Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RootKit.Agent Not Being Deleted


  • This topic is locked This topic is locked
27 replies to this topic

#1 Gubbins

Gubbins

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 19 December 2017 - 11:44 PM

While scanning my computer after realizing something may be wrong, my antivirus software detected something named RootKit.Agent. I tried to delete the rootkit using the antivirus software and after the computer restarted, I decided to scan again and the rootkit is back. I have tried using multiple antivirus softwares and all of them are either blocked (by the virus) or cannot detect this rootkit. Please help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Louie (administrator) on LOUIE2-DESKTOP (19-12-2017 21:24:55)
Running from C:\Users\Louie\Downloads
Loaded Profiles: Louie (Available Profiles: Louie & loutu & postgres)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\upmxzcgsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
(Apple Inc.) E:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSISvc32.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSISvc64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe
(f.lux Software LLC) C:\Users\Louie\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Louie\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\Louie\AppData\Local\Discord\app-0.0.299\Discord.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Camp Mobile Corp.) E:\Program Files (x86)\BAND\BAND.exe
(VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe
(Discord Inc.) C:\Users\Louie\AppData\Local\Discord\app-0.0.299\Discord.exe
(Camp Mobile Corp.) E:\Program Files (x86)\BAND\BAND.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Camp Mobile Corp.) E:\Program Files (x86)\BAND\BAND.exe
(Camp Mobile Corp.) E:\Program Files (x86)\BAND\BAND.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Louie\AppData\Local\auneosh\auneosh.exe
() C:\Users\Louie\AppData\Local\igfxmtc\igfxmtc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\symerr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\symerr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1712.3352.0_x64__8wekyb3d8bbwe\Time.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Louie\AppData\Local\auneosh\vsnkair.exe
() C:\Users\Louie\AppData\Local\auneosh\vsnkair.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Louie\AppData\Local\auneosh\vsnkair.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\Louie\AppData\Local\auneosh\vsnkair.exe
() C:\Users\Louie\AppData\Local\auneosh\vsnkair.exe
() C:\Users\Louie\AppData\Local\auneosh\vsnkair.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-10] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM\...\Run: [NahimicMSIUILauncher] => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [740320 2015-12-04] ()
HKLM\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-23] (Logitech Inc.)
HKLM\...\Run: [stephane] => "C:\Program Files (x86)\Loiselle\savers.exe"
HKLM\...\Run: [stephanestinnett] => "C:\Program Files (x86)\promethean\grubs.exe"
HKLM\...\Run: [stephanestephane] => "C:\Program Files (x86)\Imitative\savers.exe"
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2016-03-19] (alch)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2560975061-945233026-2718747551-1003\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2560975061-945233026-2718747551-1003\...\Run: [f.lux] => C:\Users\Louie\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-2560975061-945233026-2718747551-1003\...\Run: [Discord] => C:\Users\Louie\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-2560975061-945233026-2718747551-1003\...\Run: [GoogleChromeAutoLaunch_FF82A2E1C591AC4718E7E1E2F66F1CCC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-05] (Google Inc.)
HKU\S-1-5-21-2560975061-945233026-2718747551-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
SSODL: EldosMountNotificator-cbfs6 - {14B5CBA2-BFB1-4525-A3F6-648FB8FEA57B} - C:\WINDOWS\system32\cbfsMntNtf6.dll (/n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {14B5CBA2-BFB1-4525-A3F6-648FB8FEA57B} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-05-23]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BAND.lnk [2017-10-03]
ShortcutTarget: BAND.lnk -> E:\Program Files (x86)\BAND\BAND.exe (Camp Mobile Corp.)
Startup: C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter Banana.LNK [2017-10-03]
ShortcutTarget: Voicemeeter Banana.LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe (VB-AUDIO Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{4f857c24-5339-47cf-8285-b826c0e12737}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{cf7b1c47-ad0c-4d3c-b963-035472db49b5}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{cf7b1c47-ad0c-4d3c-b963-035472db49b5}: [DhcpNameServer] 10.0.1.1 10.0.1.3
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2560975061-945233026-2718747551-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2560975061-945233026-2718747551-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-13] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-13] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-12-14] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-13] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-13] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 0atf31p4.default
FF ProfilePath: C:\Users\Louie\AppData\Roaming\Mozilla\Firefox\Profiles\0atf31p4.default [2017-12-19]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon [2017-12-19] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-13] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-14] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-12-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> E:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-2560975061-945233026-2718747551-1003: @my.com/Games -> C:\Users\Louie\AppData\Local\MyComGames\NPMyComDetector.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> hxxp://store.steampowered.com/
CHR StartupUrls: Profile 2 -> "chrome://apps/","hxxp://youtube.com/"
CHR Profile: C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Default [2016-08-23]
CHR Profile: C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-08-23]
CHR Profile: C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-08-23]
CHR Profile: C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-12-19]
CHR Extension: (Duolingo on the Web) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2017-11-13]
CHR Extension: (Docs) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-08]
CHR Extension: (Le Lenny Face) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apbjhmeabebkfjlofaofoilpinafalom [2016-08-29]
CHR Extension: (Google Drive) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-23]
CHR Extension: (YouTube) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-23]
CHR Extension: (Norton Security Toolbar) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-12-19]
CHR Extension: (Steam Inventory Helper) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-12-19]
CHR Extension: (SlitherPlus - Zoom, Skin Creator, Mod,  Bots) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cpbghpalffgmgocmnigfhalghmaemffo [2016-10-01]
CHR Extension: (Gyazo) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ffdaeeijbbijklfcpahbghahojgfgebo [2017-12-12]
CHR Extension: (Google Docs Offline) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-23]
CHR Extension: (AdBlock) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-12]
CHR Extension: (Save to Google Drive) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-11-16]
CHR Extension: (Auto Refresh) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2017-12-18]
CHR Extension: (Norton Identity Safe) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-12-19]
CHR Extension: (Gamekit) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jeedakojomhhndjiacgkhlkknflflchl [2017-09-21]
CHR Extension: (SteamWizard) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kojolejmgolbhakghocbgjemjgbmcjig [2017-12-12]
CHR Extension: (Into The Mist) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2017-09-28]
CHR Extension: (TubeBuddy for YouTube) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2017-12-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-16]
CHR Extension: (Edmodo) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohpppancgeopfjndlaodikbinmkepfml [2017-11-08]
CHR Extension: (Fullscreen Anything) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\olcfgpmjldkkjdclidhcbonieibfhhdh [2017-04-30]
CHR Extension: (Speedtest by Ookla) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2017-11-16]
CHR Extension: (Gmail) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR Extension: (Quicklet) - C:\Users\Louie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\plnoogpdobohccfhmcpcogeifoglkbnd [2017-11-10]
CHR Profile: C:\Users\Louie\AppData\Local\Google\Chrome\User Data\System Profile [2016-08-23]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2017-12-19]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2017-12-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-05-10] (Advanced Micro Devices) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2017-12-09] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-12-04] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [242448 2016-12-11] (EasyAntiCheat Ltd)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-01-23] (Logitech Inc.)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2017-04-02] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe [289080 2016-02-25] (Symantec Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-12] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-12] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-03-27] (Wacom Technology, Corp.)
S2 postgresql-x64-9.2; C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 85417eb5e89d7589673d009387f5bcc4; C:\WINDOWS\system32\drivers\85417eb5e89d7589673d009387f5bcc4.sys [106536 2017-12-17] ()
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys [36558208 2017-05-16] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys [528760 2017-05-16] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-07-24] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\BASHDefs\20171218.003\BHDrvx64.sys [1872024 2017-12-18] (Symantec Corporation)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\1606000.08E\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508056 2017-12-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158360 2017-12-19] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\IPSDefs\20171219.001\IDSvia64.sys [1056920 2017-12-19] (Symantec Corporation)
S4 iwwv; C:\WINDOWS\System32\drivers\nrlk.sys [79064 2017-12-18] (Malwarebytes)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-01-23] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2017-12-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-19] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-19] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-19] (Malwarebytes)
S3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\VirusDefs\20171219.020\ENG64.SYS [138880 2017-12-19] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\VirusDefs\20171219.020\EX64.SYS [2152064 2017-12-19] (Symantec Corporation)
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2017-09-29] (MediaTek Inc.)
