13 12:58 - 001874944 _____ () C:\Users\user\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2017-08-23 16:04 - 2017-04-13 12:58 - 000075264 _____ () C:\Users\user\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2017-07-13 18:50 - 2017-08-16 17:29 - 001936672 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2017-07-13 18:50 - 2017-08-16 17:29 - 000113952 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll
2017-08-08 19:14 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\user\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-08 20:00 - 2017-08-08 20:00 - 001577976 _____ () \\?\C:\Users\user\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-08-08 20:00 - 2017-10-06 17:30 - 009722360 _____ () \\?\C:\Users\user\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-08 20:00 - 2017-08-08 20:00 - 001440248 _____ () \\?\C:\Users\user\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-08-09 16:36 - 2017-08-09 16:36 - 000148992 _____ () \\?\C:\Users\user\AppData\Local\Discord\app-0.0.298\resources\app\node_modules\erlpack\build\Release\erlpack.node
2017-08-08 20:00 - 2017-08-08 20:00 - 002658296 _____ () \\?\C:\Users\user\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-08 20:00 - 2017-08-08 20:00 - 002673656 _____ () \\?\C:\Users\user\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\user\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\user\AppData\Local\Temp:$DATA [34]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-160833441-3391541967-2849483501-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bird-phoenix-flight-art-drawing-wallpaper-2560x1600.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{FC220D66-688C-4547-9CD8-6F2C203EAE5F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{85E8F025-E5AA-4E73-A5BF-008BBD98AF38}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{E8CBD3F4-C94A-4CC4-BE35-2801784B4391}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{8882BA57-D936-4772-B14B-C335FB7DB3F3}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{19937287-8549-4881-AA03-B7957CB6F158}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{24562BAD-DC53-4054-9785-E941E4D49423}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{6E330B53-4302-40A2-A191-78049749F0C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{EB836E70-819E-4B4E-8CF9-A69210BCBA48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{532D2C8C-0347-42D3-AE75-1683EB3660EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{F538FF07-F8C3-4F86-BAE4-946DF0E74970}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{C1916F6E-1345-484C-AD9A-FDB50B19F415}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{0543C565-C00F-4240-808E-438C92F38D95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{5AB7A89B-C372-4D5E-9159-515B3ABD3BD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{AA00E737-FE14-488E-940A-045193E96EFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{402643D0-7E5A-44B6-8381-7E8E7B31B25C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{286AADC3-B6C0-46BD-BC4E-C28AB3CEABE6}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{9699AEF0-8DE5-408D-9591-FC74EBBDA724}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{CC84EF98-9C6D-4F05-8221-EDF2C171D7A8}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{5E1DA8E2-826E-4CA8-ABBC-C6AF0539F311}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{B7F8C65B-F4F4-4F10-BB42-B43E0B59E3F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{EA8CA7AA-CDD0-4A47-9BEA-0828EE270B8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{D6B00947-570A-4739-B80F-BE594B570182}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{B742B2EB-BB4E-4081-B0C5-51A1F77988EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [UDP Query User{C2E0220A-728D-4D73-9216-CE4BE663D470}C:\users\user\desktop\hot gta role playing\fivem.exe] => (Allow) C:\users\user\desktop\hot gta role playing\fivem.exe
FirewallRules: [TCP Query User{45234006-61EA-40DF-A081-FE36C55B1789}C:\users\user\desktop\hot gta role playing\fivem.exe] => (Allow) C:\users\user\desktop\hot gta role playing\fivem.exe
FirewallRules: [{C28E322F-A785-49AB-9523-83BA6F7C5893}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{5F70310C-9958-4FD8-A481-C4921C69C3B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{61F276C6-850A-42B9-ABF6-C93E75C3302C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{0BAABD92-470C-4E3F-A8DE-90E485D5614E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{23F15774-1CBF-45B2-84AB-B9C7192B7DBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A112C590-6605-4FB8-B03E-C48925BA0F16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{BFB4D917-49E8-445D-B2BF-38E1FEDBA465}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{2D7D30B9-EAA8-451B-A08F-4092E314F647}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{2C6F0514-D1F9-4ED1-912A-D48CE4562A76}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C3399AE8-7E39-4E09-B068-2C17960EBDCC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AC6D1946-C786-4358-ADB4-48632429B475}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{109E8008-8806-4634-A8A0-A7D019D8B0D1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C01F28F3-FAE7-4A31-BA22-BA0592F58C87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DEBF67BA-12AE-4266-B11B-B3E6D33DD372}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{56B1D25C-3893-45FD-A015-A44C2427C0AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EB8BABCC-4B43-44E4-9722-0FAE44D5A0E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EA64029F-4648-495A-B8EA-6DCE05F2DE88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{26AAF2B8-3BB3-49BC-BD09-D6C7224845BF}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C14002EA-FA7A-4F98-A289-6AB6A0426137}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{9F4AB12A-DFA0-47A7-8322-3D0259315D07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{C3599F81-8B98-4353-9A23-28C2D9E5059A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{1F60B9DC-B8DD-4882-9E6C-7922541414BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{7BE7B107-FEFE-44A6-B048-25C476FE85F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{0F33A267-94E1-4749-9B8F-D4FA96365DCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poker Night 2\PokerNight2.exe
