Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit infections + dead antivirus/malware programs


  • This topic is locked This topic is locked
31 replies to this topic

#1 marionthorne

marionthorne

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 05 November 2017 - 11:51 AM

I had some adware so I used Malwarebytes to remove it - it successfully removed everything but one, so I go over to Avast and run a full system scan and discovered I had accrued quite the collection of rootkits. For some reason, Avast couldn't remove them. It was late, and I said, "I'll deal with it tomorrow," and shut down my computer.

Today, Avast's shields stay disabled and the program doesn't open up. Malwarebytes won't even run. I tried downloading both Malwarebyte's anti-rootkit tool and McAfee's rootkit remover, but I can't even get the installers on those two to run.

 

Help? :(



BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:18 AM

Posted 05 November 2017 - 03:11 PM

Greetings marionthorne and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Now that you have already started a topic please follow the steps as outlined here. Make sure to copy and paste both logs in your reply. If you receive an error message the content is too long simply post each report in a separate reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#3 marionthorne

marionthorne
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 06 November 2017 - 12:05 PM

Thanks for the reply! Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by User (administrator) on DESKTOP-UC83QPF (06-11-2017 10:16:26)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: defaultuser0 & User)
Platform: Windows 10 Pro Version 1607 14393.1770 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Microsoft Corporation) C:\Program Files\rempl\remsh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(TOSHIBA CORPORATION) C:\Windows\Temp\exopznisrv.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
() C:\Users\User\AppData\Local\wiakxrl\wiakxrl.exe
() C:\Users\User\AppData\Local\wiakxrl\pssetri.exe
() C:\Users\User\AppData\Local\wiakxrl\pssetri.exe
() C:\Users\User\AppData\Local\wiakxrl\pssetri.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-05] (AVAST Software)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3934168 2016-09-16] (Stardock Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [52553728 2017-08-07] (Hammer & Chisel, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\Run: [Discord] => C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [10182344 2017-07-26] (FreeDownloadManager.org)
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3934168 2016-09-16] (Stardock Corporation)
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2739240 2015-11-13] ()
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dumbfounded.lnk [2017-09-19]
ShortcutTarget: dumbfounded.lnk -> C:\Program Files (x86)\Wagon\kingsport.exe (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-08-08]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1857c236-f489-4443-a6d3-69ce048519c7}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1857c236-f489-4443-a6d3-69ce048519c7}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2419917656-2055917082-45752995-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2419917656-2055917082-45752995-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-12] (Microsoft Corporation)
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-11-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-11-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-11-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-11-10] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-07] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-11-06]
CHR Extension: (Quest) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambgegofabbnggkihmboplgghoocjaka [2017-08-06]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-05]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-05]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (ThemeBeta.com) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekoigflcnkodchgpbgmpokjpjolkpmmc [2017-11-01]
CHR Extension: (Avast Passwords) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-06]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-06]
CHR Extension: (New XKit) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2017-09-30] [UpdateUrl: hxxps://new-xkit.github.io/XKit/Extensions/dist/page/FirefoxUpdate.json] <==== ATTENTION
CHR Extension: (Roomstyler 3D planner) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2017-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (No more Tumblr players) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\olffebgbihkemhnlpeficnplfoiabljj [2017-08-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1353208 2017-06-15] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-09-19] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-05] (AVAST Software s.r.o.)
U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-05] (AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2017-08-06] (EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-08-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-07] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [701896 2017-09-13] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [60104 2014-09-19] (Advanced Micro Devices)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [321032 2017-10-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-10-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-10-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-10-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47008 2017-10-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147776 2017-10-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-10-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-10-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1029872 2017-10-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [587168 2017-10-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [201352 2017-10-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [363440 2017-10-05] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-11-01] ()
R3 kmloop; C:\Windows\System32\drivers\loop.sys [16384 2016-07-16] (Microsoft Corporation)
R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [188352 2017-11-04] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-11-04] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-11-04] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-11-01] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [81736 2017-07-27] (Insecure.Com LLC.)
R1 npf; C:\Windows\system32\DRIVERS\npf.sys [81736 2017-07-27] (Insecure.Com LLC.)
R3 WacHidRouterPro; C:\Windows\System32\drivers\wachidrouter.sys [122000 2017-07-25] (Wacom Technology)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U4 npcap_wifi; no ImagePath
U4 npf_wifi; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-06 10:16 - 2017-11-06 10:17 - 000021958 _____ C:\Users\User\Downloads\FRST.txt
2017-11-06 10:15 - 2017-11-06 10:16 - 000000000 ____D C:\Users\User\Documents\Pictures 2017-11-06 10;15;52 (Full)
2017-11-06 10:15 - 2017-11-06 10:16 - 000000000 ____D C:\FRST
2017-11-06 10:09 - 2017-11-06 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-11-06 10:09 - 2017-11-06 10:09 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-11-05 15:38 - 2017-11-05 15:39 - 002403328 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-11-05 10:28 - 2017-11-05 10:32 - 000000000 _____ C:\Windows\system32\cd
2017-11-05 10:06 - 2017-11-05 10:07 - 000784152 _____ (McAfee, Inc.) C:\Users\User\Downloads\rootkitremover.exe
2017-11-04 17:15 - 2017-11-05 09:55 - 000003140 _____ C:\Windows\System32\Tasks\MSIAfterburner
2017-11-04 17:09 - 2017-11-04 17:09 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-04 17:05 - 2017-11-04 17:05 - 000115024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atnmptwz.sys
2017-11-04 16:42 - 2017-11-04 16:42 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\7FCB42B5.sys
2017-11-04 16:26 - 2017-11-04 16:35 - 014178840 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.10.3.1001.exe
2017-11-04 11:29 - 2017-11-04 11:29 - 000000000 ____D C:\Users\User\LyMetricsCache
2017-11-04 11:29 - 2017-11-04 11:29 - 000000000 ____D C:\Users\User\.aws
2017-11-04 11:29 - 2017-11-04 11:29 - 000000000 ____D C:\Amazon
2017-11-03 20:01 - 2017-11-04 13:54 - 000000000 ____D C:\Users\User\AppData\Local\Crytek
2017-11-03 20:01 - 2017-11-03 20:01 - 000000000 ____D C:\Users\User\AppData\Roaming\Crytek
2017-11-03 19:59 - 2017-11-03 20:01 - 000000000 ____D C:\ProgramData\Crytek
2017-11-03 19:59 - 2017-11-03 19:59 - 000000000 ____D C:\Users\User\Documents\CRYENGINE Projects
2017-11-03 19:02 - 2017-11-04 13:52 - 000000000 ____D C:\ProgramData\GFACE
2017-11-03 19:02 - 2017-11-03 19:02 - 000000000 ____D C:\Users\User\.cryengine
2017-11-03 19:01 - 2017-11-04 16:40 - 000000000 ____D C:\Users\User\AppData\Local\CRYENGINE_Launcher
2017-11-03 19:00 - 2017-11-03 19:00 - 000001886 _____ C:\Users\Public\Desktop\CRYENGINE Launcher.lnk
2017-11-03 19:00 - 2017-11-03 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CRYENGINE Launcher
2017-11-03 19:00 - 2017-11-03 19:00 - 000000000 ____D C:\Program Files (x86)\Crytek
2017-11-03 18:59 - 2017-11-03 19:00 - 071268984 _____ C:\Users\User\Downloads\ce-launcher.exe
2017-11-03 18:27 - 2017-11-03 18:27 - 000000000 ____D C:\ProgramData\Unity
2017-11-03 18:10 - 2017-11-03 18:10 - 000001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-11-03 18:09 - 2017-11-03 18:10 - 000000000 ____D C:\Users\User\AppData\Roaming\Visual Studio Setup
2017-11-03 18:09 - 2017-11-03 18:09 - 000000000 ____D C:\Users\User\AppData\Roaming\vstelemetry
2017-11-03 18:09 - 2017-11-03 18:09 - 000000000 ____D C:\Users\User\AppData\Local\ServiceHub
2017-11-03 18:09 - 2017-11-03 18:09 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-11-03 18:06 - 2017-11-03 18:06 - 000000000 ____D C:\Users\Public\Documents\Unity Projects
2017-11-03 17:55 - 2017-11-03 17:55 - 000000000 ____D C:\Program Files (x86)\GtkSharp
2017-11-03 17:53 - 2017-11-03 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2017.2.0f3 (64-bit)
2017-11-03 17:42 - 2017-11-03 17:42 - 000736264 _____ C:\Users\User\Downloads\UnityDownloadAssistant-2017.2.0f3.exe
2017-11-02 21:46 - 2017-11-02 21:46 - 000034855 _____ C:\Users\User\Downloads\[Underwater] Another - 01-12 + OVA (BD 1080p) [Batch].torrent
2017-11-02 21:16 - 2017-11-02 21:16 - 000025206 _____ C:\Users\User\Documents\cc_20171102_221623.reg
2017-11-02 14:47 - 2017-11-02 14:52 - 000000000 ____D C:\AdwCleaner
2017-11-02 14:47 - 2017-11-02 14:47 - 008261584 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_7.0.4.0.exe
2017-11-02 12:32 - 2017-11-02 12:33 - 108341282 _____ C:\Users\User\Downloads\obs-browser-1.29.zip
2017-11-02 10:25 - 2017-11-02 10:27 - 000000000 _____ C:\Windows\system32\last.dump
2017-11-02 10:02 - 2017-11-02 10:02 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\14257483.sys
2017-11-01 22:49 - 2017-11-01 22:49 - 000000000 ____D C:\Users\User\Downloads\theme1509598074
2017-11-01 22:47 - 2017-11-01 22:48 - 009414163 _____ C:\Users\User\Downloads\theme1509598074.zip
2017-11-01 21:50 - 2017-11-01 21:50 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\0ED4441F.sys
2017-11-01 21:50 - 2017-11-01 21:50 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\06A94446.sys
2017-11-01 20:50 - 2017-11-01 20:50 - 000188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\019715FE.sys
2017-11-01 20:45 - 2017-11-04 16:45 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-11-01 20:45 - 2017-11-04 16:44 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-11-01 20:45 - 2017-11-04 16:44 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-01 20:45 - 2017-11-02 21:04 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-11-01 20:45 - 2017-11-01 21:49 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-01 20:45 - 2017-11-01 20:45 - 000093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-01 20:45 - 2017-11-01 20:45 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-01 20:45 - 2017-11-01 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-01 20:44 - 2017-11-01 20:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-01 20:44 - 2017-11-01 20:44 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-01 20:40 - 2017-11-01 20:44 - 064025992 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-SEMFD.100SEM-3.1.2.1733-1.0.139-1.0.2060.exe
2017-11-01 11:02 - 2017-11-01 11:02 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-11-01 10:53 - 2017-11-01 11:01 - 000002360 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-01 10:28 - 2017-11-01 10:28 - 000096956 _____ C:\Users\User\Documents\cc_20171101_112815.reg
2017-11-01 10:26 - 2017-11-01 10:26 - 000003938 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-11-01 10:26 - 2017-11-01 10:26 - 000002868 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-11-01 10:26 - 2017-11-01 10:26 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-01 10:26 - 2017-11-01 10:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-01 10:26 - 2017-11-01 10:26 - 000000000 ____D C:\Program Files\CCleaner
2017-11-01 10:25 - 2017-11-01 10:26 - 010427120 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup536.exe
2017-10-30 20:33 - 2017-10-30 20:33 - 000016022 _____ C:\Users\User\Downloads\[JacobSwaggedUp] Owari no Seraph - Nagoya Kessen-hen [Season 2] (BD 1280x720).torrent
2017-10-24 13:47 - 2017-10-24 13:47 - 000003450 _____ C:\Users\User\Downloads\301BA23A103E7222B9D7D659E68585F7F105EE3E.torrent
2017-10-24 13:25 - 2017-10-24 13:25 - 000141057 _____ C:\Users\User\Downloads\E03BE7A214A475707A7201EA7614C60EDCCA19AE.torrent
2017-10-24 13:23 - 2017-10-24 13:23 - 000017388 _____ C:\Users\User\Downloads\9E61CD305C405B7BBFEFBC0119C90B3B79FF7BEF.torrent
2017-10-24 11:44 - 2017-10-24 11:44 - 000000000 ____D C:\Users\User\Downloads\Black Butler Complete 1-24+OVA[Dual Audio][720p HEVC x265][GokuSaiyan]
2017-10-24 11:44 - 2017-10-24 11:44 - 000000000 ____D C:\Users\User\Downloads\[DerpDesuYo] Owari no Seraph - Batch (BD 1920x1080 10bit FLAC)
2017-10-21 13:46 - 2017-10-21 13:46 - 000000000 ____D C:\Users\User\AppData\Local\OfficeBSCache-MyComputer
2017-10-20 21:49 - 2017-10-23 10:08 - 000000000 ____D C:\ProgramData\firebird
2017-10-20 21:49 - 2017-10-20 21:49 - 000001240 _____ C:\Users\User\Desktop\Chrysanth Diary [Free].lnk
2017-10-20 21:49 - 2017-10-20 21:49 - 000000000 ____D C:\Users\User\Documents\My Chrysanth
2017-10-20 21:49 - 2017-10-20 21:49 - 000000000 ____D C:\Users\User\AppData\Roaming\Chrysanth
2017-10-20 21:49 - 2017-10-20 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrysanth
2017-10-20 21:49 - 2017-10-20 21:49 - 000000000 ____D C:\Program Files (x86)\Chrysanth
2017-10-20 21:19 - 2017-10-20 21:33 - 015425945 _____ C:\Users\User\Downloads\Setup.zip
2017-10-20 20:59 - 2017-10-20 21:18 - 001938776 _____ (WiseCleaner.com ) C:\Users\User\Downloads\WRMSetup.exe
2017-10-19 09:59 - 2017-10-19 09:59 - 000626200 _____ (Amazon Web Services, Inc.) C:\Users\User\Downloads\LumberyardInstaller1.11.1.0.exe
2017-10-18 20:58 - 2017-10-18 20:58 - 013895026 _____ C:\Users\User\Downloads\01 Smooth Criminal (Crook County Remix).m4a
2017-10-12 14:35 - 2017-09-17 20:51 - 000178016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2017-10-12 14:35 - 2017-09-17 20:49 - 001260784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-10-12 14:35 - 2017-09-17 20:30 - 000232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2017-10-12 14:35 - 2017-09-17 20:28 - 000237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-10-12 14:35 - 2017-09-17 20:23 - 000816640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2017-10-12 14:35 - 2017-09-17 20:19 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2017-10-12 14:35 - 2017-09-17 20:19 - 000161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-10-12 14:35 - 2017-09-17 20:18 - 007470592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-10-12 14:35 - 2017-09-17 20:14 - 002682880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2017-10-12 14:35 - 2017-09-14 16:30 - 000291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollUI.dll
2017-10-12 14:35 - 2017-09-14 16:30 - 000194560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWB7.dll
2017-10-12 14:35 - 2017-09-13 20:04 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-10-12 14:35 - 2017-09-13 20:04 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-10-12 14:35 - 2017-09-13 20:04 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-10-12 14:34 - 2017-09-17 21:04 - 000918304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-10-12 14:34 - 2017-09-17 21:03 - 000791272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-10-12 14:34 - 2017-09-17 20:59 - 000341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-10-12 14:34 - 2017-09-17 20:55 - 001431240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2017-10-12 14:34 - 2017-09-17 20:52 - 020967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-10-12 14:34 - 2017-09-17 20:52 - 006672680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-12 14:34 - 2017-09-17 20:49 - 001435896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-10-12 14:34 - 2017-09-17 20:34 - 000095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2017-10-12 14:34 - 2017-09-17 20:31 - 000519168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ngccredprov.dll
2017-10-12 14:34 - 2017-09-17 20:31 - 000156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDeviceRegistration.dll
2017-10-12 14:34 - 2017-09-17 20:30 - 000147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VCardParser.dll
2017-10-12 14:34 - 2017-09-17 20:28 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsreg.dll
2017-10-12 14:34 - 2017-09-17 20:27 - 004615168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-10-12 14:34 - 2017-09-17 20:26 - 000538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-10-12 14:34 - 2017-09-17 20:26 - 000431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2017-10-12 14:34 - 2017-09-17 20:26 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2017-10-12 14:34 - 2017-09-17 20:25 - 002333184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-10-12 14:34 - 2017-09-17 20:25 - 000461824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-10-12 14:34 - 2017-09-17 20:24 - 007626240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-10-12 14:34 - 2017-09-17 20:24 - 000819200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2017-10-12 14:34 - 2017-09-17 20:24 - 000755200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-10-12 14:34 - 2017-09-17 20:23 - 000857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2017-10-12 14:34 - 2017-09-17 20:23 - 000636928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-10-12 14:34 - 2017-09-17 20:23 - 000297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-10-12 14:34 - 2017-09-17 20:23 - 000287744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2017-10-12 14:34 - 2017-09-17 20:22 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2017-10-12 14:34 - 2017-09-17 20:22 - 001137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2017-10-12 14:34 - 2017-09-17 20:20 - 002641920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-10-12 14:34 - 2017-09-17 20:20 - 000343040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2017-10-12 14:34 - 2017-09-17 20:19 - 002750976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-10-12 14:34 - 2017-09-17 20:16 - 003520512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2017-10-12 14:34 - 2017-09-17 20:15 - 006065152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 003663360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 002997760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-10-12 14:34 - 2017-09-17 20:14 - 002649600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 002483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 001599488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 001556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 001170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 000675840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 000657408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 000542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2017-10-12 14:34 - 2017-09-17 20:13 - 001013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2017-10-12 14:34 - 2017-09-17 20:13 - 000886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-10-12 14:34 - 2017-09-17 20:13 - 000773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-10-12 14:34 - 2017-09-17 20:13 - 000598528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2017-10-12 14:34 - 2017-09-17 20:13 - 000589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2017-10-12 14:34 - 2017-09-17 20:13 - 000164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2017-10-12 14:34 - 2017-09-17 20:11 - 000783360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2017-10-12 14:34 - 2017-09-17 20:11 - 000450048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll
2017-10-12 14:34 - 2017-09-14 16:30 - 000185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2017-10-12 14:34 - 2017-09-14 16:30 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dinput8.dll
2017-10-12 14:34 - 2017-09-14 16:30 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-12 14:34 - 2017-09-14 16:28 - 000136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dinput.dll
2017-10-12 14:34 - 2017-09-14 16:27 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-10-12 14:34 - 2017-09-14 16:26 - 001167360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-10-12 14:34 - 2017-09-14 16:26 - 000636928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2017-10-12 14:34 - 2017-09-14 16:26 - 000359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certreq.exe
2017-10-12 14:34 - 2017-09-14 16:25 - 000529920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2017-10-12 14:34 - 2017-09-14 16:15 - 003106304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-10-12 14:34 - 2017-03-04 00:28 - 000224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2017-10-12 14:34 - 2017-03-04 00:24 - 000088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-10-12 14:34 - 2017-03-04 00:23 - 000299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2017-10-12 14:34 - 2017-03-04 00:18 - 000567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2017-10-12 14:34 - 2017-03-04 00:16 - 000368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2017-10-12 14:34 - 2017-03-04 00:00 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-10-12 14:34 - 2017-03-04 00:00 - 000711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2017-10-12 14:33 - 2017-09-17 21:27 - 001651552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.AppAgent.dll
2017-10-12 14:33 - 2017-09-17 21:27 - 000218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-10-12 14:33 - 2017-09-17 21:22 - 001470816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2017-10-12 14:33 - 2017-09-17 21:05 - 000497424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-10-12 14:33 - 2017-09-17 21:04 - 001706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-10-12 14:33 - 2017-09-17 20:55 - 005722320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2017-10-12 14:33 - 2017-09-17 20:54 - 001980768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2017-10-12 14:33 - 2017-09-17 20:52 - 004023560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-10-12 14:33 - 2017-09-17 20:52 - 001845512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-10-12 14:33 - 2017-09-17 20:52 - 001360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-10-12 14:33 - 2017-09-17 20:52 - 001277856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-10-12 14:33 - 2017-09-17 20:52 - 000981888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-10-12 14:33 - 2017-09-17 20:49 - 001412128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-10-12 14:33 - 2017-09-17 20:48 - 000117792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-10-12 14:33 - 2017-09-17 20:33 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-10-12 14:33 - 2017-09-17 20:29 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2017-10-12 14:33 - 2017-09-17 20:26 - 000298496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2017-10-12 14:33 - 2017-09-17 20:26 - 000284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2017-10-12 14:33 - 2017-09-17 20:26 - 000125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2017-10-12 14:33 - 2017-09-17 20:23 - 000238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2017-10-12 14:33 - 2017-09-17 20:21 - 018364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-10-12 14:33 - 2017-09-17 20:20 - 019414016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-10-12 14:33 - 2017-09-17 20:18 - 012204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-10-12 14:33 - 2017-09-17 20:17 - 000641024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-10-12 14:33 - 2017-09-17 20:14 - 006474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-10-12 14:33 - 2017-09-17 20:14 - 002740224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2017-10-12 14:33 - 2017-09-17 20:13 - 000751104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-10-12 14:33 - 2017-09-14 16:59 - 000096064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmcmnutils.dll
2017-10-12 14:33 - 2017-09-14 16:52 - 000136032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostUser.dll
2017-10-12 14:33 - 2017-09-14 16:49 - 001202936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-10-12 14:33 - 2017-09-14 16:39 - 000512000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2017-10-12 14:33 - 2017-09-14 16:39 - 000037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2017-10-12 14:33 - 2017-09-14 16:31 - 000328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2017-10-12 14:33 - 2017-09-14 16:28 - 000311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-10-12 14:33 - 2017-09-14 16:21 - 000566272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2017-10-12 14:22 - 2017-09-17 21:18 - 002414432 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.AppAgent.dll
2017-10-12 14:22 - 2017-09-17 21:17 - 001564512 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-10-12 14:22 - 2017-09-17 21:17 - 000245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-10-12 14:22 - 2017-09-17 21:17 - 000136032 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 001408352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 001054048 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000992096 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000813408 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000779616 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000766304 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000699232 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000513376 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000412512 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000076128 _____ (Microsoft Corporation) C:\Windows\system32\SyncAppvPublishingServer.exe