S1 SRTSP; C:\WINDOWS\system32\drivers\NSx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\1606000.08E\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSx64\1606000.08E\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2017-12-19] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\system32\drivers\NSx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
R3 VBAudioHFVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_hfvaio64_win7.sys [33512 2017-10-01] (Windows ® Win 7 DDK provider)
R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows ® Win 7 DDK provider)
R3 VBAudioVMAUXVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2017-06-01] (Windows ® Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-06-01] (Windows ® Win 7 DDK provider)
R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [18624 2016-09-21] (/n software, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-12] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-12] (Microsoft Corporation)
R2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2017-12-18] (Basil)
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
S1 bomrrhbs; \??\C:\WINDOWS\system32\drivers\bomrrhbs.sys [X]
R3 udiskMgr; system32\drivers\wadgkn.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-19 21:04 - 2017-12-19 21:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-12-19 21:04 - 2017-12-19 21:04 - 000000000 ____D C:\Program Files\Common Files\AV
2017-12-19 21:02 - 2017-12-19 21:25 - 000031627 _____ C:\Users\Louie\Downloads\FRST.txt
2017-12-19 21:01 - 2017-12-19 21:24 - 000000000 ____D C:\FRST
2017-12-19 21:00 - 2017-12-19 21:01 - 002392064 _____ (Farbar) C:\Users\Louie\Downloads\FRST64.exe
2017-12-19 20:58 - 2017-12-19 20:58 - 000740684 _____ C:\WINDOWS\Minidump\121917-56937-01.dmp
2017-12-19 20:51 - 2017-12-19 20:51 - 000164562 _____ C:\Users\Louie\Downloads\Extras.Txt
2017-12-19 20:50 - 2017-12-19 20:50 - 000383600 _____ C:\Users\Louie\Downloads\OTL.Txt
2017-12-19 20:28 - 2017-12-19 20:28 - 000380928 _____ C:\Users\Louie\Downloads\xw7r1ilm.exe
2017-12-19 20:24 - 2017-12-19 21:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2017-12-19 20:24 - 2017-12-19 20:25 - 000602112 _____ (OldTimer Tools) C:\Users\Louie\Downloads\OTL.exe
2017-12-19 20:19 - 2017-12-19 20:19 - 000000000 ___HD C:\OneDriveTemp
2017-12-19 20:18 - 2017-12-19 20:18 - 000142160 ____N C:\WINDOWS\system32\Drivers\senrvybe.sys
2017-12-19 20:16 - 2017-12-19 20:16 - 000000000 ____D C:\Users\Louie\AppData\Roaming\.clamwin
2017-12-19 20:16 - 2017-12-19 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2017-12-19 20:16 - 2017-12-19 20:16 - 000000000 ____D C:\ProgramData\.clamwin
2017-12-19 20:16 - 2017-12-19 20:16 - 000000000 ____D C:\Program Files (x86)\ClamWin
2017-12-19 20:12 - 2017-12-19 20:12 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-12-19 20:12 - 2017-12-19 20:12 - 000002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-12-19 20:12 - 2017-12-19 20:12 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-12-19 20:12 - 2017-12-19 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-12-19 20:12 - 2017-12-19 20:12 - 000000000 ____D C:\Program Files\CCleaner
2017-12-19 20:10 - 2017-12-19 20:11 - 011203696 _____ (Piriform Ltd) C:\Users\Louie\Downloads\ccsetup538pro.exe
2017-12-19 20:02 - 2017-12-19 20:14 - 120690586 _____ (alch ) C:\Users\Louie\Downloads\clamwin-0.99.1-setup.exe
2017-12-19 16:41 - 2017-12-19 16:42 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Louie\Downloads\AVG_Protection_Free_1606 (1).exe
2017-12-19 15:53 - 2017-12-19 20:19 - 000003388 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-12-19 15:53 - 2017-12-19 20:19 - 000002392 _____ C:\Users\Public\Desktop\Norton Security.LNK
2017-12-19 15:53 - 2017-12-19 20:19 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-12-19 15:53 - 2017-12-19 20:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2017-12-19 15:53 - 2017-12-19 15:53 - 000111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2017-12-19 15:53 - 2017-12-19 15:53 - 000008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2017-12-19 15:53 - 2017-12-19 15:53 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2017-12-19 15:53 - 2017-12-19 15:53 - 000000000 ____D C:\Program Files (x86)\Norton Security
2017-12-19 15:48 - 2017-12-19 15:48 - 000741212 _____ C:\WINDOWS\Minidump\121917-65984-01.dmp
2017-12-19 15:45 - 2017-12-19 15:45 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2017-12-19 15:37 - 2017-12-19 15:37 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Louie\Downloads\AVG_Protection_Free_1606.exe
2017-12-19 15:33 - 2017-12-19 15:33 - 000734116 _____ C:\WINDOWS\Minidump\121917-107625-01.dmp
2017-12-19 15:31 - 2017-12-19 20:58 - 2427384759 ____N C:\WINDOWS\MEMORY.DMP
2017-12-19 15:25 - 2017-12-19 20:58 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-19 15:23 - 2017-12-19 15:53 - 000000000 ____D C:\ProgramData\Norton
2017-12-19 15:23 - 2017-12-19 15:28 - 000000000 ____D C:\ProgramData\NortonInstaller
2017-12-19 15:16 - 2017-12-19 15:23 - 144897312 _____ (Symantec Corporation) C:\Users\Louie\Downloads\NSD_22.5.2_SYMTB_PROMO_4_MRFTT_13376-EN-US.exe
2017-12-18 20:31 - 2017-12-19 20:58 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-18 20:31 - 2017-12-18 20:31 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-18 20:31 - 2017-12-18 20:31 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-18 20:31 - 2017-12-18 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-18 20:31 - 2017-12-18 20:31 - 000000000 ____D C:\ProgramData\MB2Migration
2017-12-18 20:31 - 2017-12-18 20:31 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-18 20:31 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-18 11:48 - 2017-12-18 12:03 - 000000000 ____D C:\Users\Louie\AppData\Roaming\FaggoCheat
2017-12-18 10:45 - 2017-12-18 10:45 - 000079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\nrlk.sys
2017-12-18 10:44 - 2017-12-19 21:16 - 000000000 ____D C:\Users\Louie\AppData\Local\vsslhaw
2017-12-18 10:32 - 2017-12-19 21:21 - 000000000 ____D C:\Users\Louie\AppData\Local\auneosh
2017-12-18 10:32 - 2017-12-18 10:36 - 000000000 ____D C:\Users\Louie\AppData\Local\igfxmtc
2017-12-18 10:32 - 2017-12-18 10:32 - 000037552 _____ (Basil) C:\WINDOWS\system32\Drivers\WinDivert64.sys
2017-12-18 10:31 - 2017-12-19 20:57 - 002884096 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\upmxzcgsvc.exe
2017-12-18 10:31 - 2017-12-18 10:38 - 000000000 ____D C:\Users\Louie\AppData\Local\kxenavgdr
2017-12-18 10:31 - 2017-12-18 10:31 - 000003786 _____ C:\WINDOWS\System32\Tasks\ts64070200640702006407020064070200
2017-12-18 10:31 - 2017-12-18 10:31 - 000003784 _____ C:\WINDOWS\System32\Tasks\ts17025427170254271702542717025427
2017-12-18 10:31 - 2017-12-18 10:31 - 000003776 _____ C:\WINDOWS\System32\Tasks\ts71934786719347867193478671934786
2017-12-18 10:31 - 2017-12-18 10:31 - 000000020 _____ C:\WINDOWS\b64070200
2017-12-18 10:31 - 2017-12-18 10:31 - 000000000 ____D C:\WINDOWS\SysWOW64\upiesmz
2017-12-18 10:31 - 2017-12-18 10:31 - 000000000 ____D C:\WINDOWS\system32\upiesmz
2017-12-18 10:31 - 2017-12-18 10:31 - 000000000 ____D C:\Users\Louie\AppData\Roaming\et
2017-12-18 10:31 - 2017-12-18 10:31 - 000000000 ____D C:\Program Files (x86)\chancing
2017-12-18 10:30 - 2017-12-18 17:06 - 000000000 ____D C:\Users\Louie\AppData\Local\AdService
2017-12-18 10:30 - 2017-12-18 10:30 - 000021600 _____ C:\WINDOWS\System32\Tasks\agK0yNOtVkMd
2017-12-18 10:29 - 2017-12-18 10:41 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2017-12-18 09:38 - 2017-12-18 09:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-18 08:59 - 2017-12-18 08:59 - 000000222 _____ C:\Users\Louie\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server).url
2017-12-17 05:20 - 2017-12-17 05:20 - 000106536 _____ C:\WINDOWS\system32\Drivers\85417eb5e89d7589673d009387f5bcc4.sys
2017-12-17 05:20 - 2017-12-17 05:20 - 000051627 _____ C:\WINDOWS\uninstaller.dat
2017-12-16 16:28 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2017-12-16 16:28 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2017-12-16 16:28 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-12-16 16:23 - 2017-12-16 16:28 - 000000000 ____D C:\ProgramData\Epic
2017-12-16 16:23 - 2017-12-16 16:23 - 000000951 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-12-16 16:23 - 2017-12-16 16:23 - 000000951 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-12-16 16:23 - 2017-12-16 16:23 - 000000000 ____D C:\Users\Louie\AppData\Local\UnrealEngineLauncher
2017-12-16 16:23 - 2017-12-16 16:23 - 000000000 ____D C:\Users\Louie\AppData\Local\EpicGamesLauncher
2017-12-16 16:18 - 2017-12-16 16:22 - 032145408 _____ C:\Users\Louie\Downloads\EpicInstaller-6.10.0.msi
2017-12-14 20:14 - 2017-12-14 20:14 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-12-12 15:13 - 2017-12-07 23:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-12-12 15:13 - 2017-12-07 16:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-12-12 15:13 - 2017-12-07 16:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-12 15:13 - 2017-12-07 16:34 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2017-12-12 15:13 - 2017-12-07 16:31 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-12 15:13 - 2017-12-07 16:31 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-12-12 15:13 - 2017-12-07 16:30 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-12-12 15:13 - 2017-12-07 16:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-12 15:13 - 2017-12-07 16:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-12 15:13 - 2017-12-07 16:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-12-12 15:13 - 2017-12-07 16:27 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-12-12 15:13 - 2017-12-07 16:27 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-12-12 15:13 - 2017-12-07 16:26 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-12 15:13 - 2017-12-07 16:26 - 002709200 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-12 15:13 - 2017-12-07 16:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-12 15:13 - 2017-12-07 16:25 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-12-12 15:13 - 2017-12-07 16:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-12 15:13 - 2017-12-07 16:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-12-12 15:13 - 2017-12-07 16:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-12-12 15:13 - 2017-12-07 16:23 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-12-12 15:13 - 2017-12-07 16:23 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-12 15:13 - 2017-12-07 16:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-12 15:13 - 2017-12-07 16:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-12-12 15:13 - 2017-12-07 16:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-12-12 