FirewallRules: [{E9A3DE4B-93B4-4DB4-A693-40F6C5DAA97F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poker Night 2\PokerNight2.exe
FirewallRules: [{3DB92DE2-B2D3-4EF1-A08F-ED4A9106F94E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{48403A81-448D-4679-9647-98A806F1D132}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [TCP Query User{32D971F5-4D6C-4E71-8C60-283570773C18}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{2ACEF102-440E-4FFA-8289-50B62D6247B2}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{ED80DFFE-11FE-49A4-9438-E1D684DE2CBD}] => (Block) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{582DC08C-DDF6-4535-A612-C2848BD78E19}] => (Block) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{33169D6C-7D48-45FC-9B8C-EE531E96E0E2}C:\users\user\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\user\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{59D1E414-91A2-4460-82E3-80D9203F63E1}C:\users\user\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\user\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1D918CB4-13FE-4BCD-BF33-387AFAC2FC25}] => (Block) C:\users\user\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D32E541C-63B2-4680-8BCB-8D88FB254A2F}] => (Block) C:\users\user\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{BF78AC07-B514-4F21-857A-E3BE2F1273D0}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{24716E87-B31B-4755-BB4E-DDA673EC7947}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{50042EF0-860D-4381-8CA2-E88DFD83250F}] => (Block) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{6C89A95F-A2DF-4D1D-AACD-A7AD8C701BDB}] => (Block) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{1002B362-917D-48BE-A89E-0FABBB7476CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe
FirewallRules: [{481AD796-4168-4E42-B4A9-82A75355DAB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe
FirewallRules: [TCP Query User{E67A5F98-CC19-4D19-8013-3596B2B6791A}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{FC9BB9D7-E19C-469F-B962-ADF37DBFC4FA}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{900359BF-E3D3-47CF-BA5F-D4461D4ADEE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{2CEC003E-4129-4F49-B060-AF09D7C7419F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{E272E71F-099E-4714-8C0C-D818A8A38CE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2E4278C-0721-4189-8AC7-3600DE76FCDF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F92286C9-7F28-4896-B723-B85442B8A5A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6790A8FF-6120-4CDE-8FA4-4B2C1C116639}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BDC16626-79E3-4DD7-9B6F-70A60DADD116}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{02DDE3F6-41AE-448B-B08C-BAB81622E788}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{1243746A-E711-4B56-8BFB-408317ED2637}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{61BC8298-5023-4505-BCC9-8836E2DFC8CE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C33D0E77-C082-4AAF-9929-76F9D169C6E2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{676DEECC-7A78-4021-87E4-49333265C746}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7A57D2FF-A4C6-4899-A0F6-D039147771D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A5292349-62BF-4977-A26F-6119FD8A233A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{439DE314-0F7B-4228-854A-AE8901650CCD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{829157F6-6E99-49E2-B4A8-ABDB986D3E2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{81CF5E2E-FD10-4F95-8457-201A442EF1B3}C:\program files (x86)\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{C42DB597-D9DC-449E-92CF-2316E32521A8}C:\program files (x86)\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [{650E0315-3738-46C6-8313-AF7F86649314}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{757BAE10-1D12-4F10-8704-5847182304C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{159457AE-A2C5-4530-940A-3BA5071F93E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CEC3214E-8E29-4835-BEDA-2ED326DBF699}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spriter\Spriter.exe
FirewallRules: [{04F8BA34-A3E6-4829-A002-3B4EC81AD571}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spriter\Spriter.exe
FirewallRules: [TCP Query User{D6F9F51F-8CAA-4923-B9DA-7BCC65AB20A4}C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe
FirewallRules: [UDP Query User{584ECDAE-A0F4-432A-A8A7-EA78F2BB7EFB}C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe
FirewallRules: [{48DAEC26-7550-47BC-9AC6-7307037CDE25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{18A2FB83-0CB1-483D-875B-0C46DDDFAA82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{3B3448CF-92A2-464B-B32B-FEE79F75CCC1}C:\users\user\appdata\roaming\support\diskmgr.exe] => (Block) C:\users\user\appdata\roaming\support\diskmgr.exe
FirewallRules: [UDP Query User{303A6615-E867-410A-8A3D-A32E2DBCBEEE}C:\users\user\appdata\roaming\support\diskmgr.exe] => (Block) C:\users\user\appdata\roaming\support\diskmgr.exe
 