2017-10-12 14:22 - 2017-09-17 21:13 - 002170720 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2017-10-12 14:22 - 2017-09-17 21:13 - 001670496 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2017-10-12 14:22 - 2017-09-17 21:13 - 000704352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2017-10-12 14:22 - 2017-09-17 21:13 - 000567136 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2017-10-12 14:22 - 2017-09-17 21:13 - 000241504 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe
2017-10-12 14:22 - 2017-09-17 21:13 - 000202592 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamingUX.dll
2017-10-12 14:22 - 2017-09-17 21:09 - 007780192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-12 14:22 - 2017-09-17 21:09 - 002213760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-10-12 14:22 - 2017-09-17 21:09 - 000646688 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-10-12 14:22 - 2017-09-17 21:09 - 000133984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-12 14:22 - 2017-09-17 21:08 - 002253664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-12 14:22 - 2017-09-17 21:08 - 000998920 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-10-12 14:22 - 2017-09-17 21:05 - 001177688 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-12 14:22 - 2017-09-17 21:05 - 000172536 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-12 14:22 - 2017-09-17 21:05 - 000168800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-12 14:22 - 2017-09-17 21:04 - 000404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-12 14:22 - 2017-09-17 21:02 - 007213464 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2017-10-12 14:22 - 2017-09-17 21:02 - 001860288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2017-10-12 14:22 - 2017-09-17 21:01 - 002446704 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-10-12 14:22 - 2017-09-17 21:01 - 000624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-10-12 14:22 - 2017-09-17 21:01 - 000431456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-10-12 14:22 - 2017-09-17 21:01 - 000223072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-12 14:22 - 2017-09-17 21:00 - 001072248 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-10-12 14:22 - 2017-09-17 20:59 - 022220864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-10-12 14:22 - 2017-09-17 20:59 - 008173672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2017-10-12 14:22 - 2017-09-17 20:59 - 004260072 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-10-12 14:22 - 2017-09-17 20:59 - 001983408 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-10-12 14:22 - 2017-09-17 20:59 - 001702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-10-12 14:22 - 2017-09-17 20:59 - 000241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-10-12 14:22 - 2017-09-17 20:58 - 001600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-10-12 14:22 - 2017-09-17 20:58 - 000206688 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2017-10-12 14:22 - 2017-09-17 20:57 - 001566552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-10-12 14:22 - 2017-09-17 20:57 - 001460696 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-10-12 14:22 - 2017-09-17 20:57 - 001415712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-12 14:22 - 2017-09-17 20:56 - 000057408 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-12 14:22 - 2017-09-17 20:36 - 022570496 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-10-12 14:22 - 2017-09-17 20:35 - 000372736 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2017-10-12 14:22 - 2017-09-17 20:33 - 000119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2017-10-12 14:22 - 2017-09-17 20:33 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\TransliterationRanker.dll
2017-10-12 14:22 - 2017-09-17 20:32 - 000177152 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-12 14:22 - 2017-09-17 20:32 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\jpninputrouter.dll
2017-10-12 14:22 - 2017-09-17 20:32 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\EmojiDS.dll
2017-10-12 14:22 - 2017-09-17 20:32 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-12 14:22 - 2017-09-17 20:31 - 006288384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-10-12 14:22 - 2017-09-17 20:31 - 000239104 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-10-12 14:22 - 2017-09-17 20:31 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-12 14:22 - 2017-09-17 20:31 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\RuleBasedDS.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\jpnranker.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000257536 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000196096 _____ (Microsoft Corporation) C:\Windows\system32\UserDeviceRegistration.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000174592 _____ C:\Windows\system32\IHDS.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\VocabRoamingHandler.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000117760 _____ (Microsoft Corporation) C:\Windows\system32\StaticDictDS.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000101888 _____ (Microsoft Corporation) C:\Windows\system32\UserDeviceRegistration.Ngc.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000095232 _____ (Microsoft Corporation) C:\Windows\system32\chxranker.dll
2017-10-12 14:22 - 2017-09-17 20:29 - 009129984 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-10-12 14:22 - 2017-09-17 20:29 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\ChsStrokeDS.dll
2017-10-12 14:22 - 2017-09-17 20:29 - 000411136 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2017-10-12 14:22 - 2017-09-17 20:29 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2017-10-12 14:22 - 2017-09-17 20:29 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\VCardParser.dll
2017-10-12 14:22 - 2017-09-17 20:28 - 000536064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-12 14:22 - 2017-09-17 20:28 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\ChtHkStrokeDS.dll
2017-10-12 14:22 - 2017-09-17 20:28 - 000335872 _____ (Microsoft Corporation) C:\Windows\system32\ChsPinyinRanker.dll
2017-10-12 14:22 - 2017-09-17 20:28 - 000290816 _____ (Microsoft Corporation) C:\Windows\system32\MtfDecoder.dll
2017-10-12 14:22 - 2017-09-17 20:28 - 000289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-10-12 14:22 - 2017-09-17 20:28 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentActivation.dll
2017-10-12 14:22 - 2017-09-17 20:28 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2017-10-12 14:22 - 2017-09-17 20:28 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000719872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2017-10-12 14:22 - 2017-09-17 20:27 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000626176 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000590336 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000497152 _____ (Microsoft Corporation) C:\Windows\system32\ChxAPDS.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000480768 _____ (Microsoft Corporation) C:\Windows\system32\msimeChsPinyinMainDS.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000469504 _____ (Microsoft Corporation) C:\Windows\system32\ChxHAPDS.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000422400 _____ (Microsoft Corporation) C:\Windows\system32\ChtCangjieDS.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000410624 _____ (Microsoft Corporation) C:\Windows\system32\ChtQuickDS.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000407552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000379904 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000349184 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-12 14:22 - 2017-09-17 20:27 - 000336384 _____ (Microsoft Corporation) C:\Windows\system32\jpndecoder.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000329728 _____ (Microsoft Corporation) C:\Windows\system32\chxinputrouter.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000326656 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000295424 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000268800 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 002716672 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 000805888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 000686592 _____ (Microsoft Corporation) C:\Windows\system32\dsregcmd.exe
2017-10-12 14:22 - 2017-09-17 20:26 - 000562176 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\dsreg.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 000396800 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 000384000 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 000283136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-12 14:22 - 2017-09-17 20:26 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2017-10-12 14:22 - 2017-09-17 20:25 - 001914368 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2017-10-12 14:22 - 2017-09-17 20:25 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-10-12 14:22 - 2017-09-17 20:25 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2017-10-12 14:22 - 2017-09-17 20:25 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\RjvMDMConfig.dll
2017-10-12 14:22 - 2017-09-17 20:24 - 013107712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-12 14:22 - 2017-09-17 20:24 - 002103808 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2017-10-12 14:22 - 2017-09-17 20:24 - 001589760 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2017-10-12 14:22 - 2017-09-17 20:24 - 001584640 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2017-10-12 14:22 - 2017-09-17 20:24 - 000713216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-12 14:22 - 2017-09-17 20:24 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-12 14:22 - 2017-09-17 20:23 - 000442368 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2017-10-12 14:22 - 2017-09-17 20:22 - 004749824 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-10-12 14:22 - 2017-09-17 20:22 - 003291648 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-10-12 14:22 - 2017-09-17 20:22 - 000883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-10-12 14:22 - 2017-09-17 20:22 - 000352256 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2017-10-12 14:22 - 2017-09-17 20:22 - 000198144 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-12 14:22 - 2017-09-17 20:20 - 023677952 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-12 14:22 - 2017-09-17 20:20 - 000937984 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-10-12 14:22 - 2017-09-17 20:20 - 000284160 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2017-10-12 14:22 - 2017-09-17 20:19 - 001060352 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
2017-10-12 14:22 - 2017-09-17 20:19 - 000549376 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-10-12 14:22 - 2017-09-17 20:19 - 000519168 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2017-10-12 14:22 - 2017-09-17 20:18 - 008114688 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-10-12 14:22 - 2017-09-17 20:18 - 008077312 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-10-12 14:22 - 2017-09-17 20:18 - 001145344 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2017-10-12 14:22 - 2017-09-17 20:18 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2017-10-12 14:22 - 2017-09-17 20:18 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2017-10-12 14:22 - 2017-09-17 20:18 - 000932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-12 14:22 - 2017-09-17 20:18 - 000330752 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnrSvc.dll
2017-10-12 14:22 - 2017-09-17 20:17 - 003401216 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-12 14:22 - 2017-09-17 20:17 - 002279424 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-10-12 14:22 - 2017-09-17 20:17 - 001783296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-12 14:22 - 2017-09-17 20:17 - 000779776 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2017-10-12 14:22 - 2017-09-17 20:16 - 004743168 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-12 14:22 - 2017-09-17 20:16 - 004596224 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2017-10-12 14:22 - 2017-09-17 20:16 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 003202048 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 002919936 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 002800128 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 002538496 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 002370048 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 001692160 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 001282048 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 001231360 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 000893952 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 003615744 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-10-12 14:22 - 2017-09-17 20:14 - 002897408 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 002321408 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 001518080 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-10-12 14:22 - 2017-09-17 20:14 - 001328640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 001040896 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000983552 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000971264 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000913920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000908800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000903680 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-12 14:22 - 2017-09-17 20:14 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000799744 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000774656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000765440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000650752 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-10-12 14:22 - 2017-09-17 20:13 - 001726976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2017-10-12 14:22 - 2017-09-17 20:13 - 001121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-10-12 14:22 - 2017-09-17 20:13 - 000924672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2017-10-12 14:22 - 2017-09-17 20:13 - 000203264 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2017-10-12 14:22 - 2017-09-17 20:12 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2017-10-12 14:22 - 2017-09-17 20:12 - 000532992 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll
2017-10-12 14:22 - 2017-09-17 20:12 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2017-10-12 14:22 - 2017-09-17 20:11 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\trie.dll
2017-10-12 14:22 - 2017-09-17 20:11 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\MTFFuzzyDS.dll
2017-10-12 14:22 - 2017-09-17 20:11 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\MTFSpellcheckDS.dll
2017-10-12 14:22 - 2017-09-14 17:14 - 000119328 _____ (Microsoft Corporation) C:\Windows\system32\dmcmnutils.dll
2017-10-12 14:22 - 2017-09-14 17:05 - 001302136 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-10-12 14:22 - 2017-09-14 16:39 - 002233344 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppAgent.dll
2017-10-12 14:22 - 2017-09-14 16:39 - 001227264 _____ (Microsoft Corporation) C:\Windows\system32\AgentService.exe
2017-10-12 14:22 - 2017-09-14 16:39 - 001222144 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CommonBridge.dll
2017-10-12 14:22 - 2017-09-14 16:39 - 001165824 _____ (Microsoft Corporation) C:\Windows\system32\ApplySettingsTemplateCatalog.exe
2017-10-12 14:22 - 2017-09-14 16:39 - 000768512 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.PrinterCustomActions.dll
2017-10-12 14:22 - 2017-09-14 16:39 - 000744960 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Office2013CustomActions.dll
2017-10-12 14:22 - 2017-09-14 16:39 - 000419328 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CscUnpinTool.exe
2017-10-12 14:22 - 2017-09-14 16:39 - 000298496 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ConfigWrapper.dll
2017-10-12 14:22 - 2017-09-14 16:38 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Office2010CustomActions.dll
2017-10-12 14:22 - 2017-09-14 16:32 - 000326144 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollUI.dll
2017-10-12 14:22 - 2017-09-14 16:32 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\MSWB7.dll
2017-10-12 14:22 - 2017-09-14 16:32 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\dinput8.dll
2017-10-12 14:22 - 2017-09-14 16:32 - 000162304 _____ (Microsoft Corporation) C:\Windows\system32\dinput.dll
2017-10-12 14:22 - 2017-09-14 16:32 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-12 14:22 - 2017-09-14 16:31 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2017-10-12 14:22 - 2017-09-14 16:31 - 000280576 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2017-10-12 14:22 - 2017-09-14 16:30 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-10-12 14:22 - 2017-09-14 16:29 - 000352256 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-10-12 14:22 - 2017-09-14 16:25 - 000821248 _____ (Microsoft Corporation) C:\Windows\system32\comuid.dll
2017-10-12 14:22 - 2017-09-14 16:25 - 000675328 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2017-10-12 14:22 - 2017-09-14 16:24 - 000981504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2017-10-12 14:22 - 2017-09-14 16:24 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\certreq.exe
2017-10-12 14:22 - 2017-09-14 16:23 - 000560128 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2017-10-12 14:22 - 2017-09-14 16:22 - 000987648 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-10-12 14:22 - 2017-09-14 16:22 - 000820736 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-10-12 14:22 - 2017-09-14 16:22 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2017-10-12 14:22 - 2017-09-14 16:20 - 002852864 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-10-12 14:22 - 2017-09-14 16:19 - 001421824 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-10-12 14:22 - 2017-09-14 16:19 - 000928256 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2017-10-12 14:22 - 2017-09-14 16:18 - 003299840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-10-12 14:22 - 2017-09-14 16:18 - 000273920 _____ (Microsoft Corporation) C:\Windows\system32\umrdp.dll
2017-10-12 14:22 - 2017-09-14 16:17 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsusbhub.sys
2017-10-12 14:22 - 2017-09-14 16:16 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2017-10-12 14:22 - 2017-03-04 01:10 - 000360040 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2017-10-12 14:22 - 2017-03-04 00:25 - 000748544 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2017-10-12 14:22 - 2017-03-04 00:23 - 001184256 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2017-10-12 14:22 - 2017-03-04 00:11 - 001643008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2017-10-12 14:22 - 2017-03-04 00:07 - 001064448 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-10-12 14:22 - 2017-03-04 00:03 - 000119808 ____R (Microsoft Corporation) C:\Windows\system32\SecureAssessmentHandlers.dll
2017-10-12 14:22 - 2016-08-26 23:12 - 000244816 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-10-12 14:22 - 2016-08-05 22:16 - 000026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-10-12 14:22 - 2016-08-02 02:13 - 001081856 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2017-10-12 14:21 - 2017-09-17 20:32 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-10-12 14:21 - 2017-09-14 16:34 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2017-10-12 09:51 - 2017-10-12 09:51 - 006378177 _____ C:\Users\User\Documents\wraith.dae
2017-10-11 15:43 - 2017-10-11 15:43 - 001688965 _____ C:\Users\User\Documents\wraith.obj
2017-10-11 15:43 - 2017-10-11 15:43 - 000000762 _____ C:\Users\User\Documents\wraith.mtl
2017-10-11 14:46 - 2017-10-11 14:46 - 000000000 ____D C:\ProgramData\Reprise
2017-10-11 10:07 - 2017-10-11 10:07 - 000000000 ____D C:\Users\User\Documents\xgen
2017-10-11 09:53 - 2017-10-11 09:53 - 000000000 ____D C:\ProgramData\FLEXnet
2017-10-11 09:51 - 2017-10-11 10:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Autodesk
2017-10-11 09:51 - 2017-10-11 10:06 - 000000000 ____D C:\Users\User\AppData\Local\Autodesk
2017-10-11 09:50 - 2017-10-11 09:50 - 000000000 ____D C:\Program Files (x86)\Autodesk
2017-10-11 09:47 - 2017-10-12 11:22 - 000000000 ____D C:\Users\User\Documents\maya
2017-10-11 09:47 - 2017-10-11 09:47 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MtoA 2.0.1 Maya 2018
2017-10-11 09:47 - 2017-10-11 09:47 - 000000000 ____D C:\solidangle
2017-10-11 09:43 - 2017-10-11 09:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-10-11 09:43 - 2017-10-11 09:43 - 000001812 _____ C:\Users\Public\Desktop\Maya 2018.lnk
2017-10-11 09:43 - 2017-10-11 09:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Maya 2018
2017-10-11 09:28 - 2017-10-11 09:48 - 000000000 ____D C:\Program Files\Autodesk
2017-10-11 09:22 - 2017-10-11 09:47 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-10-11 09:22 - 2017-10-11 09:22 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2017-10-11 09:19 - 2017-10-11 10:06 - 000000000 ____D C:\ProgramData\Autodesk
2017-10-11 09:15 - 2017-10-11 09:15 - 000000000 ____D C:\Autodesk
2017-10-10 18:19 - 2017-10-10 18:19 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-09 12:37 - 2017-10-09 12:37 - 000153857 _____ C:\Users\User\Downloads\DLtkA3_V4AAnmn3.jpg-large
2017-10-07 13:43 - 2017-10-07 13:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2017-10-07 13:42 - 2017-10-07 13:42 - 000002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-07 13:39 - 2017-10-07 13:39 - 001130328 _____ (Google Inc.) C:\Users\User\Downloads\ChromeSetup.exe
2017-10-07 13:39 - 2017-10-07 13:39 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-07 13:39 - 2017-10-07 13:39 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-06 10:19 - 2017-08-31 12:35 - 000000000 ____D C:\Users\User\AppData\Local\Free Download Manager
2017-11-06 10:06 - 2017-08-05 14:47 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-11-06 10:02 - 2017-08-06 13:07 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-06 08:45 - 2017-08-15 18:01 - 000004268 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-11-06 04:52 - 2017-08-06 23:50 - 000004162 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F5A599CA-FE33-4D0E-86BB-8A920302AF73}
2017-11-05 23:04 - 2017-08-06 19:08 - 000000000 ____D C:\Users\User\AppData\Roaming\WTablet
2017-11-05 10:40 - 2017-09-19 05:17 - 000000000 ____D C:\Users\User\AppData\Local\wiakxrl
2017-11-04 17:06 - 2017-09-19 05:11 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\msidntfs.sys
2017-11-04 17:06 - 2017-08-05 14:48 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-04 17:05 - 2016-07-16 00:04 - 013107200 _____ C:\Windows\system32\config\HARDWARE
2017-11-04 17:05 - 2016-07-16 00:04 - 000262144 _____ C:\Windows\system32\config\BBI
2017-11-04 13:48 - 2017-08-05 13:05 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-03 18:58 - 2017-08-07 15:41 - 000000000 ____D C:\Program Files\Unity
2017-11-03 18:03 - 2016-07-16 05:36 - 000000000 ____D C:\Windows\CbsTemp
2017-11-03 17:41 - 2017-08-16 10:00 - 000000000 ____D C:\Users\User\Documents\New Unity Project
2017-11-03 17:38 - 2017-09-16 20:59 - 000000000 ____D C:\Users\User\Documents\smile
2017-11-02 21:08 - 2017-08-06 20:10 - 000000000 ____D C:\Users\User\AppData\Roaming\discord
2017-11-02 15:20 - 2016-07-16 05:45 - 000000000 ____D C:\Windows\INF
2017-11-02 15:10 - 2017-08-06 13:39 - 000000000 ____D C:\Program Files\rempl
2017-11-02 13:55 - 2017-08-10 15:28 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-11-02 13:44 - 2017-09-02 20:22 - 000000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2017-11-02 10:15 - 2016-07-16 05:47 - 000000000 ____D C:\Windows\AppReadiness
2017-11-01 23:06 - 2017-08-06 16:56 - 000001456 _____ C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-11-01 20:53 - 2017-08-05 13:19 - 000000000 ____D C:\Program Files\KMSpico
2017-11-01 20:32 - 2017-09-19 03:48 - 000000000 ____D C:\Program Files\Lightworks
2017-11-01 16:24 - 2017-09-06 11:31 - 000000033 _____ C:\Users\User\AppData\Roaming\AdobeWLCMCache.dat
2017-11-01 11:48 - 2017-09-21 11:41 - 000000000 ____D C:\Users\User\AppData\Roaming\MPC-HC
2017-11-01 11:01 - 2017-08-05 13:01 - 000003372 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2419917656-2055917082-45752995-1001
2017-11-01 11:01 - 2017-08-05 13:00 - 000000000 ___RD C:\Users\User\OneDrive
2017-11-01 10:50 - 2017-08-08 14:24 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2017-11-01 10:30 - 2017-08-05 15:46 - 000000000 ____D C:\Windows\Panther
2017-11-01 02:50 - 2017-09-19 05:17 - 000000000 ____D C:\Users\User\AppData\Local\vsidhrk
2017-10-31 23:34 - 2016-07-16 05:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-29 16:10 - 2017-08-10 18:07 - 000000000 ____D C:\Users\User\AppData\Local\Deployment
2017-10-26 10:46 - 2017-08-15 18:01 - 001029872 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-10-23 21:48 - 2016-07-16 05:47 - 000000000 ____D C:\Windows\rescache
2017-10-21 19:12 - 2016-07-16 05:47 - 000000000 ____D C:\Windows\system32\NDF
2017-10-21 15:04 - 2017-09-30 18:34 - 000000000 ____D C:\Users\User\Documents\Fanfic
2017-10-19 01:45 - 2017-08-05 12:59 - 001150952 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-19 01:41 - 2017-08-05 12:57 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-19 01:39 - 2017-08-06 19:07 - 000346592 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-19 01:37 - 2016-07-16 05:47 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2017-10-19 01:37 - 2016-07-16 05:47 - 000000000 ____D C:\Windows\system32\oobe
2017-10-19 01:37 - 2016-07-16 05:47 - 000000000 ____D C:\Windows\ShellExperiences
2017-10-12 16:27 - 2017-09-15 14:16 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-12 16:27 - 2017-09-15 14:16 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 09:44 - 2017-09-03 20:26 - 000000000 ____D C:\tmp
2017-10-10 21:29 - 2017-10-06 14:20 - 005281428 _____ C:\Users\User\Documents\wraith.blend
2017-10-10 21:06 - 2017-10-06 14:20 - 005258276 _____ C:\Users\User\Documents\wraith.blend1
2017-10-10 18:24 - 2017-08-06 19:29 - 000000000 ____D C:\Windows\system32\MRT
2017-10-10 18:19 - 2017-08-06 19:29 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-10 18:11 - 2017-09-03 11:36 - 000000000 ____D C:\Users\User\Documents\laurie
2017-10-07 13:42 - 2017-08-06 16:33 - 000000000 ____D C:\Program Files\Tablet
2017-10-07 13:42 - 2017-08-05 13:36 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-07 13:39 - 2017-10-02 13:28 - 000000000 ____D C:\Users\User\AppData\Local\MicrosoftEdge
 