15:13 - 2017-12-07 16:22 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-12-12 15:13 - 2017-12-07 16:21 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-12-12 15:13 - 2017-12-07 16:20 - 001170000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-12-12 15:13 - 2017-12-07 16:19 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-12 15:13 - 2017-12-07 16:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-12-12 15:13 - 2017-12-07 16:16 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-12-12 15:13 - 2017-12-07 16:15 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-12-12 15:13 - 2017-12-07 16:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-12-12 15:13 - 2017-12-07 16:14 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-12-12 15:13 - 2017-12-07 16:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-12-12 15:13 - 2017-12-07 16:10 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-12-12 15:13 - 2017-12-07 15:58 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-12-12 15:13 - 2017-12-07 15:57 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-12-12 15:13 - 2017-12-07 15:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-12-12 15:13 - 2017-12-07 15:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-12 15:13 - 2017-12-07 15:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-12-12 15:13 - 2017-12-07 15:39 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-12-12 15:13 - 2017-12-07 15:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-12-12 15:13 - 2017-12-07 15:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2017-12-12 15:13 - 2017-12-07 15:34 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-12-12 15:13 - 2017-12-07 15:34 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-12 15:13 - 2017-12-07 15:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-12-12 15:13 - 2017-12-07 15:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2017-12-12 15:13 - 2017-12-07 15:32 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-12-12 15:13 - 2017-12-07 15:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-12-12 15:13 - 2017-12-07 15:31 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-12-12 15:13 - 2017-12-07 15:31 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-12-12 15:13 - 2017-12-07 15:23 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-12 15:13 - 2017-12-07 15:22 - 025245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-12 15:13 - 2017-12-07 15:13 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-12 15:13 - 2017-12-07 15:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2017-12-12 15:13 - 2017-12-07 15:12 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2017-12-12 15:13 - 2017-12-07 15:12 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-12-12 15:13 - 2017-12-07 15:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-12 15:13 - 2017-12-07 15:11 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-12 15:13 - 2017-12-07 15:10 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-12 15:13 - 2017-12-07 15:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-12 15:13 - 2017-12-07 15:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-12 15:13 - 2017-12-07 15:10 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2017-12-12 15:13 - 2017-12-07 15:10 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-12-12 15:13 - 2017-12-07 15:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-12 15:13 - 2017-12-07 15:10 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-12 15:13 - 2017-12-07 15:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-12 15:13 - 2017-12-07 15:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2017-12-12 15:13 - 2017-12-07 15:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2017-12-12 15:13 - 2017-12-07 15:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-12 15:13 - 2017-12-07 15:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-12 15:13 - 2017-12-07 15:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2017-12-12 15:13 - 2017-12-07 15:08 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-12 15:13 - 2017-12-07 15:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-12 15:13 - 2017-12-07 15:08 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-12-12 15:13 - 2017-12-07 15:08 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-12-12 15:13 - 2017-12-07 15:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-12 15:13 - 2017-12-07 15:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-12 15:13 - 2017-12-07 15:07 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-12-12 15:13 - 2017-12-07 15:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2017-12-12 15:13 - 2017-12-07 15:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-12 15:13 - 2017-12-07 15:07 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-12-12 15:13 - 2017-12-07 15:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-12 15:13 - 2017-12-07 15:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-12-12 15:13 - 2017-12-07 15:07 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-12 15:13 - 2017-12-07 15:06 - 023652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-12 15:13 - 2017-12-07 15:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-12-12 15:13 - 2017-12-07 15:06 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-12-12 15:13 - 2017-12-07 15:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2017-12-12 15:13 - 2017-12-07 15:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-12 15:13 - 2017-12-07 15:05 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-12 15:13 - 2017-12-07 15:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2017-12-12 15:13 - 2017-12-07 15:05 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-12 15:13 - 2017-12-07 15:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-12 15:13 - 2017-12-07 15:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-12-12 15:13 - 2017-12-07 15:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2017-12-12 15:13 - 2017-12-07 15:05 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-12 15:13 - 2017-12-07 15:05 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-12-12 15:13 - 2017-12-07 15:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-12-12 15:13 - 2017-12-07 15:05 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-12 15:13 - 2017-12-07 15:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-12-12 15:13 - 2017-12-07 15:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-12 15:13 - 2017-12-07 15:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-12 15:13 - 2017-12-07 15:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2017-12-12 15:13 - 2017-12-07 15:04 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-12 15:13 - 2017-12-07 15:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2017-12-12 15:13 - 2017-12-07 15:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-12 15:13 - 2017-12-07 15:04 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-12-12 15:13 - 2017-12-07 15:03 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-12-12 15:13 - 2017-12-07 15:03 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-12 15:13 - 2017-12-07 15:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-12-12 15:13 - 2017-12-07 15:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-12-12 15:13 - 2017-12-07 15:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-12-12 15:13 - 2017-12-07 15:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-12-12 15:13 - 2017-12-07 15:03 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-12 15:13 - 2017-12-07 15:03 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-12-12 15:13 - 2017-12-07 15:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-12 15:13 - 2017-12-07 15:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2017-12-12 15:13 - 2017-12-07 15:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-12 15:13 - 2017-12-07 15:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-12 15:13 - 2017-12-07 15:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-12-12 15:13 - 2017-12-07 15:02 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-12-12 15:13 - 2017-12-07 15:02 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-12-12 15:13 - 2017-12-07 15:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2017-12-12 15:13 - 2017-12-07 15:01 - 008097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-12 15:13 - 2017-12-07 15:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-12 15:13 - 2017-12-07 15:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-12-12 15:13 - 2017-12-07 15:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-12-12 15:13 - 2017-12-07 15:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2017-12-12 15:13 - 2017-12-07 15:00 - 004740608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-12 15:13 - 2017-12-07 15:00 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-12-12 15:13 - 2017-12-07 15:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-12-12 15:13 - 2017-12-07 14:59 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-12 15:13 - 2017-12-07 14:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-12 15:13 - 2017-12-07 14:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-12 15:13 - 2017-12-07 14:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-12-12 15:13 - 2017-12-07 14:59 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-12-12 15:13 - 2017-12-07 14:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-12 15:13 - 2017-12-07 14:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-12 15:13 - 2017-12-07 14:58 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-12-12 15:13 - 2017-12-07 14:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-12 15:13 - 2017-12-07 14:58 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-12 15:13 - 2017-12-07 14:57 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-12 15:13 - 2017-12-07 14:57 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-12-12 15:13 - 2017-12-07 14:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-12-12 15:13 - 2017-12-07 14:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-12 15:13 - 2017-12-07 14:56 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-12-12 15:13 - 2017-12-07 14:54 - 002510336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-12-12 15:13 - 2017-12-07 14:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-12-12 15:13 - 2017-12-07 14:54 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-12-09 21:14 - 2017-12-09 21:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-12-04 18:06 - 2017-12-04 18:06 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-12-04 18:06 - 2017-12-04 18:06 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-12-04 18:06 - 2017-12-04 18:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-12-04 18:06 - 2017-12-04 18:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-12-03 23:50 - 2017-12-03 23:50 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-12-03 23:50 - 2017-12-03 23:50 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-12-03 23:50 - 2017-12-03 23:50 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-12-03 23:50 - 2017-12-03 23:50 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-12-03 21:55 - 2017-12-03 21:55 - 001829245 _____ C:\Users\Louie\Downloads\Aphrodite (1).pptx