==================== Restore Points =========================
 
08-10-2017 15:03:52 Scheduled Checkpoint
16-10-2017 19:52:13 Scheduled Checkpoint
25-10-2017 22:48:04 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/24/2017 05:25:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (10/24/2017 04:39:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Battle.net Helper.exe, version: 0.0.0.0, time stamp: 0x59e7d7ce
Faulting module name: libcef.dll, version: 3.2623.1435.0, time stamp: 0x591a1a2e
Exception code: 0x80000003
Fault offset: 0x0019b129
Faulting process id: 0x28cdc
Faulting application start time: 0x01d34d0ec298cc27
Faulting application path: C:\Program Files (x86)\Battle.net\Battle.net.9526\Battle.net Helper.exe
Faulting module path: C:\Program Files (x86)\Battle.net\Battle.net.9526\libcef.dll
Report Id: 344fc58f-3f2e-4b82-8a55-d2ec1a95575a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/23/2017 06:26:34 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (10/22/2017 01:27:36 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (10/21/2017 11:32:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Discord.exe version 0.0.42.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1f01c
 
Start Time: 01d34aac769d9f26
 
Termination Time: 17
 
Application Path: C:\Users\user\AppData\Local\Discord\app-0.0.298\Discord.exe
 
Report Id: 8f188414-b97b-4085-bfb3-25e7b9fd4f13
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/20/2017 05:35:06 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (10/18/2017 06:11:35 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (10/11/2017 05:58:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (10/11/2017 04:39:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x58a7ebd6
Faulting module name: engine.dll, version: 0.0.0.0, time stamp: 0x598112e5
Exception code: 0xc0000005
Fault offset: 0x000931cb
Faulting process id: 0x4c7c
Faulting application start time: 0x01d342d926746901
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
Faulting module path: c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\engine.dll
Report Id: 23dc005e-fd79-42c9-84a2-9663e98c696e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/11/2017 10:26:40 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (10/27/2017 04:32:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/27/2017 04:19:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/26/2017 07:47:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/25/2017 04:11:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/24/2017 08:00:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/24/2017 05:29:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/24/2017 05:25:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/24/2017 05:25:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/24/2017 05:25:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (10/24/2017 05:25:00 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: PCI080028000020000000
 
 
CodeIntegrity:
===================================
  Date: 2017-06-26 12:27:46.682
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-05-27 17:11:10.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4820K CPU @ 3.70GHz
Percentage of memory in use: 67%
Total physical RAM: 12217.36 MB
Available physical RAM: 3915.35 MB
Total Virtual: 19385.36 MB
Available Virtual: 3707.44 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.21 GB) (Free:38.32 GB) NTFS
Drive d: (Data) (Fixed) (Total:1862.89 GB) (Free:1833.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 27 October 2017 - 07:02 PM

Hi FlaminPhoenix :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:

  • Reimaging the system
  • Restoring the entire system using a full system backup from before the backdoor infection
  • Reformatting and reinstalling the system
Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. Thats right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


You have two options: either we continue with the clean-up (though I cannot guarantee at 100% that your system still won't be backdoored at the end), or you can do a nuke and pave (format and reinstall) of Windows. I can assist you with both options, the choice is yours.

Edited by Aura, 27 October 2017 - 07:04 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 FlaminPhoenix

FlaminPhoenix
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 27 October 2017 - 07:22 PM

Okay well that sucks. Guess ill just wipe it rather than leave the chance of everything getting boned in the future. What do I have to do now?


Edited by FlaminPhoenix, 27 October 2017 - 07:24 PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 27 October 2017 - 10:19 PM

Do you have your Windows installation media?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 FlaminPhoenix

FlaminPhoenix
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 27 October 2017 - 11:15 PM

I dont believe I do.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 28 October 2017 - 09:44 AM

Do you have a USB Flash Drive? If so, how big is it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 FlaminPhoenix

FlaminPhoenix
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 28 October 2017 - 02:23 PM

I have an old one that is around 7.5 GB. Would this work?



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 28 October 2017 - 04:50 PM

It will, yes. Since you have Windows 10, you can use the Media Creation Tool to create a Windows 10 bootable USB and install Windows 10 from there.

https://www.tenforums.com/tutorials/1950-clean-install-windows-10-a.html

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 FlaminPhoenix

FlaminPhoenix
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 28 October 2017 - 09:10 PM

Ive reinstalled windows 10 from the USB drive but there is a new folder that contains all my old files called windows.old. What should I do with this?



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 28 October 2017 - 09:18 PM

You can delete it using cleanmgr.exe.

http://www.thewindowsclub.com/delete-remove-windows-old-folder

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 FlaminPhoenix

FlaminPhoenix
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 28 October 2017 - 11:16 PM

Okay the folder was deleted. Was this the last step? 


Edited by FlaminPhoenix, 28 October 2017 - 11:28 PM.


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 29 October 2017 - 09:54 AM

That would be it, yes :) Are all your drivers reinstalled? If not, I can help you with that as well.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 FlaminPhoenix

FlaminPhoenix
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 29 October 2017 - 01:59 PM

Yes my drivers are all installed thank you so much I dont know what I would have done without you :)



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 29 October 2017 - 02:56 PM

No problem FlaminPhoenix, you're welcome! Glad to see that all ended well :)

Stay safe!

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 29 October 2017 - 02:56 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users