==================== Files in the root of some directories =======
 
2017-09-06 11:31 - 2017-11-01 16:24 - 000000033 _____ () C:\Users\User\AppData\Roaming\AdobeWLCMCache.dat
2017-08-27 11:47 - 2017-08-27 11:51 - 316729293 _____ () C:\Users\User\AppData\Local\ACCCx4_2_0_218.zip.aamdownload
2017-08-27 11:47 - 2017-08-27 11:51 - 000003546 _____ () C:\Users\User\AppData\Local\ACCCx4_2_0_218.zip.aamdownload.aamd
2017-08-06 16:56 - 2017-11-01 23:06 - 000001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-08-07 11:40 - 2017-08-07 11:53 - 001065984 _____ () C:\Users\User\AppData\Local\file__0.localstorage
2017-09-23 15:38 - 2017-09-23 15:38 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-02 09:09
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by User (06-11-2017 10:19:57)
Running from C:\Users\User\Downloads
Windows 10 Pro Version 1607 14393.1770 (X64) (2017-08-05 18:54:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2419917656-2055917082-45752995-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2419917656-2055917082-45752995-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2419917656-2055917082-45752995-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2419917656-2055917082-45752995-501 - Limited - Disabled)
User (S-1-5-21-2419917656-2055917082-45752995-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Illustrator (HKLM\...\{780AAB64-C5AB-4CC5-9096-02F8671E5179}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_1_0) (Version: 21.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Advanced Micro Devices, Inc.)
Autodesk Certificate Package  (x64) - 5.1.4 (HKLM\...\{79D5E475-5EAB-4474-84F5-BD612337A175}) (Version: 5.1.4.100 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.6.378 - Autodesk)
Autodesk License Service (x64) - 5.1.5 (HKLM\...\{3609A8D9-FC0C-4C9B-9F58-0B1D1A4FE556}) (Version: 5.1.5.0 - Autodesk)
Autodesk Maya 2018 (HKLM\...\{DBC07F9F-5C44-4E76-8805-A970807DBD6B}) (Version: 18.0.0.5870 - Autodesk) Hidden
Autodesk Maya 2018 (HKLM\...\Autodesk Maya 2018) (Version: 18.0.0.5870 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Bifrost for Maya 2018 (HKLM\...\{88F9B0C0-F303-45AD-8FC8-48373B4479BD}) (Version: 1.5.0.0 - Autodesk)
Bifrost for Maya 2018 1.5.0.0 (HKLM\...\Bifrost for Maya 2018) (Version:  - )
Blender (HKLM\...\{DEA73CCA-7EC9-41EA-8509-1041C1CABFD0}) (Version: 2.78.3 - Blender Foundation)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Chrysanth Diary [Free] (HKLM-x32\...\AC970D9B-E5C8-44D8-910B-D763DDF6D32A_is1) (Version: 5.3 - Chrysanth Software Sdn. Bhd.)
Cityographer (HKLM-x32\...\Cityographer_0) (Version:  - Inkwell Ideas)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
CRYENGINE Launcher (HKLM-x32\...\{F7916573-4BDD-4A9F-9E2F-CC8107845DC3}) (Version: 1.0.0 - Crytek GmbH)
DesignDoll (HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\a94d3e1b3ab3bea6) (Version: 1.4.0.0 - Terawell)
Discord (HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
DragonBonesPro (HKLM-x32\...\DragonBonesPro) (Version: 5.0.0 - Egret Technology Inc)
FirestormOS-Releasex64 (HKLM\...\FirestormOS-Releasex64) (Version: 5.0.7.52912 - The Phoenix Firestorm Project, Inc.)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
K-Lite Codec Pack 13.5.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.5.0 - KLCP)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Marvelous Designer 5 Enterprise (HKLM-x32\...\Marvelous Designer 5 Enterprise) (Version:  - CLO Virtual Fashion Inc.)
MediBang Paint Pro 11.0 (64-bit) (HKLM\...\MediBang Paint Pro_is1) (Version: 11.0 - Medibang)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.12.111.1002 - Microsoft Corporation)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
MtoA for Maya 2018 (HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\MtoA2018) (Version: 2.0.1 - Solid Angle)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
Npcap 0.93 (HKLM-x32\...\NpcapInst) (Version: 0.93 - Nmap Project)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.1 beta r2838 - )
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
RPG Maker MV (HKLM-x32\...\RPG Maker MV_is1) (Version: 1.4.0 - KADOKAWA)
Snaz version 1.12.6.0 (HKLM-x32\...\{70A76031-FDC6-4F9B-BB5C-33776703F45A}_is1) (Version: 1.12.6.0 - JimsApps)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Unfold3D Magic Edition (HKLM-x32\...\{28F42D42-11A2-4A29-99D7-FABC1F80AFA1}) (Version: 4.0.0 - Polygonal Design)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{17515373-7495-4995-9089-B7D6DF455C38}) (Version: 2.6.0.0 - Microsoft Corporation)
VSDC Free Video Editor version 5.7.8.724 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.8.724 - Flash-Integro LLC)
VTFEdit 1.3.3 (HKLM\...\VTFEdit_is1) (Version:  - Neil Jedrzejewski & Ryan Gregg)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.24-5 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2419917656-2055917082-45752995-1001_Classes\CLSID\{4748f905-8e44-41b5-8022-b8c17c1331b3}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ContextMenuHandlers1: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2016-09-16] (Stardock)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2016-09-16] (Stardock)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2016-09-16] (Stardock)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ContextMenuHandlers6: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2016-09-16] (Stardock)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0121EFC9-5600-454E-8EAD-0580188E0510} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2016-10-24] ()
Task: {047F7D51-5A72-4A81-9AD7-F2D43CFB4887} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {06CEC94D-E4C8-449F-86C2-2C7EE6B4055E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {1DF194D5-8219-405E-91C6-4E391EA91919} - System32\Tasks\{225B0ED8-1B16-4AC7-A9D9-792BADC20B34} => C:\Windows\system32\pcalua.exe -a C:\Users\User\AppData\Roaming\Microsoft\BlockAdsPro\BlockAdsPro.exe -c /u
Task: {26F819D0-4C83-4000-911A-1E11CC194246} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-05] (AVAST Software)
Task: {2F6B42BD-A1F8-4E8C-88DF-129493DE397A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {4813F46C-7A89-470B-B6FC-265676239D29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-07] (Google Inc.)
Task: {51AD8FF0-D6F2-4781-A4BE-A768A7506C48} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {60C5DC17-49E9-4BE9-B03C-6D82D3A72E82} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [2017-07-26] (FreeDownloadManager.org)
Task: {66EAB458-B47C-4AE6-BAE7-C03177F4F660} - System32\Tasks\{583C3B01-C487-4B2D-9258-B988699F883F} => C:\Windows\system32\pcalua.exe -a C:\Users\User\AppData\Local\uninstallce.exe
Task: {68529DF2-6B56-4319-97EB-513028CA43F6} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-09-01] ()
Task: {84332D1C-AEE8-4A46-8F60-D7E1F0965B2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {BC11B02D-0536-48CF-A5D3-FEA63FC2805E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-07] (Google Inc.)
Task: {E7B65DBA-BC98-49FA-B9A0-E8D843913054} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-08-31 12:35 - 2017-07-26 09:16 - 000029696 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll
2016-07-16 05:42 - 2016-07-16 05:42 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-09-13 10:59 - 2017-09-07 00:01 - 002681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-08-06 16:33 - 2017-09-13 15:46 - 001658312 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-09-02 23:12 - 2017-09-02 23:12 - 000095744 _____ () C:\Windows\Womtrust.dll
2016-10-25 08:57 - 2016-10-25 08:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-11-10 10:55 - 2015-11-10 10:55 - 008901800 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-08-06 13:16 - 2016-09-06 22:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-08-06 13:16 - 2017-03-04 00:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-08-31 12:35 - 2017-04-13 10:42 - 002158592 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avformat-57.dll
2017-08-31 12:35 - 2017-04-13 10:42 - 000485376 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avutil-55.dll
2017-08-31 12:35 - 2017-04-13 10:42 - 012242432 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avcodec-57.dll
2017-08-31 12:35 - 2017-04-13 10:42 - 001825792 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avfilter-6.dll
2017-08-31 12:35 - 2017-04-13 10:42 - 000662016 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swscale-4.dll
2017-08-31 12:35 - 2017-04-13 10:42 - 000138752 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swresample-2.dll
2017-08-31 12:35 - 2017-07-26 09:17 - 000100864 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winunivappfeatures.dll
2017-08-31 12:35 - 2017-04-13 10:46 - 069740544 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libcef.dll
2017-08-31 12:35 - 2017-04-13 10:45 - 002323456 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libglesv2.dll
2017-08-31 12:35 - 2017-04-13 10:45 - 000094208 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libegl.dll
2017-07-28 14:06 - 2017-07-28 14:06 - 000023040 _____ () C:\Program Files\Rainmeter\Plugins\InputText.dll
2017-07-28 14:05 - 2017-07-28 14:05 - 000130560 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.dll
2016-10-25 08:57 - 2016-10-25 08:57 - 031723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-10-05 08:14 - 2017-10-05 08:14 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-10-07 13:42 - 2017-09-21 01:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-10-07 13:42 - 2017-09-21 01:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-09-18 20:37 - 2017-09-18 20:37 - 000914432 _____ () C:\Users\User\AppData\Local\wiakxrl\wiakxrl.exe
2017-08-20 11:38 - 2017-08-20 11:38 - 001087488 _____ () C:\Users\User\AppData\Local\wiakxrl\pssetri.exe
2017-10-25 00:41 - 2017-10-25 01:18 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-10-25 00:41 - 2017-10-25 01:18 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-10-25 00:41 - 2017-10-25 01:18 - 025446400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-10-25 00:41 - 2017-10-25 01:18 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-08-06 13:14 - 2017-03-04 00:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-08-06 13:14 - 2017-03-04 00:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-06 13:14 - 2017-03-04 00:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-10-12 14:22 - 2017-09-17 20:13 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-10-12 14:22 - 2017-09-17 20:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-10-31 19:33 - 2017-10-31 23:29 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-10-11 09:50 - 2017-06-15 08:16 - 000061944 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2017-10-11 09:50 - 2017-06-15 08:15 - 000110584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2017-10-05 08:14 - 2017-10-05 08:14 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-05 08:14 - 2017-10-05 08:14 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-08-15 18:00 - 2017-08-15 18:00 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-05 08:14 - 2017-10-05 08:14 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-05 08:14 - 2017-10-05 08:14 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-05 08:14 - 2017-10-05 08:14 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-25 09:47 - 2017-10-25 09:47 - 000703336 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-08-06 13:10 - 2017-09-09 13:25 - 000688416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-08-06 13:10 - 2016-08-31 19:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-08-06 13:10 - 2017-10-30 21:22 - 002546976 _____ () C:\Program Files (x86)\Steam\video.dll
2017-08-06 13:09 - 2016-01-27 01:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-08-06 13:09 - 2016-01-27 01:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-08-06 13:09 - 2016-01-27 01:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-08-06 13:09 - 2016-01-27 01:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-08-06 13:09 - 2016-01-27 01:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-08-06 13:10 - 2016-08-31 19:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-08-06 13:10 - 2016-08-31 19:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-08-06 13:10 - 2017-10-30 21:22 - 000901408 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-08-06 13:10 - 2016-07-04 16:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-03-14 07:31 - 2017-03-14 07:31 - 052051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-10-11 09:50 - 2017-04-04 13:11 - 000043912 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_MFCMigrationFramework_Ad_2.dll
2017-10-11 09:50 - 2017-04-04 13:11 - 000052224 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qoauth_Ad_1.dll
2017-10-11 09:50 - 2017-04-04 13:11 - 000195584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson_Ad_0.dll
2017-10-11 09:50 - 2017-04-04 13:11 - 000742400 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qca_Ad_2.dll
2017-10-11 09:50 - 2017-06-15 07:49 - 000279976 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\en-US\AdWingManRes.dll
2017-01-25 19:07 - 2017-01-25 19:07 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-01-25 19:07 - 2017-01-25 19:07 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-01-25 19:06 - 2017-01-25 19:06 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-01-25 19:07 - 2017-01-25 19:07 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-03-14 07:35 - 2017-03-14 07:35 - 000099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-01-25 19:07 - 2017-01-25 19:07 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-08-06 13:12 - 2017-08-16 16:28 - 073130272 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-08-06 13:12 - 2017-09-06 20:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-08-06 13:09 - 2015-09-24 17:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-10-11 09:50 - 2017-02-14 00:39 - 040640808 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libcef.dll
2017-10-11 09:50 - 2017-02-14 00:39 - 000950272 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\ffmpegsumo.dll
2017-10-11 09:50 - 2017-02-14 00:39 - 000912384 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
2017-10-11 09:50 - 2017-02-14 00:39 - 000134144 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll
2017-08-02 20:40 - 2017-08-02 20:40 - 053460480 _____ () C:\Users\User\AppData\Local\wiakxrl\libcef.dll
2016-05-31 10:43 - 2016-05-31 10:43 - 001976832 _____ () C:\Users\User\AppData\Local\wiakxrl\libglesv2.dll
2016-05-31 10:44 - 2016-05-31 10:44 - 000075264 _____ () C:\Users\User\AppData\Local\wiakxrl\libegl.dll
2015-11-10 10:55 - 2015-11-10 10:55 - 008901800 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 05:47 - 2017-11-01 20:53 - 000000850 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\StartupApproved\Run: => "Rainlendar2"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D347AC04-A93A-42AE-BDD6-8A5EF997DCCA}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{498425FD-F8DF-4861-A1D2-544EF3E0A5AC}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{3A34E0F2-1E0B-458F-A33D-8F520BD40CCE}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{A847B0F2-D163-4170-B01B-FDD6EF59F5E4}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{9E058397-0CFD-463A-BECE-F2C14F9A4A2F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BDD23C17-9FC0-4D70-B4CE-FC795C326AFD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6E673626-1981-40F0-A43A-5B1F02AD0B41}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5EF45750-5976-4B65-9ECE-F7806AF23F91}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C96A0709-BB2C-4413-8C6A-FD771FE23248}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{3595FC38-1436-48A3-BA55-0D48274A4146}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{A7DB82E0-7C4B-4C0A-AECF-D21D70A57741}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{E0C508FF-4CDD-4735-B48D-313B7F8FA503}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{7A104A45-F8D1-4797-A474-E3620BB89E60}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{B7DE080E-E2AD-4718-A39A-CE0FB8338D35}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{76959724-2A21-40AD-98AE-C089E74E464C}C:\users\user\pictures\games\igg-huniecam.studio\huniecamstudio.exe] => (Block) C:\users\user\pictures\games\igg-huniecam.studio\huniecamstudio.exe
FirewallRules: [UDP Query User{EDAAFF32-931F-4E1C-B7E9-4F6739D64D41}C:\users\user\pictures\games\igg-huniecam.studio\huniecamstudio.exe] => (Block) C:\users\user\pictures\games\igg-huniecam.studio\huniecamstudio.exe
FirewallRules: [TCP Query User{8F3F85A3-A53D-4342-A60A-318CCA055B9F}C:\program files\firestormos-releasex64\slvoice.exe] => (Allow) C:\program files\firestormos-releasex64\slvoice.exe
FirewallRules: [UDP Query User{CAAE19E7-8360-4384-BA8D-791B8E181DC6}C:\program files\firestormos-releasex64\slvoice.exe] => (Allow) C:\program files\firestormos-releasex64\slvoice.exe
FirewallRules: [{4513F004-D0BD-40D3-92DC-3D0BD6081599}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{D3DB48FA-07B6-4203-8FFB-9B386CBB8300}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{B06C1AF9-3DA5-46DF-888C-C9883E3AE766}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{48931286-3E3D-445B-837E-33C188BC1D31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{0C91B0A7-3EF7-47E1-BFE7-74AE31263DD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{8C96273B-3918-4BCB-90FB-4063C43DB485}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{5231E4AA-159C-4393-BFA2-0F0883D5E194}] => (Block) %ProgramFiles%\Marvelous Designer 5 Enterprise\MarvelousDesigner5_Enterprise_x64.exe
FirewallRules: [{95471F6C-6CFB-438B-B0BE-B9AC397E9FDD}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{E2CB310E-1F27-43CA-85C3-E5D41495774C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3AB94A39-C2DD-4543-AEE4-42294937B39B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{4640295D-125A-4C2E-997E-9738CBA88547}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [TCP Query User{B40F364C-2EBD-4560-8633-F756A486C467}C:\program files (x86)\crytek\cryengine launcher\crytek\cryengine_5.4\bin\win_x64\sandbox.exe] => (Allow) C:\program files (x86)\crytek\cryengine launcher\crytek\cryengine_5.4\bin\win_x64\sandbox.exe
FirewallRules: [UDP Query User{C725A675-4FF1-4734-BA3C-8F9DD378043D}C:\program files (x86)\crytek\cryengine launcher\crytek\cryengine_5.4\bin\win_x64\sandbox.exe] => (Allow) C:\program files (x86)\crytek\cryengine launcher\crytek\cryengine_5.4\bin\win_x64\sandbox.exe
 
==================== Restore Points =========================
 
27-10-2017 07:53:14 Windows Update
01-11-2017 20:32:59 Removed TeeBoard: The Twitch Army Knife
03-11-2017 17:53:44 Windows Modules Installer
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/06/2017 10:15:30 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {773de20b-0818-435c-bd08-53db32252928}
 
Error: (11/06/2017 08:30:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UC83QPF)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023113 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/06/2017 04:08:34 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (11/05/2017 10:16:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UC83QPF)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023113 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/05/2017 09:57:07 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (11/04/2017 08:51:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UC83QPF)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023113 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/04/2017 01:49:19 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (11/04/2017 01:49:13 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (11/04/2017 12:42:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Discord.exe version 0.0.41.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1bf4
 
Start Time: 01d35450b7488e46
 
Termination Time: 13
 
Application Path: C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe
 
Report Id: eb9d42a6-c18e-11e7-84ad-0024811b99ad
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (11/04/2017 12:35:10 PM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-UC83QPF)
Description: Product: Lumberyard 1.11.1.0 - dev -- Error 1310. Error writing to file: C:\Amazon\Lumberyard\1.11.1.0\dev\Tools\Python\2.7.12\linux_x64\lib\python2.7\test\check_soundcard.vbs.  System error 0.  Verify that you have access to that directory.
 
 
System errors:
=============
Error: (11/05/2017 09:52:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/04/2017 09:13:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/04/2017 05:11:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (11/04/2017 05:06:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/04/2017 05:05:43 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UC83QPF)
Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.
 
Error: (11/04/2017 05:05:43 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UC83QPF)
Description: The server {3EEF301F-B596-4C0B-BD92-013BEAFCE793} did not register with DCOM within the required timeout.
 