2017-12-03 21:51 - 2017-12-03 21:51 - 001823863 _____ C:\Users\Louie\Downloads\Aphrodite.pptx
2017-12-02 16:06 - 2017-12-02 16:06 - 000000000 ____D C:\Users\Louie\Desktop\HitFilm Express 2017 Exports
2017-12-02 15:32 - 2017-12-02 15:34 - 045660901 _____ C:\Users\Louie\Downloads\Elektronomia - Vitality [NCS Release].mp4
2017-12-02 11:51 - 2017-12-02 11:51 - 017939992 _____ (VB-AUDIO Software) C:\Users\Louie\Downloads\VoicemeeterProSetup (1).exe
2017-12-02 11:28 - 2017-12-14 20:01 - 000000000 ____D C:\Windows.old
2017-12-02 11:26 - 2017-12-02 11:28 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-12-02 11:26 - 2017-12-02 11:26 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-12-02 11:26 - 2017-12-02 11:26 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-12-02 11:25 - 2017-12-02 11:25 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-12-02 11:25 - 2017-12-02 11:25 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-12-02 11:25 - 2017-12-02 11:25 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-12-02 11:25 - 2017-12-02 11:25 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-12-02 11:25 - 2017-12-02 11:25 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-12-02 11:25 - 2017-12-02 11:25 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-12-02 11:23 - 2017-12-02 11:23 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-12-02 11:23 - 2017-12-02 11:23 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-12-02 11:23 - 2017-12-02 11:23 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-12-02 11:23 - 2017-12-02 11:23 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-12-02 11:23 - 2017-12-02 11:23 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-12-02 11:23 - 2017-12-02 11:23 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-12-02 11:23 - 2017-12-02 11:23 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-12-02 11:23 - 2017-12-02 11:23 - 000000000 ____D C:\Program Files\MSBuild
2017-12-02 11:23 - 2017-12-02 11:23 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-12-02 11:23 - 2017-12-02 11:23 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-12-02 10:39 - 2017-12-02 10:39 - 000000000 ____D C:\ProgramData\USOShared
2017-12-02 10:39 - 2017-12-02 10:39 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-12-02 10:38 - 2017-12-19 21:04 - 001154280 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-02 10:38 - 2017-12-02 10:38 - 000000020 ___SH C:\Users\Louie\ntuser.ini
2017-12-02 10:38 - 2017-12-02 10:38 - 000000000 ___HD C:\Users\Louie\MicrosoftEdgeBackups
2017-12-02 10:34 - 2017-12-19 20:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-02 10:34 - 2017-12-19 14:52 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F4659663-4B5C-4A36-AF3E-05A24889D459}
2017-12-02 10:34 - 2017-12-09 21:02 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2560975061-945233026-2718747551-1003
2017-12-02 10:34 - 2017-12-02 10:34 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2017-12-02 10:34 - 2017-12-02 10:34 - 000015243 _____ C:\WINDOWS\diagerr.xml
2017-12-02 10:34 - 2017-12-02 10:34 - 000003452 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-12-02 10:34 - 2017-12-02 10:34 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-02 10:34 - 2017-12-02 10:34 - 000003228 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-12-02 10:34 - 2017-12-02 10:34 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-02 10:34 - 2017-12-02 10:34 - 000002810 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-musicmaker610@gmail.com
2017-12-02 10:34 - 2017-12-02 10:34 - 000002412 _____ C:\WINDOWS\System32\Tasks\NahimicMSIUILauncherRun
2017-12-02 10:34 - 2017-12-02 10:34 - 000002400 _____ C:\WINDOWS\System32\Tasks\NahimicMSIsvc64Run
2017-12-02 10:34 - 2017-12-02 10:34 - 000002392 _____ C:\WINDOWS\System32\Tasks\NahimicMSIsvc32Run
2017-12-02 10:34 - 2017-12-02 10:34 - 000002146 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-12-02 10:34 - 2017-12-02 10:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-12-02 10:34 - 2017-12-02 10:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-12-02 10:33 - 2017-12-02 10:33 - 000000020 ___SH C:\Users\postgres\ntuser.ini
2017-12-02 10:32 - 2017-12-02 10:32 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-12-02 10:32 - 2017-09-29 06:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-12-02 10:31 - 2017-12-19 20:54 - 000000000 ____D C:\Users\Louie
2017-12-02 10:31 - 2017-12-14 13:10 - 000000000 ____D C:\Users\Louie\AppData\Local\Packages
2017-12-02 10:31 - 2017-12-02 10:33 - 000000000 ____D C:\Users\postgres
2017-12-02 10:31 - 2017-12-02 10:33 - 000000000 ____D C:\Users\loutu
2017-12-02 10:30 - 2017-12-19 20:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-02 10:30 - 2017-12-18 09:38 - 000421792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-02 10:30 - 2017-12-02 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-12-02 03:53 - 2017-12-02 11:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitFilm Express 2017
2017-12-02 03:53 - 2017-12-02 03:53 - 000000000 ____D C:\Users\Louie\Documents\FXHOME
2017-12-02 03:53 - 2017-12-02 03:53 - 000000000 ____D C:\Users\Louie\AppData\Local\HitFilm Express 2017 Activation
2017-12-02 03:53 - 2017-12-02 03:53 - 000000000 ____D C:\Users\Louie\AppData\Local\FXHOME Helper
2017-12-02 03:53 - 2017-12-02 03:53 - 000000000 ____D C:\Users\Louie\AppData\Local\FXHOME
2017-12-02 03:53 - 2017-12-02 03:53 - 000000000 ____D C:\ProgramData\FXHOME
2017-12-02 03:53 - 2017-12-02 03:53 - 000000000 ____D C:\Program Files\FXHOME
2017-12-02 03:53 - 2017-12-02 03:53 - 000000000 ____D C:\Program Files\Common Files\OFX
2017-12-02 03:53 - 2017-12-02 03:53 - 000000000 ____D C:\Program Files\Boris FX, Inc
2017-12-02 03:53 - 2017-12-02 03:53 - 000000000 ____D C:\Program Files (x86)\Boris FX, Inc
2017-12-02 03:43 - 2017-12-02 03:52 - 288817152 _____ C:\Users\Louie\Downloads\HitFilmExpress2017_x64_5.0.7012.39363.msi
2017-11-30 19:44 - 2017-11-30 19:44 - 000414332 _____ C:\Users\Louie\Downloads\againts.zip
2017-11-29 18:26 - 2017-11-29 18:26 - 000018113 _____ C:\Users\Louie\AppData\Local\recently-used.xbel
2017-11-29 18:05 - 2017-12-02 10:38 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-27 18:46 - 2017-11-27 18:47 - 003257160 _____ C:\Users\Louie\Downloads\Eglamour.pptx
2017-11-21 20:02 - 2017-11-21 20:02 - 000000000 ____D C:\Users\Louie\AppData\Roaming\bluray
2017-11-21 19:57 - 2017-12-02 11:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
2017-11-21 19:57 - 2017-11-21 19:57 - 000000955 _____ C:\Users\Public\Desktop\Leawo Blu-ray Player.lnk
2017-11-21 19:57 - 2017-11-21 19:57 - 000000000 ____D C:\Users\Louie\AppData\Roaming\Leawo
2017-11-21 19:57 - 2017-11-21 19:57 - 000000000 ____D C:\ProgramData\Leawo
2017-11-21 19:54 - 2017-11-21 19:56 - 055727872 _____ (Leawo Software Co., Ltd. ) C:\Users\Louie\Downloads\blurayplayer_setup.exe
2017-11-21 13:01 - 2017-11-21 13:01 - 000000222 _____ C:\Users\Louie\Desktop\Alien Swarm Reactive Drop.url
2017-11-19 17:47 - 2017-11-19 17:47 - 000000219 _____ C:\Users\Louie\Desktop\Alien Swarm.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-19 21:03 - 2017-09-29 06:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-12-19 20:59 - 2016-11-21 17:05 - 000000000 ____D C:\Users\Louie\AppData\Roaming\discord
2017-12-19 20:59 - 2016-05-23 18:13 - 000000000 ___RD C:\Users\Louie\OneDrive
2017-12-19 20:58 - 2016-11-01 16:56 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-19 20:58 - 2016-11-01 16:56 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-19 20:54 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2017-12-19 20:54 - 2017-09-29 01:45 - 021495808 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-19 20:20 - 2017-06-27 11:02 - 000000000 ____D C:\Users\Louie\AppData\Roaming\band-desktop
2017-12-19 20:18 - 2017-09-29 01:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-12-19 20:18 - 2017-06-01 10:34 - 000034170 _____ C:\Users\Louie\AppData\Roaming\VoiceMeeterDefault.xml
2017-12-19 20:18 - 2017-04-27 16:09 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-12-19 18:30 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
2017-12-19 17:58 - 2017-09-29 01:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-12-19 15:44 - 2017-05-05 16:58 - 000000000 ____D C:\Users\Louie\AppData\Local\CrashDumps
2017-12-19 15:25 - 2016-05-18 11:06 - 000903783 ____N C:\WINDOWS\Minidump\121917-9328-01.dmp
2017-12-19 08:36 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-19 08:36 - 2016-11-01 16:56 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-18 20:31 - 2016-11-01 16:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-18 10:46 - 2017-01-23 15:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-18 10:46 - 2017-01-23 15:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-18 10:39 - 2016-05-23 18:49 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-18 10:39 - 2016-05-23 18:49 - 000002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-18 10:34 - 2017-01-23 15:04 - 000000000 ____D C:\Users\Louie\AppData\LocalLow\Mozilla
2017-12-18 10:31 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-18 09:39 - 2016-05-24 19:20 - 000000000 ___RD C:\Users\Louie\3D Objects
2017-12-18 09:39 - 2016-02-13 06:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-18 09:38 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-18 09:38 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-12-18 09:38 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-18 09:38 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-18 09:38 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-18 08:59 - 2016-05-25 16:49 - 000000000 ____D C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-17 10:59 - 2017-05-21 16:03 - 000000000 ____D C:\Users\Louie\AppData\Local\Roblox
2017-12-17 10:46 - 2017-05-21 16:03 - 000000252 _____ C:\Users\Louie\AppData\LocalLow\rbxcsettings.rbx
2017-12-17 10:34 - 2017-05-21 16:07 - 000001473 _____ C:\Users\Louie\Desktop\Roblox Player.lnk
2017-12-17 10:34 - 2017-05-21 16:03 - 000001288 _____ C:\Users\Louie\Desktop\Roblox Studio.lnk
2017-12-17 10:34 - 2017-05-21 16:03 - 000000000 ____D C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-12-16 16:28 - 2016-09-22 15:23 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-16 16:23 - 2017-09-22 14:19 - 000000000 ____D C:\Users\Louie\AppData\Local\UnrealEngine