Error: (11/04/2017 05:05:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/04/2017 04:59:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0xc1900107: Feature update to Windows 10, version 1703.
 
Error: (11/04/2017 04:48:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (11/04/2017 04:42:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-15 11:54:54.434
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 45%
Total physical RAM: 8123.24 MB
Available physical RAM: 4419.55 MB
Total Virtual: 9403.24 MB
Available Virtual: 5073.11 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.6 GB) (Free:149.26 GB) NTFS
Drive g: () (Removable) (Total:14.83 GB) (Free:2.72 GB) FAT32
Drive j: (Storage Volume) (Fixed) (Total:149.05 GB) (Free:16.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 269C269B)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 4C23DEDB)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 4 (Size: 14.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:18 AM

Posted 06 November 2017 - 02:07 PM

Greetings and thank you for the information.

Unfortunately there is evidence of potential illegal software on your computer. I am going to request you completely uninstall all products for which you do not have a required valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#5 marionthorne

marionthorne
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 06 November 2017 - 11:29 PM

Alright, I've uninstalled all of my pirated software and rerun the scan as requested. I've pasted the scans in the order of CKScanner, FRST, Addition.

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\autodesk\autodesk_maya_2018_en_jp_zh_win_64bit_dlm\x64\maya\autodesk\maya2018\examples\fx\nparticles_examples\crackegg.ma
c:\autodesk\autodesk_maya_2018_en_jp_zh_win_64bit_dlm\x64\maya\autodesk\maya2018\examples\fx\nparticles_examples\.mayaswatches\crackegg.ma.swatch
c:\autodesk\autodesk_maya_2018_en_jp_zh_win_64bit_dlm\x64\maya\autodesk\maya2018\examples\modeling\sculpting_stamps\.mayaswatches\rgb_crackedfun1.tif.swatch
c:\autodesk\autodesk_maya_2018_en_jp_zh_win_64bit_dlm\x64\maya\autodesk\maya2018\examples\modeling\sculpting_stamps\.mayaswatches\rgb_mudcracks.tif.swatch
c:\autodesk\autodesk_maya_2018_en_jp_zh_win_64bit_dlm\x64\maya\autodesk\maya2018\examples\paint_effects\fun\cracks.mel
c:\autodesk\autodesk_maya_2018_en_jp_zh_win_64bit_dlm\x64\maya\autodesk\maya2018\examples\paint_effects\fun\cracks.mel.icon
c:\autodesk\autodesk_maya_2018_en_jp_zh_win_64bit_dlm\x64\maya\autodesk\maya2018\plug-ins\xgen\presets\expressions\samples\color\procedural\patterns\cracks_brokenglass.se
c:\autodesk\autodesk_maya_2018_en_jp_zh_win_64bit_dlm\x64\maya\autodesk\maya2018\resources\l10n\ja_jp\scripts\crackshatter.res.mel
c:\autodesk\autodesk_maya_2018_en_jp_zh_win_64bit_dlm\x64\maya\autodesk\maya2018\resources\l10n\zh_cn\scripts\crackshatter.res.mel
c:\autodesk\autodesk_maya_2018_en_jp_zh_win_64bit_dlm\x64\maya\autodesk\maya2018\scripts\others\crackshatter.mel
c:\autodesk\autodesk_maya_2018_en_jp_zh_win_64bit_dlm\x64\maya\autodesk\maya2018\scripts\others\crackshatter.res.mel
c:\program files\blender foundation\blender\2.78\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files\freedownloadmanager.org\free download manager\windivert.dll
c:\program files\freedownloadmanager.org\free download manager\windivert32.sys
c:\program files\freedownloadmanager.org\free download manager\windivert64.sys
c:\program files\kmspico\devcomponents.dotnetbar2.dll
c:\program files\kmspico\kmseldi.exe
c:\program files\kmspico\unins000.dat
c:\program files\kmspico\unins000.exe
c:\program files\kmspico\uninshs.exe
c:\program files\kmspico\vestris.resourcelib.dll
c:\program files\kmspico\cert\installall.cmd
c:\program files\kmspico\cert\kmscert2010\access\accessvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\access\accessvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\access\accessvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excelvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\excel\excelvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\excel\excelvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groovevlreg32.reg
c:\program files\kmspico\cert\kmscert2010\groove\groovevlreg64.reg
c:\program files\kmspico\cert\kmscert2010\groove\groovevlregwow.reg
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlreg32.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlreg64.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlregwow.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlreg32.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlreg64.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlregwow.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlreg32.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlreg64.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlregwow.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\standard\standardvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\standard\standardvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiovlreg32.reg
c:\program files\kmspico\cert\kmscert2010\visio\visiovlreg64.reg
c:\program files\kmspico\cert\kmscert2010\visio\visiovlregwow.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2013\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\pkeyconfig-office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\accessvl_kms_client_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\accessvl_kms_client_pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\accessvl_kms_client_ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\proplus.reg
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\visio.reg
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2016\client-issuance-bridge-office.xrm-ms
c:\program files\kmspico\cert\kmscert2016\client-issuance-root-bridge-test.xrm-ms
c:\program files\kmspico\cert\kmscert2016\client-issuance-root.xrm-ms
c:\program files\kmspico\cert\kmscert2016\client-issuance-stil.xrm-ms
c:\program files\kmspico\cert\kmscert2016\client-issuance-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\client-issuance-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\pkeyconfig-office.xrm-ms
c:\program files\kmspico\cert\kmscert2016\access\accessvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\access\accessvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\access\accessvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\excel\excelvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\excel\excelvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\excel\excelvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\mondo\mondovl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\mondo\mondovl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\mondo\mondovl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\onenote\onenotevl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\onenote\onenotevl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\onenote\onenotevl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\outlook\outlookvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\outlook\outlookvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\outlook\outlookvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\powerpoint\powerpointvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\powerpoint\powerpointvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\powerpoint\powerpointvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\projectpro\projectprovl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\projectpro\projectprovl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\projectpro\projectprovl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\projectstd\projectstdvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\projectstd\projectstdvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\projectstd\projectstdvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\proplus\proplusvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\proplus\proplusvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\proplus\proplusvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\publisher\publishervl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\publisher\publishervl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\publisher\publishervl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\skypeforbusiness\skypeforbusinessvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\skypeforbusiness\skypeforbusinessvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\skypeforbusiness\skypeforbusinessvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\standard\standardvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\standard\standardvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\standard\standardvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\visiopro\visioprovl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\visiopro\visioprovl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\visiopro\visioprovl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\visiostd\visiostdvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\visiostd\visiostdvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\visiostd\visiostdvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\word\wordvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\word\wordvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\word\wordvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscertw10\pkeyconfig.xrm-ms
c:\program files\kmspico\cert\kmscertw10\core\core-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\core\core-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\education\education-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\education\education-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\enterprise\enterprise-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\enterprise\enterprise-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\enterprises\enterprises-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\enterprises\enterprises-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\enterprises\enterprises-volume-gvlk-2-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw10\enterprises\enterprises-volume-gvlk-2-ul.xrm-ms
c:\program files\kmspico\cert\kmscertw10\professional\professional-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\professional\professional-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw6\pkeyconfig.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-bypass-rac-private.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-bypass-rac-public.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-bypass-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-bypass-ul.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms1-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms1-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms1-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-bypass-rac-private.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-bypass-rac-public.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-bypass-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-bypass-ul.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms1-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms1-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms1-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-bypass-rac-private.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-bypass-rac-public.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-bypass-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-bypass-ul.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms1-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms1-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms1-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw7\embedded\pkeyconfig-embedded.xrm-ms
c:\program files\kmspico\cert\kmscertw7\embedded\security-spp-component-sku-embedded-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw7\embedded\security-spp-component-sku-embedded-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw7\embedded\security-spp-component-sku-embedded-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw7\embedded\security-spp-component-sku-embedded-vlba-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw7\embedded\security-spp-component-sku-embedded-vlba-ul.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\pkeyconfig.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-vl-bypass-rac-private.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-vl-bypass-rac-public.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-vl-bypass-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-vl-bypass-ul.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-vlkms1-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-vlkms1-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-vlkms1-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw8\pkeyconfig.xrm-ms
c:\program files\kmspico\cert\kmscertw8\core\core-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\core\core-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\coren\coren-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\coren\coren-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\coresinglelanguage\coresinglelanguage-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\coresinglelanguage\coresinglelanguage-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\enterprise\enterprise-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\enterprise\enterprise-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\enterprisen\enterprisen-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\enterprisen\enterprisen-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\professional\professional-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\professional\professional-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\professionaln\professionaln-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\professionaln\professionaln-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\professionalwmc\professionalwmc-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\professionalwmc\professionalwmc-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\pkeyconfig.xrm-ms
c:\program files\kmspico\cert\kmscertw81\core\core-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\core\core-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\coreconnectedsinglelanguage\coreconnectedsinglelanguage-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\coreconnectedsinglelanguage\coreconnectedsinglelanguage-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\embeddedindustry\embeddedindustry-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\embeddedindustry\embeddedindustry-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\enterprise\enterprise-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\enterprise\enterprise-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\professional\professional-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\professional\professional-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\professionalwmc\professionalwmc-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\professionalwmc\professionalwmc-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\serverdatacenter\serverdatacenter-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\serverdatacenter\serverdatacenter-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\serverstandard\serverstandard-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\serverstandard\serverstandard-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\driver\cert.cmd
c:\program files\kmspico\driver\certeldi.pfx
c:\program files\kmspico\driver\openvpn.cer
c:\program files\kmspico\driver\tap-windows-9.21.0.exe
c:\program files\kmspico\driver\uninstalldriver.cmd
c:\program files\kmspico\icons\error.png
c:\program files\kmspico\icons\information.png
c:\program files\kmspico\icons\question.png
c:\program files\kmspico\icons\warning.png
c:\program files\kmspico\logs\autopico.log
c:\program files\kmspico\logs\kmseldi.log
c:\program files\kmspico\logs\service_kms.log
c:\program files\kmspico\scripts\addexceptionswd.reg
c:\program files\kmspico\scripts\addexceptions_defender.cmd
c:\program files\kmspico\scripts\disablesmartscreen.reg
c:\program files\kmspico\scripts\enablesmartscreen.cmd
c:\program files\kmspico\scripts\enablesmartscreen.reg
c:\program files\kmspico\scripts\install_service.cmd
c:\program files\kmspico\scripts\install_task.cmd
c:\program files\kmspico\scripts\log.cmd
c:\program files\kmspico\scripts\removeexceptionswd.reg
c:\program files\kmspico\scripts\restore_watermark.cmd
c:\program files\kmspico\scripts\silent.cmd
c:\program files\kmspico\scripts\uninstall_service.cmd
c:\program files\kmspico\sounds\affirmative.mp3
c:\program files\kmspico\sounds\begin.mp3
c:\program files\kmspico\sounds\complete.mp3
c:\program files\kmspico\sounds\diagnostic.mp3
c:\program files\kmspico\sounds\enterauthorizationcode.mp3
c:\program files\kmspico\sounds\incomingtransmission.mp3
c:\program files\kmspico\sounds\inputfailed.mp3
c:\program files\kmspico\sounds\inputok.mp3
c:\program files\kmspico\sounds\processing.mp3
c:\program files\kmspico\sounds\transfer.mp3
c:\program files\kmspico\sounds\verified.mp3
c:\program files\kmspico\sounds\warning.mp3
c:\program files\kmspico\tokensbackup\keys.txt
c:\program files\kmspico\tokensbackup\windows\data.dat
c:\program files\kmspico\tokensbackup\windows\pkeyconfig.xrm-ms
c:\program files\kmspico\tokensbackup\windows\tokens.dat
c:\program files\kmspico\tokensbackup\windows\cache\cache.dat
c:\program files (x86)\crytek\cryengine launcher\crytek\cryengine_5.4\tools\pakencrypt\win_x86\keygen.exe
c:\program files (x86)\crytek\cryengine launcher\crytek\cryengine_5.4\tools\pakencrypt\win_x86\keygen.exe.manifest
c:\program files (x86)\crytek\cryengine launcher\crytek\cryengine_5.4\tools\pakencrypt\win_x86\keygen.ilk
c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\hl2\materials\glass\glasswindow018a_cracked.vmt
c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\hl2\materials\glass\glasswindow018a_cracked.vtf
c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\tf\materials\backpack\player\items\all_class\taunt_skullcracker.vmt
c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\tf\materials\backpack\player\items\all_class\taunt_skullcracker.vtf
c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\tf\materials\backpack\player\items\all_class\taunt_skullcracker_large.vmt
c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\tf\materials\backpack\player\items\all_class\taunt_skullcracker_large.vtf
c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\tf\materials\cp_manor\plaster_crackle01.vmt
c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\tf\materials\cp_manor\plaster_crackle01.vtf
c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\tf\materials\effects\mvm_pow_crack.vmt
c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\tf\materials\effects\mvm_pow_crack.vtf
c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\workshop\models\mark2580\deadbydaylight\asylum\sm_wl_asy_2mcrack1.dx90.vtx
c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\workshop\models\mark2580\deadbydaylight\asylum\sm_wl_asy_2mcrack1.mdl
c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\workshop\models\mark2580\deadbydaylight\asylum\sm_wl_asy_2mcrack1.vvd
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\@resources\config\panels\internetshortcuts\cracked\rainconfigure.cfg.zip
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\@resources\config\panels\internetshortcuts\cracked\uservariables.inc.zip
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\@resources\graphics\icons\web\crackedw.png.zip
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item.ini.zip
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item1.ini.zip
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item2.ini.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\best firecracker save ever! _ dbd survivor.mp4.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\lightworks 14 crack  keygen.zip.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\lightworks_14_crack__keygen.xht.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com.rar.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked.zip.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\install files\illustrator\install\patch\adobe cc 2015.5 xforce activation\keygen_xf-adobecc2015.exe.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\crack proof.jpg.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\download free software full version - all categories.url.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\how to crack.jpg.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\how to install - crack.txt.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner6_personal_2_5_73_installer_x64.exe.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\crack\read me.txt.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\crack\reg x64.reg.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\installation instructions.txt.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\snorlax.jpg.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\thumbs.db.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\unfold3d\inferno.nfo.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\unfold3d\unfold3dmagic400-en.msi.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold.chm.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold3dv4_user_manual.chm.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold_tut.chm.zip
c:\users\user\documents\music 2017-11-06 11;33;32 (full)\autodesk maya 2018 + crack - [crackzsoft]\autodesk_maya_2018_en_jp_zh_win_64bit_dlm.sfx.exe.fdmdownload.zip
c:\users\user\documents\music 2017-11-06 11;33;32 (full)\autodesk maya 2018 + crack - [crackzsoft]\crack\treatment procedure.txt.fdmdownload.zip
c:\users\user\documents\music 2017-11-06 11;33;32 (full)\autodesk maya 2018 + crack - [crackzsoft]\crack\xf-adsk2018_x64v3.exe.fdmdownload.zip
c:\users\user\documents\rainmeter\skins\wp7\@resources\config\panels\internetshortcuts\cracked\rainconfigure.cfg
c:\users\user\documents\rainmeter\skins\wp7\@resources\config\panels\internetshortcuts\cracked\uservariables.inc
c:\users\user\documents\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item.ini
c:\users\user\documents\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item1.ini
c:\users\user\documents\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item2.ini
c:\users\user\downloads\best firecracker save ever! _ dbd survivor.mp4
c:\users\user\downloads\lightworks 14 crack  keygen.zip
c:\users\user\downloads\lightworks_14_crack__keygen.xht
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com.rar
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked.zip
c:\users\user\downloads\install files\illustrator\install\patch\adobe cc 2015.5 xforce activation\keygen_xf-adobecc2015.exe
c:\users\user\downloads\lumberyard-1.11-486406a-pc\dev\startergame\materials\decals\cracks.mtl
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\download free software full version - all categories.url
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\how to install - crack.txt
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner6_personal_2_5_73_installer_x64.exe
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\crack\read me.txt
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\crack\reg x64.reg
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\installation instructions.txt
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\thumbs.db
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\unfold3d\inferno.nfo
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\unfold3d\unfold3dmagic400-en.msi
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold.chm
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold3dv4_user_manual.chm
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold_tut.chm
c:\users\user\music\autodesk maya 2018 + crack - [crackzsoft]\autodesk_maya_2018_en_jp_zh_win_64bit_dlm.sfx.exe.fdmdownload
c:\users\user\music\autodesk maya 2018 + crack - [crackzsoft]\crack\treatment procedure.txt.fdmdownload
c:\users\user\music\autodesk maya 2018 + crack - [crackzsoft]\crack\xf-adsk2018_x64v3.exe.fdmdownload
scanner sequence 3.ZZ.11.TONADZ
 ----- EOF ----- 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by User (administrator) on DESKTOP-UC83QPF (06-11-2017 22:23:04)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: defaultuser0 & User)
Platform: Windows 10 Pro Version 1607 14393.1770 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\rempl\remsh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(TOSHIBA CORPORATION) C:\Windows\Temp\exopznisrv.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
() C:\Users\User\AppData\Local\wiakxrl\wiakxrl.exe
() C:\Users\User\AppData\Local\wiakxrl\pssetri.exe
() C:\Users\User\AppData\Local\wiakxrl\pssetri.exe
() C:\Users\User\AppData\Local\wiakxrl\pssetri.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(MPC-HC Team) C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Amazon.com, Inc.) C:\Users\User\Downloads\lumberyard-1.11-486406a-pc\dev\Tools\LmbrSetup\Win\SetupAssistant.exe
(Microsoft Corporation) C:\Users\User\Downloads\lumberyard-1.11-486406a-pc\dev\Tools\Redistributables\DirectX 9.0c\DXSETUP.exe
() C:\Users\User\AppData\Local\Temp\DX3368.tmp\infinst.exe
(Amazon.com, Inc.) C:\Users\User\Downloads\lumberyard-1.11-486406a-pc\dev\Tools\LmbrSetup\Win\SetupAssistant.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Microsoft Corporation) C:\Windows\System32\sc.exe
(Microsoft Corporation) C:\Users\User\Downloads\lumberyard-1.11-486406a-pc\dev\Tools\Redistributables\DirectX 9.0c\DXSETUP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SYSTEMAX Software Development) C:\Users\User\Downloads\Install Files\SAI2-20170119-64bit-en\sai2.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\User\Downloads\CKScanner.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-05] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [52553728 2017-08-07] (Hammer & Chisel, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\Run: [Discord] => C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [10182344 2017-07-26] (FreeDownloadManager.org)
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2739240 2015-11-13] ()
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-08-08]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1857c236-f489-4443-a6d3-69ce048519c7}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1857c236-f489-4443-a6d3-69ce048519c7}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2419917656-2055917082-45752995-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2419917656-2055917082-45752995-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-12] (Microsoft Corporation)
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-11-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-11-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-11-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-11-10] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-07] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-11-06]