2017-12-16 15:47 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-16 15:43 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-14 20:14 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-14 20:14 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-14 20:14 - 2016-03-03 12:51 - 000000000 ____D C:\Program Files\Microsoft Office
2017-12-14 13:03 - 2016-05-24 16:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-14 13:02 - 2017-10-10 18:22 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-14 13:02 - 2016-05-24 16:33 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-14 13:00 - 2017-06-01 11:21 - 000000000 ____D C:\Users\Louie\Documents\Voicemeeter
2017-12-12 15:14 - 2016-11-21 17:05 - 000002277 _____ C:\Users\Louie\Desktop\Discord.lnk
2017-12-12 15:14 - 2016-11-21 17:05 - 000000000 ____D C:\Users\Louie\AppData\Local\Discord
2017-12-09 21:14 - 2016-05-24 19:23 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-12-09 21:02 - 2016-05-23 18:13 - 000002407 _____ C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-03 15:38 - 2017-09-29 06:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-03 15:38 - 2017-09-29 06:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-03 13:03 - 2016-07-12 14:13 - 000000000 ____D C:\Users\Louie\AppData\Roaming\OBS
2017-12-02 16:38 - 2016-06-12 18:34 - 000000000 ____D C:\Users\Louie\AppData\Roaming\vlc
2017-12-02 12:04 - 2017-06-01 11:33 - 000034170 _____ C:\Users\Louie\Desktop\settings.xml
2017-12-02 11:53 - 2017-06-01 10:33 - 000000000 ____D C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2017-12-02 11:53 - 2017-06-01 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2017-12-02 11:53 - 2017-06-01 10:33 - 000000000 ____D C:\Program Files\VB
2017-12-02 11:52 - 2017-06-01 10:33 - 000000000 ____D C:\Program Files (x86)\VB
2017-12-02 11:39 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-12-02 11:29 - 2017-09-29 06:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-12-02 11:28 - 2017-09-29 06:49 - 000000000 ____D C:\WINDOWS\Setup
2017-12-02 11:28 - 2017-09-29 06:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-12-02 11:28 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-12-02 11:28 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\spool
2017-12-02 11:28 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-02 11:28 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-02 11:28 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Help
2017-12-02 11:28 - 2017-05-02 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.2
2017-12-02 11:28 - 2017-04-12 18:07 - 000000000 ____D C:\Program Files\UNP
2017-12-02 11:28 - 2017-04-04 14:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conversations Network Levelator
2017-12-02 11:28 - 2017-04-04 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-12-02 11:28 - 2017-04-03 16:48 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2017-12-02 11:28 - 2017-04-02 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2017-12-02 11:28 - 2017-03-31 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stykz
2017-12-02 11:28 - 2017-03-31 15:51 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-12-02 11:28 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-12-02 11:28 - 2017-03-01 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-12-02 11:28 - 2017-01-06 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit
2017-12-02 11:28 - 2017-01-02 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-12-02 11:28 - 2016-11-08 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-02 11:28 - 2016-11-04 18:24 - 000000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8
2017-12-02 11:28 - 2016-11-04 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bat To Exe Converter
2017-12-02 11:28 - 2016-11-03 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-12-02 11:28 - 2016-09-28 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-02 11:28 - 2016-08-25 17:30 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2017-12-02 11:28 - 2016-06-13 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-02 11:28 - 2016-06-12 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-12-02 11:28 - 2016-05-23 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-02 11:28 - 2016-05-23 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2017-12-02 11:28 - 2016-05-18 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nahimic for MSI
2017-12-02 11:28 - 2016-05-18 11:20 - 000000000 ____D C:\Program Files\Intel
2017-12-02 11:28 - 2016-03-03 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-12-02 11:28 - 2016-02-29 18:43 - 000000000 ___HD C:\WINDOWS\OEM
2017-12-02 11:26 - 2017-05-02 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2017-12-02 11:26 - 2017-04-27 16:09 - 000000000 ____D C:\Program Files\Realtek
2017-12-02 11:26 - 2017-04-27 16:09 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-12-02 11:26 - 2017-03-29 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireAlpaca
2017-12-02 11:26 - 2016-06-10 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-12-02 11:25 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-12-02 11:25 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-12-02 11:25 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-12-02 11:25 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-12-02 11:25 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-02 11:25 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-12-02 11:25 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-02 11:25 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-02 11:25 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-02 11:25 - 2017-09-29 06:46 - 000000000 ____D C:\PerfLogs
2017-12-02 10:39 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-12-02 10:38 - 2016-05-23 18:12 - 000000000 ____D C:\Users\Louie\AppData\Local\TileDataLayer
2017-12-02 10:35 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Registration
2017-12-02 10:34 - 2016-09-22 15:27 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-12-02 10:32 - 2017-09-29 06:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-12-02 10:32 - 2016-11-08 17:13 - 000000000 ____D C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-02 10:32 - 2016-09-20 18:59 - 000000000 ____D C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2
2017-12-02 10:31 - 2017-11-08 18:37 - 000000000 ____D C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-12-02 10:31 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-12-02 10:31 - 2017-05-02 18:02 - 000000000 ____D C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2017-12-02 10:31 - 2017-01-06 18:17 - 000000000 ____D C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2017-12-02 10:31 - 2016-11-21 17:05 - 000000000 ____D C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-12-02 10:31 - 2016-07-20 18:11 - 000000000 ____D C:\Users\loutu\AppData\Local\Packages
2017-12-02 10:30 - 2017-04-27 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-12-02 10:30 - 2017-04-27 16:09 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-12-02 10:30 - 2017-04-27 16:09 - 000000000 ____D C:\Program Files\AMD
2017-12-02 10:30 - 2016-05-18 11:11 - 000000000 ____D C:\AMD
2017-12-01 18:51 - 2016-12-26 20:09 - 000821416 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-12-01 16:11 - 2017-06-27 11:02 - 000000733 _____ C:\Users\Public\Desktop\BAND.lnk
2017-12-01 16:11 - 2017-06-27 11:02 - 000000733 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BAND.lnk
2017-11-29 18:29 - 2016-07-15 09:20 - 000000000 ____D C:\Users\Louie\.gimp-2.8
2017-11-29 18:26 - 2016-07-15 10:20 - 000000000 ____D C:\Users\Louie\AppData\Local\gtk-2.0
2017-11-25 12:11 - 2016-06-13 13:49 - 000000000 ____D C:\Users\Louie\AppData\Roaming\.technic
2017-11-25 12:11 - 2016-06-13 13:43 - 004734880 _____ () C:\Users\Louie\Downloads\TechnicLauncher.exe
2017-11-20 20:46 - 2016-05-29 00:09 - 000545440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-20 20:15 - 2017-05-22 19:20 - 000000000 ____D C:\Users\Louie\AppData\Local\MyComGames
 
==================== Files in the root of some directories =======
 
2017-06-01 10:34 - 2017-12-19 20:18 - 000034170 _____ () C:\Users\Louie\AppData\Roaming\VoiceMeeterDefault.xml
2017-11-29 18:26 - 2017-11-29 18:26 - 000018113 _____ () C:\Users\Louie\AppData\Local\recently-used.xbel
2016-06-13 19:21 - 2016-06-13 19:21 - 000000017 _____ () C:\Users\Louie\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
2017-12-14 20:39 - 2017-12-14 20:41 - 000000000 _____ () C:\Users\Louie\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2017-12-14 20:39 - 2017-12-14 20:41 - 000000017 _____ () C:\Users\Louie\AppData\Local\Temp\d107b1cc1ad81ebfd2cb5a48fd28fa1c.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\senrvybe.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2017-12-14 20:00
 
==================== End of FRST.txt ============================

Edited by Gubbins, 19 December 2017 - 11:48 PM.


BC AdBot (Login to Remove)

 


#2 Gubbins

Gubbins
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 19 December 2017 - 11:49 PM

And here is my Addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Louie (19-12-2017 21:25:22)
Running from C:\Users\Louie\Downloads
Windows 10 Home Version 1709 16299.125 (X64) (2017-12-02 17:36:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2560975061-945233026-2718747551-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2560975061-945233026-2718747551-503 - Limited - Disabled)
Guest (S-1-5-21-2560975061-945233026-2718747551-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2560975061-945233026-2718747551-1005 - Limited - Enabled)
Louie (S-1-5-21-2560975061-945233026-2718747551-1003 - Administrator - Enabled) => C:\Users\Louie
loutu (S-1-5-21-2560975061-945233026-2718747551-1006 - Administrator - Enabled) => C:\Users\loutu
postgres (S-1-5-21-2560975061-945233026-2718747551-1007 - Limited - Enabled) => C:\Users\postgres
WDAGUtilityAccount (S-1-5-21-2560975061-945233026-2718747551-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACP Application (HKLM\...\{18DA9C7D-1A7F-2965-7705-4211EBDF1231}) (Version: 2016.0510.1837.03 - Advanced Micro Devices, Inc.) Hidden
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASIO Bridge and Hi-Fi Cable (HKLM-x32\...\VB:ASIOBridge {17359A74-1236-5467}) (Version:  - VB-Audio Software)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.28.1 - Asmedia Technology)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AudioFXSetup (HKLM\...\{1FE5ADE2-823B-4E4C-A2D3-063822B3C794}) (Version: 1.2.1201 - Nahimic) Hidden
BAND (HKLM-x32\...\BAND_is1) (Version: 1.8.3 - Camp Mobile Corp.)