CHR Extension: (Quest) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambgegofabbnggkihmboplgghoocjaka [2017-08-06]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-05]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-05]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (ThemeBeta.com) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekoigflcnkodchgpbgmpokjpjolkpmmc [2017-11-01]
CHR Extension: (Avast Passwords) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-06]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-06]
CHR Extension: (New XKit) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2017-09-30] [UpdateUrl: hxxps://new-xkit.github.io/XKit/Extensions/dist/page/FirefoxUpdate.json] <==== ATTENTION
CHR Extension: (Roomstyler 3D planner) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2017-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (No more Tumblr players) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\olffebgbihkemhnlpeficnplfoiabljj [2017-08-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-09-19] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-05] (AVAST Software s.r.o.)
U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-05] (AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2017-08-06] (EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-08-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-07] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [701896 2017-09-13] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [60104 2014-09-19] (Advanced Micro Devices)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [321032 2017-10-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-10-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-10-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-10-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47008 2017-10-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147776 2017-10-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-10-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-10-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1029872 2017-10-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [587168 2017-10-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [201352 2017-10-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [363440 2017-10-05] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-11-01] ()
R3 kmloop; C:\Windows\System32\drivers\loop.sys [16384 2016-07-16] (Microsoft Corporation)
R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [188352 2017-11-04] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-11-04] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-11-04] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-11-01] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [81736 2017-07-27] (Insecure.Com LLC.)
R1 npf; C:\Windows\system32\DRIVERS\npf.sys [81736 2017-07-27] (Insecure.Com LLC.)
R3 WacHidRouterPro; C:\Windows\System32\drivers\wachidrouter.sys [122000 2017-07-25] (Wacom Technology)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U4 npcap_wifi; no ImagePath
U4 npf_wifi; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-06 22:21 - 2017-11-06 22:21 - 000045864 _____ C:\Users\User\Downloads\ckfiles.txt
2017-11-06 22:13 - 2017-11-06 22:14 - 000468480 _____ () C:\Users\User\Downloads\CKScanner.exe
2017-11-06 20:23 - 2017-11-06 20:41 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-11-06 20:23 - 2017-11-06 20:41 - 000000719 _____ C:\Users\User\Desktop\Windows 10 Update Assistant.lnk
2017-11-06 20:17 - 2017-11-06 20:22 - 006541184 _____ (Microsoft Corporation) C:\Users\User\Downloads\Windows10Upgrade9252.exe
2017-11-06 11:16 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-11-06 11:16 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-11-06 11:16 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-11-06 11:16 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-11-06 11:16 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-11-06 11:16 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2017-11-06 11:16 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2017-11-06 11:16 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-11-06 11:16 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-11-06 11:16 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-11-06 11:16 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-11-06 11:16 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-11-06 11:16 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-11-06 11:16 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-11-06 11:16 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-11-06 11:16 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-11-06 11:16 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-11-06 11:16 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-11-06 11:16 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-11-06 11:15 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-11-06 11:15 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-11-06 11:15 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-11-06 11:15 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-11-06 11:15 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-11-06 11:15 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-11-06 11:15 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-11-06 11:15 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-11-06 11:15 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-11-06 11:15 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-11-06 11:15 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-11-06 11:15 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-11-06 11:15 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-11-06 11:15 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-11-06 11:15 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-11-06 11:15 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-11-06 11:15 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-11-06 11:15 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-11-06 11:15 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-11-06 11:15 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-11-06 11:15 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-11-06 11:15 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-11-06 10:22 - 2017-11-06 10:56 - 000000000 ____D C:\Users\User\Downloads\lumberyard-1.11-486406a-pc
2017-11-06 10:19 - 2017-11-06 21:59 - 000045429 _____ C:\Users\User\Downloads\Addition.txt
2017-11-06 10:16 - 2017-11-06 22:23 - 000021597 _____ C:\Users\User\Downloads\FRST.txt
2017-11-06 10:15 - 2017-11-06 22:23 - 000000000 ____D C:\FRST
2017-11-06 10:09 - 2017-11-06 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-11-06 10:09 - 2017-11-06 10:09 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-11-05 15:38 - 2017-11-05 15:39 - 002403328 ____N (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-11-05 10:28 - 2017-11-05 10:32 - 000000000 _____ C:\Windows\system32\cd
2017-11-05 10:06 - 2017-11-05 10:07 - 000784152 ____N (McAfee, Inc.) C:\Users\User\Downloads\rootkitremover.exe
2017-11-04 17:15 - 2017-11-05 09:55 - 000003140 _____ C:\Windows\System32\Tasks\MSIAfterburner
2017-11-04 17:09 - 2017-11-04 17:09 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-04 17:05 - 2017-11-04 17:05 - 000115024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atnmptwz.sys
2017-11-04 16:42 - 2017-11-04 16:42 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\7FCB42B5.sys
2017-11-04 16:26 - 2017-11-04 16:35 - 014178840 ____N (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.10.3.1001.exe
2017-11-04 11:29 - 2017-11-06 11:13 - 000000000 ____D C:\Users\User\LyMetricsCache
2017-11-04 11:29 - 2017-11-04 11:29 - 000000000 ____D C:\Users\User\.aws
2017-11-04 11:29 - 2017-11-04 11:29 - 000000000 ____D C:\Amazon
2017-11-03 20:01 - 2017-11-04 13:54 - 000000000 ____D C:\Users\User\AppData\Local\Crytek
2017-11-03 20:01 - 2017-11-03 20:01 - 000000000 ____D C:\Users\User\AppData\Roaming\Crytek
2017-11-03 19:59 - 2017-11-03 20:01 - 000000000 ____D C:\ProgramData\Crytek
2017-11-03 19:59 - 2017-11-03 19:59 - 000000000 ____D C:\Users\User\Documents\CRYENGINE Projects
2017-11-03 19:02 - 2017-11-04 13:52 - 000000000 ____D C:\ProgramData\GFACE
2017-11-03 19:02 - 2017-11-03 19:02 - 000000000 ____D C:\Users\User\.cryengine
2017-11-03 19:01 - 2017-11-04 16:40 - 000000000 ____D C:\Users\User\AppData\Local\CRYENGINE_Launcher
2017-11-03 19:00 - 2017-11-03 19:00 - 000001886 _____ C:\Users\Public\Desktop\CRYENGINE Launcher.lnk
2017-11-03 19:00 - 2017-11-03 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CRYENGINE Launcher
2017-11-03 19:00 - 2017-11-03 19:00 - 000000000 ____D C:\Program Files (x86)\Crytek
2017-11-03 18:59 - 2017-11-03 19:00 - 071268984 ____N C:\Users\User\Downloads\ce-launcher.exe
2017-11-03 18:27 - 2017-11-03 18:27 - 000000000 ____D C:\ProgramData\Unity
2017-11-03 18:10 - 2017-11-03 18:10 - 000001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-11-03 18:09 - 2017-11-03 18:10 - 000000000 ____D C:\Users\User\AppData\Roaming\Visual Studio Setup
2017-11-03 18:09 - 2017-11-03 18:09 - 000000000 ____D C:\Users\User\AppData\Roaming\vstelemetry
2017-11-03 18:09 - 2017-11-03 18:09 - 000000000 ____D C:\Users\User\AppData\Local\ServiceHub
2017-11-03 18:09 - 2017-11-03 18:09 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-11-03 18:06 - 2017-11-03 18:06 - 000000000 ____D C:\Users\Public\Documents\Unity Projects
2017-11-03 17:55 - 2017-11-03 17:55 - 000000000 ____D C:\Program Files (x86)\GtkSharp
2017-11-03 17:53 - 2017-11-03 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2017.2.0f3 (64-bit)
2017-11-03 17:42 - 2017-11-03 17:42 - 000736264 ____N C:\Users\User\Downloads\UnityDownloadAssistant-2017.2.0f3.exe
2017-11-02 21:46 - 2017-11-02 21:46 - 000034855 ____N C:\Users\User\Downloads\[Underwater] Another - 01-12 + OVA (BD 1080p) [Batch].torrent
2017-11-02 21:16 - 2017-11-02 21:16 - 000025206 ____N C:\Users\User\Documents\cc_20171102_221623.reg
2017-11-02 14:47 - 2017-11-02 14:52 - 000000000 ____D C:\AdwCleaner
2017-11-02 14:47 - 2017-11-02 14:47 - 008261584 ____N (Malwarebytes) C:\Users\User\Downloads\adwcleaner_7.0.4.0.exe
2017-11-02 12:32 - 2017-11-02 12:33 - 108341282 ____N C:\Users\User\Downloads\obs-browser-1.29.zip
2017-11-02 10:25 - 2017-11-02 10:27 - 000000000 _____ C:\Windows\system32\last.dump
2017-11-02 10:02 - 2017-11-02 10:02 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\14257483.sys
2017-11-01 22:49 - 2017-11-01 22:49 - 000000000 ____D C:\Users\User\Downloads\theme1509598074
2017-11-01 22:47 - 2017-11-01 22:48 - 009414163 ____N C:\Users\User\Downloads\theme1509598074.zip
2017-11-01 21:50 - 2017-11-01 21:50 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\0ED4441F.sys
2017-11-01 21:50 - 2017-11-01 21:50 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\06A94446.sys
2017-11-01 20:50 - 2017-11-01 20:50 - 000188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\019715FE.sys
2017-11-01 20:45 - 2017-11-04 16:45 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-11-01 20:45 - 2017-11-04 16:44 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-11-01 20:45 - 2017-11-04 16:44 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-01 20:45 - 2017-11-02 21:04 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-11-01 20:45 - 2017-11-01 21:49 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-01 20:45 - 2017-11-01 20:45 - 000093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-01 20:45 - 2017-11-01 20:45 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-01 20:45 - 2017-11-01 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-01 20:44 - 2017-11-01 20:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-01 20:44 - 2017-11-01 20:44 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-01 20:40 - 2017-11-01 20:44 - 064025992 ____N (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-SEMFD.100SEM-3.1.2.1733-1.0.139-1.0.2060.exe
2017-11-01 11:02 - 2017-11-01 11:02 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-11-01 10:53 - 2017-11-01 11:01 - 000002360 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-01 10:28 - 2017-11-01 10:28 - 000096956 ____N C:\Users\User\Documents\cc_20171101_112815.reg
2017-11-01 10:26 - 2017-11-06 10:27 - 000004212 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-11-01 10:26 - 2017-11-01 10:26 - 000002868 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-11-01 10:26 - 2017-11-01 10:26 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-01 10:26 - 2017-11-01 10:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-01 10:26 - 2017-11-01 10:26 - 000000000 ____D C:\Program Files\CCleaner
2017-11-01 10:25 - 2017-11-01 10:26 - 010427120 ____N (Piriform Ltd) C:\Users\User\Downloads\ccsetup536.exe
2017-10-30 20:33 - 2017-10-30 20:33 - 000016022 ____N C:\Users\User\Downloads\[JacobSwaggedUp] Owari no Seraph - Nagoya Kessen-hen [Season 2] (BD 1280x720).torrent
2017-10-24 13:47 - 2017-10-24 13:47 - 000003450 ____N C:\Users\User\Downloads\301BA23A103E7222B9D7D659E68585F7F105EE3E.torrent
2017-10-24 13:25 - 2017-10-24 13:25 - 000141057 ____N C:\Users\User\Downloads\E03BE7A214A475707A7201EA7614C60EDCCA19AE.torrent
2017-10-24 13:23 - 2017-10-24 13:23 - 000017388 ____N C:\Users\User\Downloads\9E61CD305C405B7BBFEFBC0119C90B3B79FF7BEF.torrent
2017-10-24 11:44 - 2017-10-24 11:44 - 000000000 ____D C:\Users\User\Downloads\Black Butler Complete 1-24+OVA[Dual Audio][720p HEVC x265][GokuSaiyan]
2017-10-24 11:44 - 2017-10-24 11:44 - 000000000 ____D C:\Users\User\Downloads\[DerpDesuYo] Owari no Seraph - Batch (BD 1920x1080 10bit FLAC)
2017-10-21 13:46 - 2017-10-21 13:46 - 000000000 ____D C:\Users\User\AppData\Local\OfficeBSCache-MyComputer
2017-10-20 21:49 - 2017-10-23 10:08 - 000000000 ____D C:\ProgramData\firebird
2017-10-20 21:49 - 2017-10-20 21:49 - 000001240 _____ C:\Users\User\Desktop\Chrysanth Diary [Free].lnk
2017-10-20 21:49 - 2017-10-20 21:49 - 000000000 ____D C:\Users\User\Documents\My Chrysanth
2017-10-20 21:49 - 2017-10-20 21:49 - 000000000 ____D C:\Users\User\AppData\Roaming\Chrysanth
2017-10-20 21:49 - 2017-10-20 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrysanth
2017-10-20 21:49 - 2017-10-20 21:49 - 000000000 ____D C:\Program Files (x86)\Chrysanth
2017-10-20 21:19 - 2017-10-20 21:33 - 015425945 ____N C:\Users\User\Downloads\Setup.zip
2017-10-20 20:59 - 2017-10-20 21:18 - 001938776 ____N (WiseCleaner.com ) C:\Users\User\Downloads\WRMSetup.exe
2017-10-19 09:59 - 2017-10-19 09:59 - 000626200 _____ (Amazon Web Services, Inc.) C:\Users\User\Downloads\LumberyardInstaller1.11.1.0.exe
2017-10-18 20:58 - 2017-10-18 20:58 - 013895026 ____N C:\Users\User\Downloads\01 Smooth Criminal (Crook County Remix).m4a
2017-10-12 14:35 - 2017-09-17 20:51 - 000178016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2017-10-12 14:35 - 2017-09-17 20:49 - 001260784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-10-12 14:35 - 2017-09-17 20:30 - 000232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2017-10-12 14:35 - 2017-09-17 20:28 - 000237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-10-12 14:35 - 2017-09-17 20:23 - 000816640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2017-10-12 14:35 - 2017-09-17 20:19 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2017-10-12 14:35 - 2017-09-17 20:19 - 000161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-10-12 14:35 - 2017-09-17 20:18 - 007470592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-10-12 14:35 - 2017-09-17 20:14 - 002682880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2017-10-12 14:35 - 2017-09-14 16:30 - 000291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollUI.dll
2017-10-12 14:35 - 2017-09-14 16:30 - 000194560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWB7.dll
2017-10-12 14:35 - 2017-09-13 20:04 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-10-12 14:35 - 2017-09-13 20:04 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-10-12 14:35 - 2017-09-13 20:04 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-10-12 14:34 - 2017-09-17 21:04 - 000918304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-10-12 14:34 - 2017-09-17 21:03 - 000791272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-10-12 14:34 - 2017-09-17 20:59 - 000341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-10-12 14:34 - 2017-09-17 20:55 - 001431240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2017-10-12 14:34 - 2017-09-17 20:52 - 020967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-10-12 14:34 - 2017-09-17 20:52 - 006672680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-12 14:34 - 2017-09-17 20:49 - 001435896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-10-12 14:34 - 2017-09-17 20:34 - 000095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2017-10-12 14:34 - 2017-09-17 20:31 - 000519168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ngccredprov.dll
2017-10-12 14:34 - 2017-09-17 20:31 - 000156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDeviceRegistration.dll
2017-10-12 14:34 - 2017-09-17 20:30 - 000147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VCardParser.dll
2017-10-12 14:34 - 2017-09-17 20:28 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsreg.dll
2017-10-12 14:34 - 2017-09-17 20:27 - 004615168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-10-12 14:34 - 2017-09-17 20:26 - 000538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-10-12 14:34 - 2017-09-17 20:26 - 000431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2017-10-12 14:34 - 2017-09-17 20:26 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2017-10-12 14:34 - 2017-09-17 20:25 - 002333184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-10-12 14:34 - 2017-09-17 20:25 - 000461824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-10-12 14:34 - 2017-09-17 20:24 - 007626240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-10-12 14:34 - 2017-09-17 20:24 - 000819200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2017-10-12 14:34 - 2017-09-17 20:24 - 000755200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-10-12 14:34 - 2017-09-17 20:23 - 000857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2017-10-12 14:34 - 2017-09-17 20:23 - 000636928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-10-12 14:34 - 2017-09-17 20:23 - 000297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-10-12 14:34 - 2017-09-17 20:23 - 000287744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2017-10-12 14:34 - 2017-09-17 20:22 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2017-10-12 14:34 - 2017-09-17 20:22 - 001137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2017-10-12 14:34 - 2017-09-17 20:20 - 002641920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-10-12 14:34 - 2017-09-17 20:20 - 000343040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2017-10-12 14:34 - 2017-09-17 20:19 - 002750976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-10-12 14:34 - 2017-09-17 20:16 - 003520512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2017-10-12 14:34 - 2017-09-17 20:15 - 006065152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 003663360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 002997760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-10-12 14:34 - 2017-09-17 20:14 - 002649600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 002483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 001599488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 001556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 001170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 000675840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 000657408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-10-12 14:34 - 2017-09-17 20:14 - 000542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2017-10-12 14:34 - 2017-09-17 20:13 - 001013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2017-10-12 14:34 - 2017-09-17 20:13 - 000886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-10-12 14:34 - 2017-09-17 20:13 - 000773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-10-12 14:34 - 2017-09-17 20:13 - 000598528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2017-10-12 14:34 - 2017-09-17 20:13 - 000589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2017-10-12 14:34 - 2017-09-17 20:13 - 000164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2017-10-12 14:34 - 2017-09-17 20:11 - 000783360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2017-10-12 14:34 - 2017-09-17 20:11 - 000450048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll
2017-10-12 14:34 - 2017-09-14 16:30 - 000185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2017-10-12 14:34 - 2017-09-14 16:30 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dinput8.dll
2017-10-12 14:34 - 2017-09-14 16:30 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-12 14:34 - 2017-09-14 16:28 - 000136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dinput.dll
2017-10-12 14:34 - 2017-09-14 16:27 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-10-12 14:34 - 2017-09-14 16:26 - 001167360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-10-12 14:34 - 2017-09-14 16:26 - 000636928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2017-10-12 14:34 - 2017-09-14 16:26 - 000359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certreq.exe
2017-10-12 14:34 - 2017-09-14 16:25 - 000529920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2017-10-12 14:34 - 2017-09-14 16:15 - 003106304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-10-12 14:34 - 2017-03-04 00:28 - 000224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2017-10-12 14:34 - 2017-03-04 00:24 - 000088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-10-12 14:34 - 2017-03-04 00:23 - 000299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2017-10-12 14:34 - 2017-03-04 00:18 - 000567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2017-10-12 14:34 - 2017-03-04 00:16 - 000368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2017-10-12 14:34 - 2017-03-04 00:00 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-10-12 14:34 - 2017-03-04 00:00 - 000711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2017-10-12 14:33 - 2017-09-17 21:27 - 001651552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.AppAgent.dll
2017-10-12 14:33 - 2017-09-17 21:27 - 000218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-10-12 14:33 - 2017-09-17 21:22 - 001470816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2017-10-12 14:33 - 2017-09-17 21:05 - 000497424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-10-12 14:33 - 2017-09-17 21:04 - 001706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-10-12 14:33 - 2017-09-17 20:55 - 005722320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2017-10-12 14:33 - 2017-09-17 20:54 - 001980768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2017-10-12 14:33 - 2017-09-17 20:52 - 004023560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-10-12 14:33 - 2017-09-17 20:52 - 001845512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-10-12 14:33 - 2017-09-17 20:52 - 001360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-10-12 14:33 - 2017-09-17 20:52 - 001277856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-10-12 14:33 - 2017-09-17 20:52 - 000981888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-10-12 14:33 - 2017-09-17 20:49 - 001412128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-10-12 14:33 - 2017-09-17 20:48 - 000117792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-10-12 14:33 - 2017-09-17 20:33 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-10-12 14:33 - 2017-09-17 20:29 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2017-10-12 14:33 - 2017-09-17 20:26 - 000298496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2017-10-12 14:33 - 2017-09-17 20:26 - 000284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2017-10-12 14:33 - 2017-09-17 20:26 - 000125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2017-10-12 14:33 - 2017-09-17 20:23 - 000238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2017-10-12 14:33 - 2017-09-17 20:21 - 018364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-10-12 14:33 - 2017-09-17 20:20 - 019414016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-10-12 14:33 - 2017-09-17 20:18 - 012204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-10-12 14:33 - 2017-09-17 20:17 - 000641024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-10-12 14:33 - 2017-09-17 20:14 - 006474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-10-12 14:33 - 2017-09-17 20:14 - 002740224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2017-10-12 14:33 - 2017-09-17 20:13 - 000751104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-10-12 14:33 - 2017-09-14 16:59 - 000096064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmcmnutils.dll
2017-10-12 14:33 - 2017-09-14 16:52 - 000136032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostUser.dll
2017-10-12 14:33 - 2017-09-14 16:49 - 001202936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-10-12 14:33 - 2017-09-14 16:39 - 000512000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2017-10-12 14:33 - 2017-09-14 16:39 - 000037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2017-10-12 14:33 - 2017-09-14 16:31 - 000328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2017-10-12 14:33 - 2017-09-14 16:28 - 000311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-10-12 14:33 - 2017-09-14 16:21 - 000566272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2017-10-12 14:22 - 2017-09-17 21:18 - 002414432 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.AppAgent.dll
2017-10-12 14:22 - 2017-09-17 21:17 - 001564512 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-10-12 14:22 - 2017-09-17 21:17 - 000245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-10-12 14:22 - 2017-09-17 21:17 - 000136032 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 001408352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 001054048 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000992096 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000813408 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000779616 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000766304 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000699232 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000513376 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000412512 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2017-10-12 14:22 - 2017-09-17 21:14 - 000076128 _____ (Microsoft Corporation) C:\Windows\system32\SyncAppvPublishingServer.exe
2017-10-12 14:22 - 2017-09-17 21:13 - 002170720 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2017-10-12 14:22 - 2017-09-17 21:13 - 001670496 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2017-10-12 14:22 - 2017-09-17 21:13 - 000704352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2017-10-12 14:22 - 2017-09-17 21:13 - 000567136 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2017-10-12 14:22 - 2017-09-17 21:13 - 000241504 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe
2017-10-12 14:22 - 2017-09-17 21:13 - 000202592 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamingUX.dll
2017-10-12 14:22 - 2017-09-17 21:09 - 007780192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-12 14:22 - 2017-09-17 21:09 - 002213760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-10-12 14:22 - 2017-09-17 21:09 - 000646688 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-10-12 14:22 - 2017-09-17 21:09 - 000133984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-12 14:22 - 2017-09-17 21:08 - 002253664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-12 14:22 - 2017-09-17 21:08 - 000998920 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-10-12 14:22 - 2017-09-17 21:05 - 001177688 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-12 14:22 - 2017-09-17 21:05 - 000172536 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-12 14:22 - 2017-09-17 21:05 - 000168800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-12 14:22 - 2017-09-17 21:04 - 000404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-12 14:22 - 2017-09-17 21:02 - 007213464 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2017-10-12 14:22 - 2017-09-17 21:02 - 001860288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2017-10-12 14:22 - 2017-09-17 21:01 - 002446704 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-10-12 14:22 - 2017-09-17 21:01 - 000624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-10-12 14:22 - 2017-09-17 21:01 - 000431456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-10-12 14:22 - 2017-09-17 21:01 - 000223072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-12 14:22 - 2017-09-17 21:00 - 001072248 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-10-12 14:22 - 2017-09-17 20:59 - 022220864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-10-12 14:22 - 2017-09-17 20:59 - 008173672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2017-10-12 14:22 - 2017-09-17 20:59 - 004260072 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-10-12 14:22 - 2017-09-17 20:59 - 001983408 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-10-12 14:22 - 2017-09-17 20:59 - 001702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-10-12 14:22 - 2017-09-17 20:59 - 000241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-10-12 14:22 - 2017-09-17 20:58 - 001600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-10-12 14:22 - 2017-09-17 20:58 - 000206688 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2017-10-12 14:22 - 2017-09-17 20:57 - 001566552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-10-12 14:22 - 2017-09-17 20:57 - 001460696 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-10-12 14:22 - 2017-09-17 20:57 - 001415712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-12 14:22 - 2017-09-17 20:56 - 000057408 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-12 14:22 - 2017-09-17 20:36 - 022570496 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-10-12 14:22 - 2017-09-17 20:35 - 000372736 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2017-10-12 14:22 - 2017-09-17 20:33 - 000119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2017-10-12 14:22 - 2017-09-17 20:33 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\TransliterationRanker.dll
2017-10-12 14:22 - 2017-09-17 20:32 - 000177152 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-12 14:22 - 2017-09-17 20:32 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\jpninputrouter.dll
2017-10-12 14:22 - 2017-09-17 20:32 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\EmojiDS.dll
2017-10-12 14:22 - 2017-09-17 20:32 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-12 14:22 - 2017-09-17 20:31 - 006288384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-10-12 14:22 - 2017-09-17 20:31 - 000239104 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-10-12 14:22 - 2017-09-17 20:31 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-12 14:22 - 2017-09-17 20:31 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\RuleBasedDS.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\jpnranker.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000257536 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000196096 _____ (Microsoft Corporation) C:\Windows\system32\UserDeviceRegistration.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000174592 _____ C:\Windows\system32\IHDS.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\VocabRoamingHandler.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000117760 _____ (Microsoft Corporation) C:\Windows\system32\StaticDictDS.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000101888 _____ (Microsoft Corporation) C:\Windows\system32\UserDeviceRegistration.Ngc.dll
2017-10-12 14:22 - 2017-09-17 20:30 - 000095232 _____ (Microsoft Corporation) C:\Windows\system32\chxranker.dll
2017-10-12 14:22 - 2017-09-17 20:29 - 009129984 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-10-12 14:22 - 2017-09-17 20:29 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\ChsStrokeDS.dll
2017-10-12 14:22 - 2017-09-17 20:29 - 000411136 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2017-10-12 14:22 - 2017-09-17 20:29 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2017-10-12 14:22 - 2017-09-17 20:29 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\VCardParser.dll
2017-10-12 14:22 - 2017-09-17 20:28 - 000536064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-12 14:22 - 2017-09-17 20:28 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\ChtHkStrokeDS.dll
2017-10-12 14:22 - 2017-09-17 20:28 - 000335872 _____ (Microsoft Corporation) C:\Windows\system32\ChsPinyinRanker.dll
2017-10-12 14:22 - 2017-09-17 20:28 - 000290816 _____ (Microsoft Corporation) C:\Windows\system32\MtfDecoder.dll
2017-10-12 14:22 - 2017-09-17 20:28 - 000289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-10-12 14:22 - 2017-09-17 20:28 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentActivation.dll
2017-10-12 14:22 - 2017-09-17 20:28 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2017-10-12 14:22 - 2017-09-17 20:28 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000719872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2017-10-12 14:22 - 2017-09-17 20:27 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000626176 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000590336 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000497152 _____ (Microsoft Corporation) C:\Windows\system32\ChxAPDS.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000480768 _____ (Microsoft Corporation) C:\Windows\system32\msimeChsPinyinMainDS.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000469504 _____ (Microsoft Corporation) C:\Windows\system32\ChxHAPDS.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000422400 _____ (Microsoft Corporation) C:\Windows\system32\ChtCangjieDS.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000410624 _____ (Microsoft Corporation) C:\Windows\system32\ChtQuickDS.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000407552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000379904 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000349184 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-12 14:22 - 2017-09-17 20:27 - 000336384 _____ (Microsoft Corporation) C:\Windows\system32\jpndecoder.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000329728 _____ (Microsoft Corporation) C:\Windows\system32\chxinputrouter.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000326656 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000295424 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000268800 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll
2017-10-12 14:22 - 2017-09-17 20:27 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 002716672 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 000805888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 000686592 _____ (Microsoft Corporation) C:\Windows\system32\dsregcmd.exe
2017-10-12 14:22 - 2017-09-17 20:26 - 000562176 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\dsreg.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 000396800 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 000384000 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 000283136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-12 14:22 - 2017-09-17 20:26 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-10-12 14:22 - 2017-09-17 20:26 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2017-10-12 14:22 - 2017-09-17 20:25 - 001914368 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2017-10-12 14:22 - 2017-09-17 20:25 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-10-12 14:22 - 2017-09-17 20:25 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2017-10-12 14:22 - 2017-09-17 20:25 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\RjvMDMConfig.dll
2017-10-12 14:22 - 2017-09-17 20:24 - 013107712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-12 14:22 - 2017-09-17 20:24 - 002103808 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2017-10-12 14:22 - 2017-09-17 20:24 - 001589760 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2017-10-12 14:22 - 2017-09-17 20:24 - 001584640 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2017-10-12 14:22 - 2017-09-17 20:24 - 000713216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-12 14:22 - 2017-09-17 20:24 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-12 14:22 - 2017-09-17 20:23 - 000442368 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2017-10-12 14:22 - 2017-09-17 20:22 - 004749824 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-10-12 14:22 - 2017-09-17 20:22 - 003291648 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-10-12 14:22 - 2017-09-17 20:22 - 000883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-10-12 14:22 - 2017-09-17 20:22 - 000352256 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2017-10-12 14:22 - 2017-09-17 20:22 - 000198144 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-12 14:22 - 2017-09-17 20:20 - 023677952 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-12 14:22 - 2017-09-17 20:20 - 000937984 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-10-12 14:22 - 2017-09-17 20:20 - 000284160 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2017-10-12 14:22 - 2017-09-17 20:19 - 001060352 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
2017-10-12 14:22 - 2017-09-17 20:19 - 000549376 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-10-12 14:22 - 2017-09-17 20:19 - 000519168 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2017-10-12 14:22 - 2017-09-17 20:18 - 008114688 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-10-12 14:22 - 2017-09-17 20:18 - 008077312 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-10-12 14:22 - 2017-09-17 20:18 - 001145344 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2017-10-12 14:22 - 2017-09-17 20:18 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2017-10-12 14:22 - 2017-09-17 20:18 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2017-10-12 14:22 - 2017-09-17 20:18 - 000932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-12 14:22 - 2017-09-17 20:18 - 000330752 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnrSvc.dll
2017-10-12 14:22 - 2017-09-17 20:17 - 003401216 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-12 14:22 - 2017-09-17 20:17 - 002279424 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-10-12 14:22 - 2017-09-17 20:17 - 001783296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-12 14:22 - 2017-09-17 20:17 - 000779776 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2017-10-12 14:22 - 2017-09-17 20:16 - 004743168 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-12 14:22 - 2017-09-17 20:16 - 004596224 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2017-10-12 14:22 - 2017-09-17 20:16 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 003202048 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 002919936 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 002800128 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 002538496 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 002370048 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 001692160 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 001282048 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 001231360 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 000893952 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2017-10-12 14:22 - 2017-09-17 20:15 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 003615744 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-10-12 14:22 - 2017-09-17 20:14 - 002897408 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 002321408 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 001518080 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-10-12 14:22 - 2017-09-17 20:14 - 001328640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 001040896 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000983552 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000971264 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000913920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000908800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000903680 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-12 14:22 - 2017-09-17 20:14 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000799744 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000774656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000765440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000650752 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-10-12 14:22 - 2017-09-17 20:13 - 001726976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2017-10-12 14:22 - 2017-09-17 20:13 - 001121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-10-12 14:22 - 2017-09-17 20:13 - 000924672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2017-10-12 14:22 - 2017-09-17 20:13 - 000203264 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2017-10-12 14:22 - 2017-09-17 20:12 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2017-10-12 14:22 - 2017-09-17 20:12 - 000532992 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll
2017-10-12 14:22 - 2017-09-17 20:12 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2017-10-12 14:22 - 2017-09-17 20:11 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\trie.dll
2017-10-12 14:22 - 2017-09-17 20:11 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\MTFFuzzyDS.dll
2017-10-12 14:22 - 2017-09-17 20:11 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\MTFSpellcheckDS.dll
2017-10-12 14:22 - 2017-09-14 17:14 - 000119328 _____ (Microsoft Corporation) C:\Windows\system32\dmcmnutils.dll
2017-10-12 14:22 - 2017-09-14 17:05 - 001302136 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-10-12 14:22 - 2017-09-14 16:39 - 002233344 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppAgent.dll
2017-10-12 14:22 - 2017-09-14 16:39 - 001227264 _____ (Microsoft Corporation) C:\Windows\system32\AgentService.exe
2017-10-12 14:22 - 2017-09-14 16:39 - 001222144 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CommonBridge.dll
2017-10-12 14:22 - 2017-09-14 16:39 - 001165824 _____ (Microsoft Corporation) C:\Windows\system32\ApplySettingsTemplateCatalog.exe
2017-10-12 14:22 - 2017-09-14 16:39 - 000768512 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.PrinterCustomActions.dll
2017-10-12 14:22 - 2017-09-14 16:39 - 000744960 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Office2013CustomActions.dll
2017-10-12 14:22 - 2017-09-14 16:39 - 000419328 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CscUnpinTool.exe
2017-10-12 14:22 - 2017-09-14 16:39 - 000298496 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ConfigWrapper.dll
2017-10-12 14:22 - 2017-09-14 16:38 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Office2010CustomActions.dll
2017-10-12 14:22 - 2017-09-14 16:32 - 000326144 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollUI.dll
2017-10-12 14:22 - 2017-09-14 16:32 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\MSWB7.dll
2017-10-12 14:22 - 2017-09-14 16:32 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\dinput8.dll
2017-10-12 14:22 - 2017-09-14 16:32 - 000162304 _____ (Microsoft Corporation) C:\Windows\system32\dinput.dll
2017-10-12 14:22 - 2017-09-14 16:32 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-12 14:22 - 2017-09-14 16:31 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2017-10-12 14:22 - 2017-09-14 16:31 - 000280576 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2017-10-12 14:22 - 2017-09-14 16:30 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-10-12 14:22 - 2017-09-14 16:29 - 000352256 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-10-12 14:22 - 2017-09-14 16:25 - 000821248 _____ (Microsoft Corporation) C:\Windows\system32\comuid.dll
2017-10-12 14:22 - 2017-09-14 16:25 - 000675328 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2017-10-12 14:22 - 2017-09-14 16:24 - 000981504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2017-10-12 14:22 - 2017-09-14 16:24 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\certreq.exe
2017-10-12 14:22 - 2017-09-14 16:23 - 000560128 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2017-10-12 14:22 - 2017-09-14 16:22 - 000987648 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-10-12 14:22 - 2017-09-14 16:22 - 000820736 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-10-12 14:22 - 2017-09-14 16:22 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2017-10-12 14:22 - 2017-09-14 16:20 - 002852864 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-10-12 14:22 - 2017-09-14 16:19 - 001421824 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-10-12 14:22 - 2017-09-14 16:19 - 000928256 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2017-10-12 14:22 - 2017-09-14 16:18 - 003299840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-10-12 14:22 - 2017-09-14 16:18 - 000273920 _____ (Microsoft Corporation) C:\Windows\system32\umrdp.dll
2017-10-12 14:22 - 2017-09-14 16:17 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsusbhub.sys
2017-10-12 14:22 - 2017-09-14 16:16 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2017-10-12 14:22 - 2017-03-04 01:10 - 000360040 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2017-10-12 14:22 - 2017-03-04 00:25 - 000748544 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2017-10-12 14:22 - 2017-03-04 00:23 - 001184256 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2017-10-12 14:22 - 2017-03-04 00:11 - 001643008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2017-10-12 14:22 - 2017-03-04 00:07 - 001064448 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-10-12 14:22 - 2017-03-04 00:03 - 000119808 ____R (Microsoft Corporation) C:\Windows\system32\SecureAssessmentHandlers.dll
2017-10-12 14:22 - 2016-08-26 23:12 - 000244816 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-10-12 14:22 - 2016-08-05 22:16 - 000026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-10-12 14:22 - 2016-08-02 02:13 - 001081856 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2017-10-12 14:21 - 2017-09-17 20:32 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-10-12 14:21 - 2017-09-14 16:34 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2017-10-12 09:51 - 2017-10-12 09:51 - 006378177 ____N C:\Users\User\Documents\wraith.dae
2017-10-11 15:43 - 2017-10-11 15:43 - 001688965 ____N C:\Users\User\Documents\wraith.obj
2017-10-11 15:43 - 2017-10-11 15:43 - 000000762 ____N C:\Users\User\Documents\wraith.mtl
2017-10-11 14:46 - 2017-10-11 14:46 - 000000000 ____D C:\ProgramData\Reprise
2017-10-11 10:07 - 2017-10-11 10:07 - 000000000 ____D C:\Users\User\Documents\xgen
2017-10-11 09:53 - 2017-10-11 09:53 - 000000000 ____D C:\ProgramData\FLEXnet
2017-10-11 09:51 - 2017-11-06 21:13 - 000000000 ____D C:\Users\User\AppData\Local\Autodesk
2017-10-11 09:51 - 2017-10-11 10:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Autodesk
2017-10-11 09:50 - 2017-11-06 21:13 - 000000000 ____D C:\Program Files (x86)\Autodesk
2017-10-11 09:47 - 2017-10-12 11:22 - 000000000 ____D C:\Users\User\Documents\maya
2017-10-11 09:47 - 2017-10-11 09:47 - 000000000 ____D C:\solidangle
2017-10-11 09:28 - 2017-11-06 21:14 - 000000000 ____D C:\Program Files\Autodesk
2017-10-11 09:22 - 2017-11-06 21:07 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-10-11 09:19 - 2017-11-06 21:13 - 000000000 ____D C:\ProgramData\Autodesk
2017-10-11 09:15 - 2017-10-11 09:15 - 000000000 ____D C:\Autodesk
2017-10-10 18:19 - 2017-10-10 18:19 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-09 12:37 - 2017-10-09 12:37 - 000153857 ____N C:\Users\User\Downloads\DLtkA3_V4AAnmn3.jpg-large
2017-10-07 13:43 - 2017-10-07 13:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2017-10-07 13:42 - 2017-10-07 13:42 - 000002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-07 13:39 - 2017-10-07 13:39 - 001130328 ____N (Google Inc.) C:\Users\User\Downloads\ChromeSetup.exe
2017-10-07 13:39 - 2017-10-07 13:39 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-07 13:39 - 2017-10-07 13:39 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-06 22:22 - 2017-09-08 11:42 - 000000000 ____D C:\Program Files (x86)\Unfold3D
2017-11-06 22:21 - 2017-08-06 19:08 - 000000000 ____D C:\Users\User\AppData\Roaming\WTablet
2017-11-06 22:19 - 2017-08-31 12:35 - 000000000 ____D C:\Users\User\AppData\Local\Free Download Manager
2017-11-06 21:44 - 2017-08-06 13:07 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-06 21:29 - 2017-08-06 20:10 - 000000000 ____D C:\Users\User\AppData\Roaming\discord
2017-11-06 20:49 - 2017-08-05 13:36 - 000000000 ____D C:\Program Files\Adobe
2017-11-06 20:49 - 2017-08-05 13:34 - 000000000 ____D C:\ProgramData\Adobe
2017-11-06 20:48 - 2017-08-05 13:42 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-06 20:48 - 2017-08-05 13:35 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-11-06 20:40 - 2017-08-05 12:57 - 000000000 ____D C:\Users\User\AppData\Roaming\Adobe
2017-11-06 20:23 - 2017-08-05 12:59 - 000000000 ____D C:\Windows10Upgrade
2017-11-06 20:10 - 2017-08-05 14:47 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-11-06 18:09 - 2016-07-16 05:47 - 000000000 ____D C:\Windows\system32\NDF
2017-11-06 17:53 - 2017-08-08 14:24 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2017-11-06 17:31 - 2017-08-06 23:50 - 000004162 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F5A599CA-FE33-4D0E-86BB-8A920302AF73}
2017-11-06 11:37 - 2017-08-05 12:57 - 000000000 ___RD C:\Users\User\Documents\Documents 2017-11-06 11;37;46 (Full)
2017-11-06 10:22 - 2017-08-05 12:57 - 000000000 ___RD C:\Users\User\Documents\Downloads 2017-11-06 12;33;17 (Full)
2017-11-06 10:20 - 2016-07-16 05:45 - 000000000 ____D C:\Windows\INF
2017-11-06 08:45 - 2017-08-15 18:01 - 000004268 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-11-05 10:40 - 2017-09-19 05:17 - 000000000 ____D C:\Users\User\AppData\Local\wiakxrl
2017-11-04 17:06 - 2017-09-19 05:11 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\msidntfs.sys
2017-11-04 17:06 - 2017-08-05 14:48 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-04 17:05 - 2016-07-16 00:04 - 013107200 _____ C:\Windows\system32\config\HARDWARE
2017-11-04 17:05 - 2016-07-16 00:04 - 000262144 _____ C:\Windows\system32\config\BBI
2017-11-04 13:48 - 2017-08-05 13:05 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-03 18:58 - 2017-08-07 15:41 - 000000000 ____D C:\Program Files\Unity
2017-11-03 18:03 - 2016-07-16 05:36 - 000000000 ____D C:\Windows\CbsTemp
2017-11-03 17:41 - 2017-08-16 10:00 - 000000000 ____D C:\Users\User\Documents\New Unity Project
2017-11-03 17:38 - 2017-09-16 20:59 - 000000000 ____D C:\Users\User\Documents\smile
2017-11-02 15:10 - 2017-08-06 13:39 - 000000000 ____D C:\Program Files\rempl
2017-11-02 13:55 - 2017-08-10 15:28 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-11-02 13:44 - 2017-09-02 20:22 - 000000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2017-11-02 11:49 - 2017-08-05 12:57 - 000000000 ___RD C:\Users\User\Documents\Music 2017-11-06 11;33;32 (Full)
2017-11-02 10:15 - 2016-07-16 05:47 - 000000000 ____D C:\Windows\AppReadiness
2017-11-01 23:06 - 2017-08-06 16:56 - 000001456 _____ C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-11-01 23:06 - 2017-08-05 12:57 - 000000000 ___RD C:\Users\User\Documents\Pictures 2017-11-06 10;15;52 (Full)
2017-11-01 20:53 - 2017-08-05 13:19 - 000000000 ____D C:\Program Files\KMSpico
2017-11-01 20:32 - 2017-09-19 03:48 - 000000000 ____D C:\Program Files\Lightworks
2017-11-01 16:24 - 2017-09-06 11:31 - 000000033 _____ C:\Users\User\AppData\Roaming\AdobeWLCMCache.dat
2017-11-01 11:48 - 2017-09-21 11:41 - 000000000 ____D C:\Users\User\AppData\Roaming\MPC-HC
2017-11-01 11:01 - 2017-08-05 13:01 - 000003372 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2419917656-2055917082-45752995-1001
2017-11-01 11:01 - 2017-08-05 13:00 - 000000000 ___RD C:\Users\User\OneDrive
2017-11-01 10:30 - 2017-08-05 15:46 - 000000000 ____D C:\Windows\Panther
2017-11-01 02:50 - 2017-09-19 05:17 - 000000000 ____D C:\Users\User\AppData\Local\vsidhrk
2017-10-31 23:34 - 2016-07-16 05:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-29 16:10 - 2017-08-10 18:07 - 000000000 ____D C:\Users\User\AppData\Local\Deployment
2017-10-26 10:46 - 2017-08-15 18:01 - 001029872 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-10-23 21:48 - 2016-07-16 05:47 - 000000000 ____D C:\Windows\rescache
2017-10-21 15:04 - 2017-09-30 18:34 - 000000000 ____D C:\Users\User\Documents\Fanfic
2017-10-19 01:45 - 2017-08-05 12:59 - 001150952 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-19 01:41 - 2017-08-05 12:57 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-19 01:39 - 2017-08-06 19:07 - 000346592 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-19 01:37 - 2016-07-16 05:47 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2017-10-19 01:37 - 2016-07-16 05:47 - 000000000 ____D C:\Windows\system32\oobe
2017-10-19 01:37 - 2016-07-16 05:47 - 000000000 ____D C:\Windows\ShellExperiences
2017-10-12 16:27 - 2017-09-15 14:16 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-12 16:27 - 2017-09-15 14:16 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 09:44 - 2017-09-03 20:26 - 000000000 ____D C:\tmp
2017-10-10 21:29 - 2017-10-06 14:20 - 005281428 ____N C:\Users\User\Documents\wraith.blend
2017-10-10 21:06 - 2017-10-06 14:20 - 005258276 ____N C:\Users\User\Documents\wraith.blend1
2017-10-10 18:24 - 2017-08-06 19:29 - 000000000 ____D C:\Windows\system32\MRT
2017-10-10 18:19 - 2017-08-06 19:29 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-10 18:11 - 2017-09-03 11:36 - 000000000 ____D C:\Users\User\Documents\laurie
2017-10-07 13:42 - 2017-08-06 16:33 - 000000000 ____D C:\Program Files\Tablet
2017-10-07 13:42 - 2017-08-05 13:36 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-07 13:39 - 2017-10-02 13:28 - 000000000 ____D C:\Users\User\AppData\Local\MicrosoftEdge
 