Bat To Exe Converter version 2.4.6 (HKLM\...\{60C29EC2-33E8-45EE-87E4-31FA3E35C539}_is1) (Version: 2.4.6 - Fatih Kodak)
Blender (HKLM-x32\...\{4DB84B5C-A382-43A3-AC58-320747DDA983}) (Version: 2.78.1 - Blender Foundation)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.50.60.2528 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{B0199EE9-B640-3D24-29F8-99B1C425697A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{8F5D8F15-4A07-E887-C8FD-498804F2522F}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C078842D-6E39-ACBA-8927-51697B6D89B0}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{CE1A9479-C86A-81A5-729F-9B65120D15E1}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{81DFFE49-771C-3262-99DD-35AB35FEF71A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{56C43946-966D-1B4B-3910-3B4741F9CAF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
CheckDevicesConfigurator (HKLM\...\{85334C6B-E4CF-4A3C-8FE2-AF73D5DB9827}) (Version: 1.2.1201 - Nahimic) Hidden
ClamWin Free Antivirus 0.99.1 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
DaVinci Resolve (HKLM\...\{5D6009B3-E646-463A-805A-D5B95D0E36A2}) (Version: 12.5.5026 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{6FC8261F-6046-4ABB-851B-12FC923D0724}) (Version: 1.0.0.0 - Blackmagic Design)
Discord (HKU\S-1-5-21-2560975061-945233026-2718747551-1003\...\Discord) (Version: 0.0.299 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Epic Games Launcher (HKLM-x32\...\{AAA3417F-FEAD-4AF7-9C01-9FAE1BB44E3D}) (Version: 1.1.134.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-2560975061-945233026-2718747551-1003\...\Flux) (Version:  - f.lux Software LLC)
FireAlpaca 1.7.0 (HKLM-x32\...\FireAlpaca_is1) (Version: 1.7.0 - firealpaca.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HitFilm Express 2017 (HKLM\...\{752C4EC4-8031-476E-A3A5-A7023C06AC2C}) (Version: 5.0.7012.39363 - FXHOME)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Network Connections 20.4.307.0 (HKLM\...\PROSetDX) (Version: 20.4.307.0 - Intel)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LauncherSetup (HKLM\...\{E9A24BF9-2AD3-46BE-A9AF-4DED8EBC124E}) (Version: 1.2.1201 - Nahimic) Hidden
Leawo Blu-ray Player version  1.9.6.0 (HKLM-x32\...\{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1) (Version: 1.9.6.0 - Leawo Software)
Levelator (HKLM-x32\...\Levelator_is1) (Version:  - The Conversations Network)
Logitech Gaming Software 8.91 (HKLM\...\Logitech Gaming Software) (Version: 8.91.48 - Logitech Inc.)
Macromedia Flash MX 2004 (HKLM-x32\...\{2F353D44-73BB-4971-B31D-F7642E9E9531}) (Version: 7 - Macromedia)
MAGIX Music Maker 2014 Update (HKLM\...\{4A298782-9476-4D5B-8439-C99915511C30}) (Version: 20.0.5.56 - MAGIX Software GmbH) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2560975061-945233026-2718747551-1003\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{4F0E15EA-F64C-11E5-9992-E717EA7DB0C8}) (Version: 2.0.3 - Werner Schweer and Others)
My.com Game Center (HKU\S-1-5-21-2560975061-945233026-2718747551-1003\...\MyComGames) (Version: 3.214 - My.com B.V.)
Nahimic for MSI (HKLM-x32\...\{0c311339-9de4-4dd7-b21d-3dcfa3a2946f}) (Version: 1.2.12 - Nahimic)
NahimicSettingsConfigurator (HKLM\...\{5FFC5E3A-4A2B-4201-9132-5ED5A0453797}) (Version: 1.2.1201 - Nahimic) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.6.0.142 - Symantec Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
ProductDaemonSetup (HKLM\...\{79CB3FC2-E67A-4C4F-8C24-874DCD38199A}) (Version: 1.2.1201 - Nahimic) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
Roblox Player for Louie (HKU\S-1-5-21-2560975061-945233026-2718747551-1003\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
TP-LINK Archer T2U_T2UH Driver (HKLM-x32\...\{F2496892-5295-4208-AB93-21F1AFD07C97}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
UIInstallUpgrade (HKLM\...\{DEB82682-EF4C-4D3D-AEE0-51B62FEFDD21}) (Version: 1.2.1201 - Nahimic) Hidden
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
Vita Electric Piano Update (HKLM\...\{E5EA9EEC-A483-4E5F-8834-A7FCD38B48DE}) (Version: 1.0.2.0 - MAGIX AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version:  - Neil Jedrzejewski & Ryan Gregg)
Vulkan Run Time Libraries 1.0.11.0 (HKLM\...\VulkanRT1.0.11.0) (Version: 1.0.11.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.11.0 (HKLM\...\VulkanRT1.0.11.0-2) (Version: 1.0.11.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.21-7 - Wacom Technology Corp.)
Warface My.Com (HKU\S-1-5-21-2560975061-945233026-2718747551-1003\...\Warface My.Com) (Version: 1.27 - My.com B.V.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-2560975061-945233026-2718747551-1003\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {A6D08E1C-EAA3-414F-A1FB-3B0C7FABC8E3} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (/n software, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {A6D08E1C-EAA3-414F-A1FB-3B0C7FABC8E3} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (/n software, Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Program Filesx86\Notepad++\NppShell_06.dll [2016-11-02] ()
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ContextMenuHandlers1: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\NavShExt.dll [2016-02-25] (Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\NavShExt.dll [2016-02-25] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ContextMenuHandlers6: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\NavShExt.dll [2016-02-25] (Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0E5BF782-B8A1-49A3-BE0B-5D641AF5F3E3} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-musicmaker610@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {10C9A5DA-1294-425B-80E4-E48EC78627BB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\WSCStub.exe [2016-02-25] (Symantec Corporation)
Task: {1F5CDC54-6463-4DA6-9DE4-B82BF685FB1D} - System32\Tasks\ts17025427170254271702542717025427 => C:\Program Files (x86)\Imitative\grubs.exe
Task: {2601EE33-1F2C-47BC-9001-1FB5C0CD9FB6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {28437A92-32C7-4BE9-9D28-3CBDE053D67D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.)
Task: {3113C39C-C36B-4F35-BF73-10A8B83F0124} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-12] (Microsoft Corporation)
Task: {37251D95-F7DE-4C25-8562-1510E1375F06} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-02-25] (Symantec Corporation)
Task: {4E523286-663F-418D-98B6-BD71D52AD9B5} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {59471019-11ED-4620-B51C-0EBA165F282D} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [2015-12-04] ()
Task: {5CFDEB92-F329-43A3-98DF-238C19610A71} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {5E79AE2C-0FAA-4ACE-A300-210881D09BC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-12] (Microsoft Corporation)
Task: {6259B902-2D91-4201-B6DC-11D4AA385F36} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-14] (Microsoft Corporation)
Task: {659EE4EF-82BD-4CE2-83C4-B61F2AB1396E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6F0CD22F-A011-4C6F-9DDE-E4CC099C5D1A} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {89654E6B-EE4B-41D9-BA05-C7DDEC26D32C} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe [2015-12-04] ()
Task: {8E51E70C-8FF0-4F5A-A414-5FEA58482562} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-23] (Google Inc.)
Task: {8F74D785-58B8-4877-B1FF-9D75F4D0F9E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-12] (Microsoft Corporation)
Task: {9342B504-CB96-44CA-BC89-0BD622131BC9} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe [2015-12-04] ()
Task: {9C6A5988-5CED-4BA1-9A92-128521939FEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-23] (Google Inc.)
Task: {9FE7A1DD-962C-4E3E-8094-50879C9E4125} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-14] (Microsoft Corporation)
Task: {A01CB0BE-A441-41D3-9837-C01C071BEE8A} - System32\Tasks\ts71934786719347867193478671934786 => C:\Users\Louie\AppData\Local\grubs.exe
Task: {A06B1BCC-644E-44BE-9E27-37D1295FD71A} - System32\Tasks\ts64070200640702006407020064070200 => C:\Program Files (x86)\promethean\grubs.exe
Task: {B88386A3-2A2C-4022-B63F-2A3B868278BA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.)
Task: {B903B5C3-8239-4446-83A7-36AB9FB2DF16} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {BCBCF5C7-881F-4368-9425-419A6845A957} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {BD4BC34A-89F7-45D1-8E75-0328ABA47FBB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {C978EC50-2FB1-4D09-B35F-14209720AA12} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-12] (Microsoft Corporation)
Task: {DC581C52-509C-4A34-B029-DF4C90D674E5} - System32\Tasks\agK0yNOtVkMd => agk0ynotvkmd.exe
Task: {EC20E285-55CD-47B0-B36A-5800875F2C97} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-14] (Microsoft Corporation)
Task: {F526DEFE-0DB4-424C-AAA4-001C74514980} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F6FC4382-8A29-4BF6-9C86-92130547036D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=aohghmighlieiainnegkcijnfilokake
ShortcutWithArgument: C:\Users\Louie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Louie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Louie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-19 09:11 - 2015-05-19 09:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2017-12-18 20:31 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-12-04 09:36 - 2015-12-04 09:36 - 000207840 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIDevProps.dll
2015-12-04 09:36 - 2015-12-04 09:36 - 000285152 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIOSD.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-12-14 12:54 - 2017-12-14 12:55 - 000948736 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\e_sqlite3.dll
2017-12-14 12:54 - 2017-12-14 12:55 - 002360512 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-12-14 12:54 - 2017-12-14 12:57 - 000381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-09-29 06:41 - 2017-09-29 06:41 - 004069888 _____ () C:\Windows\System32\Windows.UI.Input.Inking.Analysis.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-02 11:25 - 2017-12-02 11:25 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-03 16:43 - 2017-03-27 09:21 - 001658320 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-12-12 14:59 - 2017-12-12 15:02 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-12-12 14:59 - 2017-12-12 15:02 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-12 14:59 - 2017-12-12 15:03 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-12-12 14:59 - 2017-12-12 15:02 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-12 14:59 - 2017-12-12 14:59 - 000671744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-12-14 12:49 - 2017-12-05 21:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-14 12:49 - 2017-12-05 21:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2015-12-04 09:31 - 2015-12-04 09:31 - 000740320 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
2015-03-06 17:07 - 2015-03-06 17:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-01-23 15:19 - 2017-01-23 15:19 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-01-23 15:19 - 2017-01-23 15:19 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-12-04 09:31 - 2015-12-04 09:31 - 000826880 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe
2015-12-04 09:37 - 2015-12-04 09:37 - 000275456 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe
2017-11-14 03:07 - 2017-11-14 03:07 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
2016-05-23 18:18 - 2014-08-08 14:00 - 000844800 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2017-12-09 21:04 - 2017-12-09 21:05 - 004698848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-15 10:25 - 2017-12-15 10:25 - 004320256 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1712.3352.0_x64__8wekyb3d8bbwe\Time.exe
2017-12-15 10:25 - 2017-12-15 10:25 - 000899072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1712.3352.0_x64__8wekyb3d8bbwe\TimeControls.dll
2017-12-15 10:25 - 2017-12-15 10:25 - 000783360 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1712.3352.0_x64__8wekyb3d8bbwe\TimeBackground.dll
2017-12-14 13:03 - 2017-12-14 13:09 - 000477184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-12-14 13:03 - 2017-12-14 13:09 - 058590720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-04 15:46 - 2017-10-04 15:51 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-11-13 18:31 - 2017-11-13 18:38 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-04 15:46 - 2017-10-04 15:49 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-12-14 13:03 - 2017-12-14 13:07 - 003727360 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-12-14 13:03 - 2017-12-14 13:10 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2017-12-14 13:03 - 2017-12-14 13:10 - 016395264 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-12-14 13:03 - 2017-12-14 13:07 - 003579904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-12-14 13:03 - 2017-12-14 13:03 - 003204096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-09-17 12:17 - 2017-09-17 12:18 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-14 13:03 - 2017-12-14 13:09 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-12-14 13:03 - 2017-12-14 13:07 - 004038144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll
2017-12-14 13:03 - 2017-12-14 13:09 - 001367040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-12-14 13:03 - 2017-12-14 13:10 - 000214528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\SKU.dll
2015-12-04 09:30 - 2015-12-04 09:30 - 000177632 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIDevProps.dll
2015-12-04 09:30 - 2015-12-04 09:30 - 000252384 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIOSD.dll
2017-12-09 21:02 - 2017-12-09 21:02 - 000102088 _____ () C:\Users\Louie\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2017-12-17 10:19 - 2017-12-15 12:59 - 002558752 _____ () E:\Program Files (x86)\Steam\video.dll
2017-12-14 19:50 - 2017-11-28 22:09 - 000781088 _____ () E:\Program Files (x86)\Steam\SDL2.dll
2016-10-13 20:07 - 2016-08-31 18:02 - 004969248 _____ () E:\Program Files (x86)\Steam\v8.dll
2017-12-14 19:50 - 2017-11-03 18:54 - 005137696 _____ () E:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-14 19:50 - 2017-11-03 18:54 - 000695584 _____ () E:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-14 19:50 - 2017-11-03 18:54 - 000351520 _____ () E:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-14 19:50 - 2017-11-03 18:54 - 000847136 _____ () E:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-14 19:50 - 2017-11-03 18:54 - 000783648 _____ () E:\Program Files (x86)\Steam\libswscale-4.dll
2016-10-13 20:07 - 2016-08-31 18:02 - 001195296 _____ () E:\Program Files (x86)\Steam\icuuc.dll
2016-10-13 20:07 - 2016-08-31 18:02 - 001563936 _____ () E:\Program Files (x86)\Steam\icui18n.dll
2017-12-17 10:19 - 2017-12-15 12:59 - 000904992 _____ () E:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-10-13 20:07 - 2016-07-04 15:17 - 000266560 _____ () E:\Program Files (x86)\Steam\openvr_api.dll
2017-12-12 15:14 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\Louie\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-12 15:14 - 2017-12-12 15:14 - 001886712 _____ () \\?\C:\Users\Louie\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
2017-12-12 15:14 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\Louie\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-12 15:14 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\Louie\AppData\Local\Discord\app-0.0.299\libegl.dll
2016-05-23 18:18 - 2014-08-08 14:02 - 001411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2016-05-23 18:18 - 2014-05-13 16:59 - 000195072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2016-05-23 18:18 - 2014-05-27 09:54 - 000194560 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRa.dll
2016-05-23 18:18 - 2014-04-17 08:52 - 001206576 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RaWLAPI.dll
2017-12-09 21:13 - 2017-12-04 18:06 - 000725312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-12-09 21:13 - 2017-12-04 18:06 - 002075456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2016-05-24 19:27 - 2017-12-04 18:06 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-05-24 19:27 - 2017-12-04 18:08 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-12-09 21:13 - 2017-12-04 18:07 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-12-09 21:13 - 2017-12-04 18:07 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-12-09 21:13 - 2017-12-04 18:07 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-12-09 21:14 - 2017-12-04 18:06 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-12-09 21:14 - 2017-12-04 18:06 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-05-24 19:27 - 2017-12-04 18:06 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 10:31 - 2017-12-04 18:08 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-12-09 21:13 - 2017-12-04 18:07 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-12-09 21:13 - 2017-12-04 18:07 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-12-09 21:13 - 2017-12-04 18:06 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-12-09 21:14 - 2017-12-04 18:06 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-05-24 19:27 - 2017-12-04 18:08 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-05 10:31 - 2017-12-04 18:08 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-21 13:47 - 2017-12-04 18:06 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-12-09 21:13 - 2017-12-04 18:07 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-16 20:09 - 2017-12-04 18:09 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-12-09 21:13 - 2017-12-04 18:07 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-05-17 10:31 - 2017-12-04 18:08 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-12-09 21:14 - 2017-12-04 18:07 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-12-09 21:14 - 2017-12-04 18:07 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-12-09 21:14 - 2017-12-04 18:07 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-12-09 21:14 - 2017-12-04 18:07 - 000155464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-12-09 21:14 - 2017-12-04 18:07 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-12-09 21:14 - 2017-12-04 18:07 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-12-09 21:14 - 2017-12-04 18:07 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-12-09 21:14 - 2017-12-04 18:07 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-12-09 21:14 - 2017-12-04 18:07 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-12-09 21:14 - 2017-12-04 18:07 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-05-24 19:27 - 2017-12-04 18:09 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-27 18:42 - 2017-12-04 18:09 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-23 18:27 - 2017-12-04 18:09 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-05-24 19:27 - 2017-12-04 18:08 - 000100688 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-01-23 18:27 - 2017-12-04 18:08 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 18:27 - 2017-12-04 18:09 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 18:27 - 2017-12-04 18:09 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-12-09 21:13 - 2017-12-04 18:07 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-05-24 19:27 - 2017-12-04 18:06 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-12-09 21:14 - 2017-12-04 18:07 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-05-24 19:27 - 2017-12-04 18:09 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-12-09 21:13 - 2017-12-04 18:07 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-12-09 21:13 - 2017-12-04 18:06 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-12-09 21:13 - 2017-12-04 18:07 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-12-09 21:13 - 2017-12-04 18:06 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-12-09 21:13 - 2017-12-04 18:07 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-11 12:11 - 2017-12-04 18:08 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-12-09 21:13 - 2017-12-04 18:07 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-12-09 21:13 - 2017-12-04 18:07 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-05 10:31 - 2017-12-04 18:09 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-12-09 21:14 - 2017-12-04 18:07 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-12-09 21:14 - 2017-12-04 18:07 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-12-09 21:14 - 2017-12-04 18:07 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-10-13 11:55 - 2017-09-06 19:04 - 000678400 _____ () E:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-12-14 19:50 - 2017-10-30 21:44 - 071471904 _____ () E:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-10-13 20:07 - 2015-09-24 16:52 - 000119208 _____ () E:\Program Files (x86)\Steam\winh264.dll