==================== Files in the root of some directories =======
 
2017-09-06 11:31 - 2017-11-01 16:24 - 000000033 _____ () C:\Users\User\AppData\Roaming\AdobeWLCMCache.dat
2017-08-27 11:47 - 2017-08-27 11:51 - 316729293 _____ () C:\Users\User\AppData\Local\ACCCx4_2_0_218.zip.aamdownload
2017-08-27 11:47 - 2017-08-27 11:51 - 000003546 _____ () C:\Users\User\AppData\Local\ACCCx4_2_0_218.zip.aamdownload.aamd
2017-08-06 16:56 - 2017-11-01 23:06 - 000001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-08-07 11:40 - 2017-08-07 11:53 - 001065984 _____ () C:\Users\User\AppData\Local\file__0.localstorage
2017-09-23 15:38 - 2017-09-23 15:38 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
2017-11-06 21:10 - 2017-01-18 06:07 - 000021928 _____ (Autodesk, Inc.) C:\Users\User\AppData\Local\Temp\AcDeltree.exe
2017-11-06 21:18 - 2017-03-14 07:31 - 001780824 ____N (Adobe Systems Incorporated) C:\Users\User\AppData\Local\Temp\AdobePIM.dll
2017-11-06 21:18 - 2017-03-27 11:43 - 003481688 ____N (Adobe Systems Incorporated) C:\Users\User\AppData\Local\Temp\Creative Cloud Uninstaller.exe
2017-11-06 20:57 - 2017-11-06 21:07 - 002398688 _____ (Flexera Software LLC) C:\Users\User\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-02 09:09
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by User (06-11-2017 22:24:36)
Running from C:\Users\User\Downloads
Windows 10 Pro Version 1607 14393.1770 (X64) (2017-08-05 18:54:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2419917656-2055917082-45752995-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2419917656-2055917082-45752995-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2419917656-2055917082-45752995-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2419917656-2055917082-45752995-501 - Limited - Disabled)
User (S-1-5-21-2419917656-2055917082-45752995-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Illustrator (HKLM\...\{780AAB64-C5AB-4CC5-9096-02F8671E5179}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Blender (HKLM\...\{DEA73CCA-7EC9-41EA-8509-1041C1CABFD0}) (Version: 2.78.3 - Blender Foundation)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Chrysanth Diary [Free] (HKLM-x32\...\AC970D9B-E5C8-44D8-910B-D763DDF6D32A_is1) (Version: 5.3 - Chrysanth Software Sdn. Bhd.)
Cityographer (HKLM-x32\...\Cityographer_0) (Version:  - Inkwell Ideas)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
CRYENGINE Launcher (HKLM-x32\...\{F7916573-4BDD-4A9F-9E2F-CC8107845DC3}) (Version: 1.0.0 - Crytek GmbH)
DesignDoll (HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\a94d3e1b3ab3bea6) (Version: 1.4.0.0 - Terawell)
Discord (HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
DragonBonesPro (HKLM-x32\...\DragonBonesPro) (Version: 5.0.0 - Egret Technology Inc)
FirestormOS-Releasex64 (HKLM\...\FirestormOS-Releasex64) (Version: 5.0.7.52912 - The Phoenix Firestorm Project, Inc.)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
K-Lite Codec Pack 13.5.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.5.0 - KLCP)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MediBang Paint Pro 11.0 (64-bit) (HKLM\...\MediBang Paint Pro_is1) (Version: 11.0 - Medibang)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.12.111.1002 - Microsoft Corporation)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
Npcap 0.93 (HKLM-x32\...\NpcapInst) (Version: 0.93 - Nmap Project)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.1 beta r2838 - )
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
Snaz version 1.12.6.0 (HKLM-x32\...\{70A76031-FDC6-4F9B-BB5C-33776703F45A}_is1) (Version: 1.12.6.0 - JimsApps)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{17515373-7495-4995-9089-B7D6DF455C38}) (Version: 2.6.0.0 - Microsoft Corporation)
VSDC Free Video Editor version 5.7.8.724 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.8.724 - Flash-Integro LLC)
VTFEdit 1.3.3 (HKLM\...\VTFEdit_is1) (Version:  - Neil Jedrzejewski & Ryan Gregg)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.24-5 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22256 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2419917656-2055917082-45752995-1001_Classes\CLSID\{4748f905-8e44-41b5-8022-b8c17c1331b3}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0121EFC9-5600-454E-8EAD-0580188E0510} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2016-10-24] ()
Task: {047F7D51-5A72-4A81-9AD7-F2D43CFB4887} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {06CEC94D-E4C8-449F-86C2-2C7EE6B4055E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {1DF194D5-8219-405E-91C6-4E391EA91919} - System32\Tasks\{225B0ED8-1B16-4AC7-A9D9-792BADC20B34} => C:\Windows\system32\pcalua.exe -a C:\Users\User\AppData\Roaming\Microsoft\BlockAdsPro\BlockAdsPro.exe -c /u
Task: {26F819D0-4C83-4000-911A-1E11CC194246} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-05] (AVAST Software)
Task: {2F6B42BD-A1F8-4E8C-88DF-129493DE397A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {4813F46C-7A89-470B-B6FC-265676239D29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-07] (Google Inc.)
Task: {51AD8FF0-D6F2-4781-A4BE-A768A7506C48} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {60C5DC17-49E9-4BE9-B03C-6D82D3A72E82} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [2017-07-26] (FreeDownloadManager.org)
Task: {66EAB458-B47C-4AE6-BAE7-C03177F4F660} - System32\Tasks\{583C3B01-C487-4B2D-9258-B988699F883F} => C:\Windows\system32\pcalua.exe -a C:\Users\User\AppData\Local\uninstallce.exe
Task: {68529DF2-6B56-4319-97EB-513028CA43F6} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-09-01] ()
Task: {84332D1C-AEE8-4A46-8F60-D7E1F0965B2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {BC11B02D-0536-48CF-A5D3-FEA63FC2805E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-07] (Google Inc.)
Task: {E7B65DBA-BC98-49FA-B9A0-E8D843913054} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-08-31 12:35 - 2017-07-26 09:16 - 000029696 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll
2016-07-16 05:42 - 2016-07-16 05:42 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-09-13 10:59 - 2017-09-07 00:01 - 002681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-08-06 16:33 - 2017-09-13 15:46 - 001658312 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-09-02 23:12 - 2017-09-02 23:12 - 000095744 _____ () C:\Windows\Womtrust.dll
2016-10-25 08:57 - 2016-10-25 08:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-11-10 10:55 - 2015-11-10 10:55 - 008901800 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-08-06 13:16 - 2016-09-06 22:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-08-06 13:16 - 2017-03-04 00:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-08-31 12:35 - 2017-04-13 10:42 - 002158592 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avformat-57.dll
2017-08-31 12:35 - 2017-04-13 10:42 - 000485376 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avutil-55.dll
2017-08-31 12:35 - 2017-04-13 10:42 - 012242432 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avcodec-57.dll
2017-08-31 12:35 - 2017-04-13 10:42 - 001825792 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avfilter-6.dll
2017-08-31 12:35 - 2017-04-13 10:42 - 000662016 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swscale-4.dll
2017-08-31 12:35 - 2017-04-13 10:42 - 000138752 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swresample-2.dll
2017-08-31 12:35 - 2017-07-26 09:17 - 000100864 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winunivappfeatures.dll
2017-08-31 12:35 - 2017-04-13 10:46 - 069740544 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libcef.dll
2017-08-31 12:35 - 2017-04-13 10:45 - 002323456 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libglesv2.dll
2017-08-31 12:35 - 2017-04-13 10:45 - 000094208 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libegl.dll
2017-07-28 14:06 - 2017-07-28 14:06 - 000023040 _____ () C:\Program Files\Rainmeter\Plugins\InputText.dll
2017-07-28 14:05 - 2017-07-28 14:05 - 000130560 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.dll
2017-09-18 20:37 - 2017-09-18 20:37 - 000914432 _____ () C:\Users\User\AppData\Local\wiakxrl\wiakxrl.exe
2017-08-20 11:38 - 2017-08-20 11:38 - 001087488 _____ () C:\Users\User\AppData\Local\wiakxrl\pssetri.exe
2017-10-25 00:41 - 2017-10-25 01:18 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-10-25 00:41 - 2017-10-25 01:18 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-10-25 00:41 - 2017-10-25 01:18 - 025446400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-10-25 00:41 - 2017-10-25 01:18 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-09-21 11:36 - 2017-09-01 03:00 - 000327168 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\libbluray.dll
2017-09-27 15:32 - 2017-09-27 15:32 - 000076800 ____N () C:\Users\User\Downloads\lumberyard-1.11-486406a-pc\dev\Tools\LmbrSetup\Win\LyMetricsProducer_shared.dll
2017-09-27 15:29 - 2017-09-27 15:29 - 000168448 ____N () C:\Users\User\Downloads\lumberyard-1.11-486406a-pc\dev\Tools\LmbrSetup\Win\LyMetricsShared_shared.dll
2017-09-27 15:21 - 2017-09-27 15:21 - 000052224 ____N () C:\Users\User\Downloads\lumberyard-1.11-486406a-pc\dev\Tools\LmbrSetup\Win\LyIdentity_shared.dll
2017-07-18 16:35 - 2017-07-18 16:35 - 000143872 ____N () C:\Users\User\Downloads\lumberyard-1.11-486406a-pc\dev\Tools\LmbrSetup\Win\aws-cpp-sdk-identity-management.dll
2017-07-18 16:35 - 2017-07-18 16:35 - 001021440 ____N () C:\Users\User\Downloads\lumberyard-1.11-486406a-pc\dev\Tools\LmbrSetup\Win\aws-cpp-sdk-core.dll
2017-07-18 16:35 - 2017-07-18 16:35 - 001168384 ____N () C:\Users\User\Downloads\lumberyard-1.11-486406a-pc\dev\Tools\LmbrSetup\Win\aws-cpp-sdk-lambda.dll
2017-07-18 16:35 - 2017-07-18 16:35 - 000153600 ____N () C:\Users\User\Downloads\lumberyard-1.11-486406a-pc\dev\Tools\LmbrSetup\Win\aws-cpp-sdk-mobileanalytics.dll
2017-07-18 16:35 - 2017-07-18 16:35 - 000795136 ____N () C:\Users\User\Downloads\lumberyard-1.11-486406a-pc\dev\Tools\LmbrSetup\Win\aws-cpp-sdk-cognito-identity.dll
2017-07-18 16:35 - 2017-07-18 16:35 - 000347136 ____N () C:\Users\User\Downloads\lumberyard-1.11-486406a-pc\dev\Tools\LmbrSetup\Win\aws-cpp-sdk-sts.dll
2017-10-05 08:14 - 2017-10-05 08:14 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-10-07 13:42 - 2017-09-21 01:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-10-07 13:42 - 2017-09-21 01:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-08-06 13:14 - 2017-03-04 00:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-08-06 13:14 - 2017-03-04 00:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-06 13:14 - 2017-03-04 00:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-10-12 14:22 - 2017-09-17 20:13 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-10-12 14:22 - 2017-09-17 20:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-10-12 14:22 - 2017-09-17 20:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-11-06 22:13 - 2017-11-06 22:14 - 000468480 _____ () C:\Users\User\Downloads\CKScanner.exe
2017-10-05 08:14 - 2017-10-05 08:14 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-05 08:14 - 2017-10-05 08:14 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-08-15 18:00 - 2017-08-15 18:00 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-05 08:14 - 2017-10-05 08:14 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-05 08:14 - 2017-10-05 08:14 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-05 08:14 - 2017-10-05 08:14 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-25 09:47 - 2017-10-25 09:47 - 000703336 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-08-06 13:10 - 2017-09-09 13:25 - 000688416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-08-06 13:10 - 2016-08-31 19:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-08-06 13:10 - 2017-10-30 21:22 - 002546976 _____ () C:\Program Files (x86)\Steam\video.dll
2017-08-06 13:09 - 2016-01-27 01:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-08-06 13:09 - 2016-01-27 01:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-08-06 13:09 - 2016-01-27 01:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-08-06 13:09 - 2016-01-27 01:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-08-06 13:09 - 2016-01-27 01:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-08-06 13:10 - 2016-08-31 19:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-08-06 13:10 - 2016-08-31 19:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-08-06 13:10 - 2017-10-30 21:22 - 000901408 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-08-06 13:10 - 2016-07-04 16:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-08-06 13:12 - 2017-08-16 16:28 - 073130272 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-08-06 13:12 - 2017-09-06 20:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-08-06 13:09 - 2015-09-24 17:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-08-02 20:40 - 2017-08-02 20:40 - 053460480 _____ () C:\Users\User\AppData\Local\wiakxrl\libcef.dll
2016-05-31 10:43 - 2016-05-31 10:43 - 001976832 _____ () C:\Users\User\AppData\Local\wiakxrl\libglesv2.dll
2016-05-31 10:44 - 2016-05-31 10:44 - 000075264 _____ () C:\Users\User\AppData\Local\wiakxrl\libegl.dll
2015-11-10 10:55 - 2015-11-10 10:55 - 008901800 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-08-08 18:59 - 2017-08-08 14:13 - 001893880 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-11-06 21:29 - 2017-11-06 21:29 - 001577976 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-08-08 18:59 - 2017-08-08 14:13 - 001938424 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-08 18:59 - 2017-08-08 14:13 - 000095736 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-11-06 21:29 - 2017-11-06 21:41 - 009722360 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-11-06 21:29 - 2017-11-06 21:29 - 001440248 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-11-06 21:42 - 2017-11-06 21:42 - 000148992 _____ () \\?\C:\Users\User\AppData\Local\Temp\824B.tmp.node
2017-11-06 21:29 - 2017-11-06 21:29 - 002658296 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-11-06 21:44 - 2017-11-06 21:44 - 002673656 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 05:47 - 2017-11-01 20:53 - 000000850 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\...\StartupApproved\Run: => "Rainlendar2"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D347AC04-A93A-42AE-BDD6-8A5EF997DCCA}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{498425FD-F8DF-4861-A1D2-544EF3E0A5AC}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{3A34E0F2-1E0B-458F-A33D-8F520BD40CCE}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{A847B0F2-D163-4170-B01B-FDD6EF59F5E4}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{9E058397-0CFD-463A-BECE-F2C14F9A4A2F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BDD23C17-9FC0-4D70-B4CE-FC795C326AFD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6E673626-1981-40F0-A43A-5B1F02AD0B41}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5EF45750-5976-4B65-9ECE-F7806AF23F91}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C96A0709-BB2C-4413-8C6A-FD771FE23248}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{3595FC38-1436-48A3-BA55-0D48274A4146}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{A7DB82E0-7C4B-4C0A-AECF-D21D70A57741}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{E0C508FF-4CDD-4735-B48D-313B7F8FA503}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{7A104A45-F8D1-4797-A474-E3620BB89E60}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{B7DE080E-E2AD-4718-A39A-CE0FB8338D35}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{8F3F85A3-A53D-4342-A60A-318CCA055B9F}C:\program files\firestormos-releasex64\slvoice.exe] => (Allow) C:\program files\firestormos-releasex64\slvoice.exe
FirewallRules: [UDP Query User{CAAE19E7-8360-4384-BA8D-791B8E181DC6}C:\program files\firestormos-releasex64\slvoice.exe] => (Allow) C:\program files\firestormos-releasex64\slvoice.exe
FirewallRules: [{4513F004-D0BD-40D3-92DC-3D0BD6081599}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{D3DB48FA-07B6-4203-8FFB-9B386CBB8300}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{B06C1AF9-3DA5-46DF-888C-C9883E3AE766}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{48931286-3E3D-445B-837E-33C188BC1D31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{0C91B0A7-3EF7-47E1-BFE7-74AE31263DD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{8C96273B-3918-4BCB-90FB-4063C43DB485}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{5231E4AA-159C-4393-BFA2-0F0883D5E194}] => (Block) %ProgramFiles%\Marvelous Designer 5 Enterprise\MarvelousDesigner5_Enterprise_x64.exe
FirewallRules: [{95471F6C-6CFB-438B-B0BE-B9AC397E9FDD}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{E2CB310E-1F27-43CA-85C3-E5D41495774C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3AB94A39-C2DD-4543-AEE4-42294937B39B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{4640295D-125A-4C2E-997E-9738CBA88547}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [TCP Query User{B40F364C-2EBD-4560-8633-F756A486C467}C:\program files (x86)\crytek\cryengine launcher\crytek\cryengine_5.4\bin\win_x64\sandbox.exe] => (Allow) C:\program files (x86)\crytek\cryengine launcher\crytek\cryengine_5.4\bin\win_x64\sandbox.exe
FirewallRules: [UDP Query User{C725A675-4FF1-4734-BA3C-8F9DD378043D}C:\program files (x86)\crytek\cryengine launcher\crytek\cryengine_5.4\bin\win_x64\sandbox.exe] => (Allow) C:\program files (x86)\crytek\cryengine launcher\crytek\cryengine_5.4\bin\win_x64\sandbox.exe
 
==================== Restore Points =========================
 
27-10-2017 07:53:14 Windows Update
01-11-2017 20:32:59 Removed TeeBoard: The Twitch Army Knife
03-11-2017 17:53:44 Windows Modules Installer
06-11-2017 21:13:34 Removed Bifrost for Maya 2018.
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/06/2017 10:15:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UC83QPF)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147023113 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/06/2017 09:13:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (11/06/2017 08:11:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 2.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 27b0
 
Start Time: 01d357489cf27962
 
Termination Time: 40
 
Application Path: C:\Users\User\Downloads\FRST64.exe
 
Report Id: eb0ef60c-c360-11e7-84af-0024811b99ad
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (11/06/2017 07:30:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UC83QPF)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023113 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/06/2017 05:53:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x220
Faulting application start time: 0x01d3575a780c5260
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 2d9b009a-7c21-4a04-a0d3-a954b9507354
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (11/06/2017 05:53:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x220
Faulting application start time: 0x01d3575a780c5260
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: e75bf5f8-f69d-48fc-8ee7-fa7e6985dac2
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (11/06/2017 05:45:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UC83QPF)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147023113 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/06/2017 03:45:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 2.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2388
 
Start Time: 01d35734dcc4bf67
 
Termination Time: 20
 
Application Path: C:\Users\User\Downloads\FRST64.exe
 
Report Id: ceac7099-c33b-11e7-84af-0024811b99ad
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (11/06/2017 11:15:17 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (11/06/2017 11:14:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (11/05/2017 09:52:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/04/2017 09:13:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/04/2017 05:11:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (11/04/2017 05:06:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/04/2017 05:05:43 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UC83QPF)
Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.
 
Error: (11/04/2017 05:05:43 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UC83QPF)
Description: The server {3EEF301F-B596-4C0B-BD92-013BEAFCE793} did not register with DCOM within the required timeout.
 
Error: (11/04/2017 05:05:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/04/2017 04:59:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0xc1900107: Feature update to Windows 10, version 1703.
 
Error: (11/04/2017 04:48:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (11/04/2017 04:42:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-15 11:54:54.434
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 62%
Total physical RAM: 8123.24 MB
Available physical RAM: 3018.75 MB
Total Virtual: 9403.24 MB
Available Virtual: 2786.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.6 GB) (Free:102.43 GB) NTFS
Drive g: () (Removable) (Total:14.83 GB) (Free:2.72 GB) FAT32
Drive j: (Storage Volume) (Fixed) (Total:149.05 GB) (Free:16.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 269C269B)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 4C23DEDB)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 4 (Size: 14.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:18 AM

Posted 07 November 2017 - 09:30 AM

Thank you for your understanding. Your computer is compromised and it is very difficult, if not impossibe, to try to clean a computer with software from untrusted sources installed.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
C:\Users\User\AppData\Local\wiakxrl
ShortcutTarget: dumbfounded.lnk -> C:\Program Files (x86)\Wagon\kingsport.exe (No File)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2419917656-2055917082-45752995-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2419917656-2055917082-45752995-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
CHR Extension: (Quest) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambgegofabbnggkihmboplgghoocjaka [2017-08-06]
CHR Extension: (New XKit) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2017-09-30] [UpdateUrl: hxxps://new-xkit.github.io/XKit/Extensions/dist/page/FirefoxUpdate.json] <==== ATTENTION
2017-11-01 20:53 - 2017-08-05 13:19 - 000000000 ____D C:\Program Files\KMSpico
2017-11-04 17:06 - 2017-09-19 05:11 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\msidntfs.sys
2017-10-12 09:44 - 2017-09-03 20:26 - 000000000 ____D C:\tmp
Task: {1DF194D5-8219-405E-91C6-4E391EA91919} - System32\Tasks\{225B0ED8-1B16-4AC7-A9D9-792BADC20B34} => C:\Windows\system32\pcalua.exe -a C:\Users\User\AppData\Roaming\Microsoft\BlockAdsPro\BlockAdsPro.exe -c /u
C:\Users\User\AppData\Roaming\Microsoft\BlockAdsPro
Task: {66EAB458-B47C-4AE6-BAE7-C03177F4F660} - System32\Tasks\{583C3B01-C487-4B2D-9258-B988699F883F} => C:\Windows\system32\pcalua.exe -a C:\Users\User\AppData\Local\uninstallce.exe
C:\Users\User\AppData\Local\uninstallce.exe
c:\program files (x86)\crytek
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\@resources\config\panels\internetshortcuts\cracked
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\@resources\graphics\icons\web\crackedw.png.zip
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item.ini.zip
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item1.ini.zip
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item2.ini.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\lightworks 14 crack  keygen.zip.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\lightworks_14_crack__keygen.xht.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com.rar.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked.zip.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\install files\illustrator
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked
c:\users\user\documents\music 2017-11-06 11;33;32 (full)\autodesk maya 2018 + crack - [crackzsoft]
c:\users\user\documents\rainmeter\skins\wp7\@resources\config\panels\internetshortcuts\cracked
c:\users\user\documents\rainmeter\skins\wp7\panels\internetshortcuts\cracked
c:\users\user\downloads\lightworks 14 crack  keygen.zip
c:\users\user\downloads\lightworks_14_crack__keygen.xht
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com.rar
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked.zip
c:\users\user\downloads\install files\illustrator\install\patch\adobe cc 2015.5 xforce activation\keygen_xf-adobecc2015.exe
c:\users\user\downloads\lumberyard-1.11-486406a-pc\dev\startergame\materials\decals\cracks.mtl
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\download free software full version - all categories.url
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\how to install - crack.txt
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner6_personal_2_5_73_installer_x64.exe
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\crack\read me.txt
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\crack\reg x64.reg
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\installation instructions.txt
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\thumbs.db
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\unfold3d\inferno.nfo
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\unfold3d\unfold3dmagic400-en.msi
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold.chm
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold3dv4_user_manual.chm
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold_tut.chm
c:\users\user\music\autodesk maya 2018 + crack - [crackzsoft]\autodesk_maya_2018_en_jp_zh_win_64bit_dlm.sfx.exe.fdmdownload
c:\users\user\music\autodesk maya 2018 + crack - [crackzsoft]\crack\treatment procedure.txt.fdmdownload
c:\users\user\music\autodesk maya 2018 + crack - [crackzsoft]\crack\xf-adsk2018_x64v3.exe.fdmdownload
Virustotal: C:\Windows\system32\Drivers\atnmptwz.sys
Folder: C:\Windows\system32\cd
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes Anti-Rootkit - Scan Only

--------------------
  • Download Malwarebytes Anti-Rootkit and save it to your desktop
  • Right click on the mbar icon then select Run as administrator
  • Click OK to install it on your desktop
  • Click Next, then Update Database
  • When completed click Next
  • On the Scan System: screen place checkmarks in the Drivers, Sectors, and System boxes (should be checked by default) then click Scan. Please be patient and allow the process to complete
  • Click the Exit button not Cleanup then click Yes on the warning screen
  • A system-log.txt report will be created in the mbar folder on your Desktop, please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • MBAR log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#7 marionthorne

marionthorne
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 07 November 2017 - 11:31 AM

Unfortunately, as I said in my first post, I cannot get Malwarebytes Anti-Rootkit to install. Here is the Fixlog you requested.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by User (07-11-2017 10:05:48) Run:1
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: defaultuser0 & User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Users\User\AppData\Local\wiakxrl
ShortcutTarget: dumbfounded.lnk -> C:\Program Files (x86)\Wagon\kingsport.exe (No File)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2419917656-2055917082-45752995-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2419917656-2055917082-45752995-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
CHR Extension: (Quest) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambgegofabbnggkihmboplgghoocjaka [2017-08-06]
CHR Extension: (New XKit) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2017-09-30] [UpdateUrl: hxxps://new-xkit.github.io/XKit/Extensions/dist/page/FirefoxUpdate.json] <==== ATTENTION
2017-11-01 20:53 - 2017-08-05 13:19 - 000000000 ____D C:\Program Files\KMSpico
2017-11-04 17:06 - 2017-09-19 05:11 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\msidntfs.sys
2017-10-12 09:44 - 2017-09-03 20:26 - 000000000 ____D C:\tmp
Task: {1DF194D5-8219-405E-91C6-4E391EA91919} - System32\Tasks\{225B0ED8-1B16-4AC7-A9D9-792BADC20B34} => C:\Windows\system32\pcalua.exe -a C:\Users\User\AppData\Roaming\Microsoft\BlockAdsPro\BlockAdsPro.exe -c /u
C:\Users\User\AppData\Roaming\Microsoft\BlockAdsPro
Task: {66EAB458-B47C-4AE6-BAE7-C03177F4F660} - System32\Tasks\{583C3B01-C487-4B2D-9258-B988699F883F} => C:\Windows\system32\pcalua.exe -a C:\Users\User\AppData\Local\uninstallce.exe
C:\Users\User\AppData\Local\uninstallce.exe
c:\program files (x86)\crytek
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\@resources\config\panels\internetshortcuts\cracked
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\@resources\graphics\icons\web\crackedw.png.zip
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item.ini.zip
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item1.ini.zip
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item2.ini.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\lightworks 14 crack  keygen.zip.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\lightworks_14_crack__keygen.xht.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com.rar.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked.zip.zip
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\install files\illustrator
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked
c:\users\user\documents\music 2017-11-06 11;33;32 (full)\autodesk maya 2018 + crack - [crackzsoft]
c:\users\user\documents\rainmeter\skins\wp7\@resources\config\panels\internetshortcuts\cracked
c:\users\user\documents\rainmeter\skins\wp7\panels\internetshortcuts\cracked
c:\users\user\downloads\lightworks 14 crack  keygen.zip
c:\users\user\downloads\lightworks_14_crack__keygen.xht
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com.rar
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked.zip
c:\users\user\downloads\install files\illustrator\install\patch\adobe cc 2015.5 xforce activation\keygen_xf-adobecc2015.exe
c:\users\user\downloads\lumberyard-1.11-486406a-pc\dev\startergame\materials\decals\cracks.mtl
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\download free software full version - all categories.url
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\how to install - crack.txt
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner6_personal_2_5_73_installer_x64.exe
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\crack\read me.txt
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\crack\reg x64.reg
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\installation instructions.txt
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\thumbs.db
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\unfold3d\inferno.nfo
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\unfold3d\unfold3dmagic400-en.msi
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold.chm
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold3dv4_user_manual.chm
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold_tut.chm
c:\users\user\music\autodesk maya 2018 + crack - [crackzsoft]\autodesk_maya_2018_en_jp_zh_win_64bit_dlm.sfx.exe.fdmdownload
c:\users\user\music\autodesk maya 2018 + crack - [crackzsoft]\crack\treatment procedure.txt.fdmdownload
c:\users\user\music\autodesk maya 2018 + crack - [crackzsoft]\crack\xf-adsk2018_x64v3.exe.fdmdownload
Virustotal: C:\Windows\system32\Drivers\atnmptwz.sys
Folder: C:\Windows\system32\cd
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
"C:\Users\User\AppData\Local\wiakxrl" folder move:
 
Could not move "C:\Users\User\AppData\Local\wiakxrl" => Scheduled to move on reboot.
 
C:\Program Files => FRST is scripted not to move this directory.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => key removed successfully
HKLM\Software\Classes\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2419917656-2055917082-45752995-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => key removed successfully
HKLM\Software\Classes\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key removed successfully
HKLM\Software\Classes\CLSID\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key not found. 
CHR Extension: (Quest) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambgegofabbnggkihmboplgghoocjaka [2017-08-06] => Error: No automatic fix found for this entry.
CHR Extension: (New XKit) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2017-09-30] [UpdateUrl: hxxps://new-xkit.github.io/XKit/Extensions/dist/page/FirefoxUpdate.json] <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Program Files\KMSpico => moved successfully
C:\Windows\system32\Drivers\msidntfs.sys => moved successfully
C:\tmp => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DF194D5-8219-405E-91C6-4E391EA91919} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DF194D5-8219-405E-91C6-4E391EA91919} => key removed successfully
C:\Windows\System32\Tasks\{225B0ED8-1B16-4AC7-A9D9-792BADC20B34} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{225B0ED8-1B16-4AC7-A9D9-792BADC20B34} => key removed successfully
"C:\Users\User\AppData\Roaming\Microsoft\BlockAdsPro" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66EAB458-B47C-4AE6-BAE7-C03177F4F660} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66EAB458-B47C-4AE6-BAE7-C03177F4F660} => key removed successfully
C:\Windows\System32\Tasks\{583C3B01-C487-4B2D-9258-B988699F883F} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{583C3B01-C487-4B2D-9258-B988699F883F} => key removed successfully
"C:\Users\User\AppData\Local\uninstallce.exe" => not found.
c:\program files (x86)\crytek => moved successfully
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\@resources\config\panels\internetshortcuts\cracked => moved successfully
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\@resources\graphics\icons\web\crackedw.png.zip => moved successfully
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item.ini.zip => moved successfully
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item1.ini.zip => moved successfully
c:\users\user\documents\documents 2017-11-06 11;37;46 (full)\rainmeter\skins\wp7\panels\internetshortcuts\cracked\item2.ini.zip => moved successfully
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\lightworks 14 crack  keygen.zip.zip => moved successfully
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\lightworks_14_crack__keygen.xht.zip => moved successfully
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com.rar.zip => moved successfully
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked.zip.zip => moved successfully
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\install files\illustrator => moved successfully
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com => moved successfully
c:\users\user\documents\downloads 2017-11-06 12;33;17 (full)\unfold3d magic edition version 4.0.0 cracked => moved successfully
c:\users\user\documents\music 2017-11-06 11;33;32 (full)\autodesk maya 2018 + crack - [crackzsoft] => moved successfully
c:\users\user\documents\rainmeter\skins\wp7\@resources\config\panels\internetshortcuts\cracked => moved successfully
c:\users\user\documents\rainmeter\skins\wp7\panels\internetshortcuts\cracked => moved successfully
c:\users\user\downloads\lightworks 14 crack  keygen.zip => moved successfully
c:\users\user\downloads\lightworks_14_crack__keygen.xht => moved successfully
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com.rar => moved successfully
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked.zip => moved successfully
c:\users\user\downloads\install files\illustrator\install\patch\adobe cc 2015.5 xforce activation\keygen_xf-adobecc2015.exe => moved successfully
c:\users\user\downloads\lumberyard-1.11-486406a-pc\dev\startergame\materials\decals\cracks.mtl => moved successfully
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\download free software full version - all categories.url => moved successfully
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\how to install - crack.txt => moved successfully
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner6_personal_2_5_73_installer_x64.exe => moved successfully
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\crack\read me.txt => moved successfully
c:\users\user\downloads\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\marvelousdesigner 6 personal v2.5.73 full crack (x64) - softasm.com\crack\reg x64.reg => moved successfully
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\installation instructions.txt => moved successfully
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\thumbs.db => moved successfully
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\unfold3d\inferno.nfo => moved successfully
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\unfold3d\unfold3dmagic400-en.msi => moved successfully
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold.chm => moved successfully
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold3dv4_user_manual.chm => moved successfully
c:\users\user\downloads\unfold3d magic edition version 4.0.0 cracked\unfold3d magic edition version 4.0.0 cracked\user manuals\unfold_tut.chm => moved successfully
c:\users\user\music\autodesk maya 2018 + crack - [crackzsoft]\autodesk_maya_2018_en_jp_zh_win_64bit_dlm.sfx.exe.fdmdownload => moved successfully
c:\users\user\music\autodesk maya 2018 + crack - [crackzsoft]\crack\treatment procedure.txt.fdmdownload => moved successfully
c:\users\user\music\autodesk maya 2018 + crack - [crackzsoft]\crack\xf-adsk2018_x64v3.exe.fdmdownload => moved successfully
 
========================= Folder: C:\Windows\system32\cd ========================
 
C:\Windows\system32\cd => File
 
====== End of Folder: ======
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 07-11-2017 10:13:20)
 
"C:\Users\User\AppData\Local\wiakxrl" => Could not move
 
==== End of Fixlog 10:13:24 ====


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:18 AM

Posted 07 November 2017 - 02:31 PM

Greetings,

It was possible the Fixlist step would free up running Malwarebytes.

Please do this.

===================================================

Rkill

-------------------
  • Please download Rkill by Grinler from one of the 3 links below (if one of them does not work try another...) and save it to your desktop:

rkill.scr
rkill.com
rkill.exe

  • Disable your anti-malware software and if you are not sure how to do that see this page.
  • Right click on Rkill and select Run as administrator
  • A black screen will appear and then disappear
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please stop and let me know
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambgegofabbnggkihmboplgghoocjaka
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald
C:\Windows\system32\Drivers\atnmptwz.sys
C:\Windows\system32\cd
C:\Users\User\AppData\Local\wiakxrl
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RKill log
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#9 marionthorne

marionthorne
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 07 November 2017 - 03:26 PM

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/07/2017 02:14:04 PM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Reparse Point/Junctions Found (Most likely legitimate)!
 
     * C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\INetCache\IE [Dir]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 11/07/2017 02:14:30 PM
Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by User (07-11-2017 14:16:14) Run:2
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: defaultuser0 & User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambgegofabbnggkihmboplgghoocjaka
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald
C:\Windows\system32\Drivers\atnmptwz.sys
C:\Windows\system32\cd
C:\Users\User\AppData\Local\wiakxrl
 
*****************
 
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambgegofabbnggkihmboplgghoocjaka => moved successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald => moved successfully
"C:\Windows\system32\Drivers\atnmptwz.sys" => not found.
C:\Windows\system32\cd => moved successfully
 
"C:\Users\User\AppData\Local\wiakxrl" folder move:
 
Could not move "C:\Users\User\AppData\Local\wiakxrl" => Scheduled to move on reboot.
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 07-11-2017 14:17:58)
 
"C:\Users\User\AppData\Local\wiakxrl" => Could not move
 
==== End of Fixlog 14:18:09 ====


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:18 AM

Posted 07 November 2017 - 04:37 PM

Thank you.

Do you have a Windows installation disk, whether Windows 10 or otherwise?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
Folder: C:\Users\User\AppData\Local\wiakxrl
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Windows disk?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#11 marionthorne

marionthorne
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 07 November 2017 - 05:13 PM

I do not have a Windows installation disk; when I bought the computer it was already installed.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by User (07-11-2017 16:12:20) Run:4
Running from C:\Users\User\Downloads
Loaded Profiles: defaultuser0 & User (Available Profiles: defaultuser0 & User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Folder: C:\Users\User\AppData\Local\wiakxrl
 
*****************
 
 
========================= Folder: C:\Users\User\AppData\Local\wiakxrl ========================
 
2016-05-31 10:48 - 2016-05-31 10:48 - 002474239 ____A [541DA2186D3A1D47FD9F0022D14EBA55] () C:\Users\User\AppData\Local\wiakxrl\cef.pak
2016-05-31 10:48 - 2016-05-31 10:48 - 000299362 ____A [51B6D1E6273E7A861786D8FF7BD31B9A] () C:\Users\User\AppData\Local\wiakxrl\cef_100_percent.pak
2016-05-31 10:48 - 2016-05-31 10:48 - 000395372 ____A [74DA07F05A37C1C83F99D9CD85C1BEB4] () C:\Users\User\AppData\Local\wiakxrl\cef_200_percent.pak
2016-05-31 10:47 - 2016-05-31 10:47 - 004096442 ____A [4DF5045DE92260CCB13CFC9A11F339F5] () C:\Users\User\AppData\Local\wiakxrl\cef_extensions.pak
2016-05-31 10:38 - 2016-05-31 10:38 - 003466856 ____A [C5B362BCE86BB0AD3149C4540201331D] (Microsoft Corporation) C:\Users\User\AppData\Local\wiakxrl\d3dcompiler_47.dll
2016-05-31 08:54 - 2016-05-31 08:54 - 001213200 ____A [4003E34416EBD25E4C115D49DC15E1A7] (Microsoft Corporation) C:\Users\User\AppData\Local\wiakxrl\dbghelp.dll
2017-09-19 05:17 - 2017-11-07 16:11 - 000266720 ____A [6BA3B9DAA188A0ECA3DD87E51941E720] () C:\Users\User\AppData\Local\wiakxrl\debug.log
2016-05-31 09:00 - 2016-05-31 09:00 - 010206624 ____A [970FE088600931D0507605759C6B3679] () C:\Users\User\AppData\Local\wiakxrl\icudtl.dat
2017-08-02 20:40 - 2017-08-02 20:40 - 053460480 ____A [8752A89591E0FE98B848CA754F1D274E] () C:\Users\User\AppData\Local\wiakxrl\libcef.dll
2016-05-31 10:44 - 2016-05-31 10:44 - 000075264 ____A [D90F3FA3E232CD901FFE4CCB8F0759EC] () C:\Users\User\AppData\Local\wiakxrl\libEGL.dll
2016-05-31 10:43 - 2016-05-31 10:43 - 001976832 ____A [CCD4201D14B08B95D02B346C306B15C9] () C:\Users\User\AppData\Local\wiakxrl\libGLESv2.dll
2016-05-31 10:40 - 2016-05-31 10:40 - 000439857 ____A [D0645F36F5D0FDF9E8502908CB7096AA] () C:\Users\User\AppData\Local\wiakxrl\natives_blob.bin
2016-06-15 16:15 - 2016-06-15 16:15 - 017599640 ____A [213F383EC51263F6F579941452B74A1D] () C:\Users\User\AppData\Local\wiakxrl\pepflashplayer.dll
2017-08-20 11:38 - 2017-08-20 11:38 - 001087488 ____A [D9EA10B4401B6E448BF1E64A5BE677DD] () C:\Users\User\AppData\Local\wiakxrl\pssetri.exe
2016-05-31 10:50 - 2016-05-31 10:50 - 000514840 ____A [E7A228470C570A1F7EE6A9CA751BDCC9] () C:\Users\User\AppData\Local\wiakxrl\snapshot_blob.bin
2017-09-18 20:37 - 2017-09-18 20:37 - 000914432 ____A [D654FF81241CF0FB3CCD6102AEF164B8] () C:\Users\User\AppData\Local\wiakxrl\wiakxrl.exe
2016-12-28 14:07 - 2016-12-28 14:07 - 000188416 ____A [E95A1F4BB339BD0DB16B82C000F361C6] () C:\Users\User\AppData\Local\wiakxrl\widevinecdm.dll
2016-12-28 14:07 - 2016-12-28 14:07 - 000202240 ____A [4611B5D3FBA64FAD5EAFACA1FC2E82A2] (The Chromium Authors) C:\Users\User\AppData\Local\wiakxrl\widevinecdmadapter.dll
2017-09-19 05:17 - 2017-09-19 05:17 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\User\AppData\Local\wiakxrl\locales
2016-06-22 22:43 - 2016-06-22 22:43 - 000026643 ____A [951C8E3755C0F0C0BE6DF9681E020BBD] () C:\Users\User\AppData\Local\wiakxrl\locales\en-US.pak
2016-06-22 22:43 - 2016-06-22 22:43 - 000025899 ____A [39D73560DBBB7BB166110768682CA8F4] () C:\Users\User\AppData\Local\wiakxrl\locales\zh-CN.pak
 
====== End of Folder: ======
 
 
==== End of Fixlog 16:12:22 ====


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:18 AM

Posted 07 November 2017 - 05:55 PM

Please follow the steps under Download the Windows 10 or 8.1 ISO Using the Media Creation Tool. Once completed, let me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#13 marionthorne

marionthorne
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 08 November 2017 - 12:49 PM

I've actually been having problems with the Media Creation Tool for over a month now. I tried to use it to install the Fall Creator's update when it wouldn't install via the Windows Updater. It didn't work then and it's still not working now.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:18 AM

Posted 08 November 2017 - 03:55 PM

I had the same problem. Download the Windows 10 Pro 64 bit version by following the instructions here. Deny the pop up regarding utilizing resources and if you get a Smart Screen warning allow the program to run anyway.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:18 AM

Posted 10 November 2017 - 10:09 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users