2017-12-01 16:11 - 2017-11-29 10:17 - 001702400 _____ () E:\Program Files (x86)\BAND\ffmpeg.dll
2017-12-02 11:52 - 2017-12-02 11:52 - 000454656 _____ () C:\Program Files (x86)\VB\Voicemeeter\mp3lame\lame_enc.dll
2017-12-12 15:14 - 2017-12-12 15:14 - 009802232 _____ () \\?\C:\Users\Louie\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-12 15:14 - 2017-12-12 15:14 - 001505784 _____ () \\?\C:\Users\Louie\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-12 15:14 - 2017-12-12 15:14 - 000513016 _____ () \\?\C:\Users\Louie\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-12 15:14 - 2017-12-12 15:14 - 002662904 _____ () \\?\C:\Users\Louie\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-12 15:14 - 2017-12-12 15:14 - 001517048 _____ () \\?\C:\Users\Louie\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
2017-12-12 15:14 - 2017-12-12 15:14 - 002749944 _____ () \\?\C:\Users\Louie\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node
2017-12-01 16:11 - 2017-11-29 10:17 - 002517504 _____ () E:\Program Files (x86)\BAND\libglesv2.dll
2017-12-01 16:11 - 2017-11-29 10:17 - 000015872 _____ () E:\Program Files (x86)\BAND\libegl.dll
2017-12-19 20:16 - 2005-02-08 17:23 - 000979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2017-12-19 20:16 - 2004-11-20 03:27 - 000069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2017-12-19 20:16 - 2004-10-11 20:21 - 000094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2017-12-19 20:16 - 2004-05-25 21:18 - 000057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2017-12-19 20:16 - 2004-11-20 03:27 - 000086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2017-12-19 20:16 - 2004-11-20 03:27 - 000024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2017-12-19 20:16 - 2004-11-20 03:27 - 000036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2017-12-19 20:16 - 2004-05-25 21:18 - 000049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2017-12-19 20:16 - 2004-05-25 21:18 - 000495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2017-12-19 20:16 - 2004-05-25 21:20 - 000036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2017-12-19 20:16 - 2004-10-11 20:22 - 000315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2017-12-19 20:16 - 2004-11-20 03:27 - 000106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2017-12-19 20:16 - 2004-11-20 03:27 - 000065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2017-12-19 20:16 - 2004-01-15 14:45 - 000061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2017-12-19 20:16 - 2004-11-20 03:27 - 000077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2017-12-19 20:16 - 2004-11-20 03:27 - 000024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2017-12-19 20:16 - 2003-10-01 13:40 - 002240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2017-12-19 20:16 - 2003-10-01 11:43 - 003239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2017-12-19 20:16 - 2003-08-10 09:14 - 000061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2017-12-19 20:16 - 2004-05-25 21:17 - 000622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2017-12-19 20:16 - 2004-05-25 21:19 - 000045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd
2015-10-16 06:14 - 2015-10-16 06:14 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2560975061-945233026-2718747551-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Louie\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{07fe2c4c-48fc-47c9-ab74-a4e09bb3807f}.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7FF66C0E-DB16-4EC9-A25A-1560DFE98BBA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Alien Swarm Reactive Drop\reactivedrop.exe
FirewallRules: [{1B14A412-AADE-4CCC-AF42-A6BE2C923D4B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Alien Swarm Reactive Drop\reactivedrop.exe
FirewallRules: [UDP Query User{A98916B3-E93B-4027-876E-6AACEC7FB8A1}C:\users\louie\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\louie\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{20FB279C-347A-4B82-9327-33E05FFCA570}C:\users\louie\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\louie\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{662DC756-004A-411D-B3AF-F36530195FDB}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [{3833A21D-02FC-458E-8CFB-013E2EB8EF61}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [UDP Query User{79C2E0DC-0B42-41DD-AEDE-9899A2559E3C}E:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{C0991A79-2D16-4263-ACFA-7B7B82276141}E:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{01D7860F-CEEB-4EC9-A06F-DA184430F262}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{DA31DA44-DA97-43A8-AAD7-CCD3D805CC03}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{7E74CA1B-15C7-44F1-A560-FB9E9156FB1B}E:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [TCP Query User{8DDBFF2A-6DBB-490A-8498-DDE79D8DF596}E:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [{F0924A48-15CC-47F5-80E6-1BA303D20F2C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\My Summer Car\mysummercar.exe
FirewallRules: [{BFB3DF93-BE6F-4912-ADCC-FFED04C7BE85}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\My Summer Car\mysummercar.exe
FirewallRules: [{9E2B4CF4-7BCA-41AB-B269-97053D697BDB}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{7EBB5E70-D58E-49FB-8766-1F640356C743}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{DA3C99C7-1575-425F-8A73-AF9A6050C00B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{530DC9EE-97C0-420E-BEBC-BE107515069B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{F64DA4DC-0935-43D1-B6E3-DC7FE34A1500}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [UDP Query User{5B829084-DEDE-47C1-9DDC-9CCCA4A16082}E:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [TCP Query User{CBD40DAB-A41D-4AB0-86D6-C2DA378905DB}E:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [UDP Query User{72888937-7CB1-44C2-B973-2E06C0074DE4}E:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{118EFC75-9AD4-450E-8FC7-405C52DE252D}E:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{A354CB23-DA83-40CA-8B97-C614808C3397}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{0BD55B49-0169-43B4-99AC-51CB1B776F48}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [UDP Query User{35CD0E7E-7E87-4BFB-BDF9-E2B6655C3BE4}C:\users\louie\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\louie\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{D1822ADC-CE1D-446F-8596-754375353156}C:\users\louie\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\louie\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{70CB7A0E-CD70-44EA-87C4-E47F1B785569}C:\program files (x86)\vb\voicemeeter\voicemeeterpro.exe] => (Allow) C:\program files (x86)\vb\voicemeeter\voicemeeterpro.exe
FirewallRules: [TCP Query User{014860FE-6E20-4AFF-98EB-9228CDE05AD7}C:\program files (x86)\vb\voicemeeter\voicemeeterpro.exe] => (Allow) C:\program files (x86)\vb\voicemeeter\voicemeeterpro.exe
FirewallRules: [UDP Query User{8D08C308-834F-4919-A582-509336C50956}E:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{3E23031A-BEC6-4A38-A7AB-8C1DB8D2660E}E:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{958B8997-7280-4A58-A443-66FB4DEFD287}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{DA3B1947-A350-48C2-B56C-44D5738BC914}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{8A8D3C17-BE4B-4903-BB45-922C41CB87C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{1F33B62C-AA5C-49C9-B2A3-5FE1C2F725C5}] => (Allow) E:\Program Files (x86)\WOT\World_of_Tanks\worldoftanks.exe
FirewallRules: [{8EC57CD9-AB23-4FE1-8A06-3EAF7FE4944D}] => (Allow) E:\Program Files (x86)\WOT\World_of_Tanks\worldoftanks.exe
FirewallRules: [{AFC64F6A-54CB-4722-8C73-E957787C5261}] => (Allow) E:\Program Files (x86)\WOT\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{B6828C8D-8F4D-40A5-BE43-2B29A23A5B5A}] => (Allow) E:\Program Files (x86)\WOT\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{95496A6E-5FCE-4F9D-8015-2404EE618465}] => (Allow) E:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{D69AAC1A-2442-428F-AD32-88DAF4EF4EDF}] => (Allow) E:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{F00C627C-2891-4F8E-B076-56A37136707F}] => (Allow) E:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{41409D98-D2EC-468D-ABB8-844D2271196B}] => (Allow) E:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{0E36D8D7-4AC9-4211-B960-EB7A2BE58D7B}] => (Allow) E:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{539439E3-7F56-43F6-8980-6CB1549B89CE}] => (Allow) E:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{97D44885-E14A-4B6C-A7F2-8E62843A1FE8}] => (Allow) E:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{1CF28903-AA0E-4196-8FB7-96B01EE154D0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{783B8DF8-C9EA-4549-84A9-05CA3B725D00}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{9FF8E58D-C3BD-472C-BAE4-2F85F2FC3CD6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AF41AC34-7ECE-476D-BD9F-56CDEFCB93D0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FB5E370B-8848-4B6F-BC97-64E3D3E52EFB}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{45AD1FAD-F2B7-43EF-AF6F-0FD8CD158A85}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{0F505E1F-E357-4BDA-8DE4-87A32E23FCFC}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{E776322A-3A4E-4A5E-9CCA-C0CE19CECE68}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{3DCD0B1A-EFFA-4D64-B007-1288471DD39C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{3EEA4A92-9B26-420F-BE57-0B64EEBADF57}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{606F29F3-65D8-4A03-A68D-8CFE91D2CF46}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{44606B05-E9E7-4DDE-95D1-8089A11166DD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{F5901996-771B-4CE7-A5B2-7CE58A17B3AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{09039D0D-536B-4322-BF85-BFF247B5E138}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A1255B56-FB9E-40E5-88CF-56039CF3A5D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{76FC6D3F-2A03-420B-BABD-7482AFBA98B9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9CAB8583-C6EF-4C2B-BCBD-0670D3BBE69C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX12.exe
FirewallRules: [{96BEE89D-8B49-4138-96DF-1F1A3909C8FD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX12.exe
FirewallRules: [{97C0F58E-DE14-4871-B487-EA6F084FE9D9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX11.exe
FirewallRules: [{227EB18F-DD72-4DE8-8F14-08DA0E534E79}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX11.exe
FirewallRules: [{F929F6EC-5473-45AC-8A04-BD2B142AB07F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
FirewallRules: [{0A5D8A62-345A-40BB-96CA-260ADFB11422}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
FirewallRules: [{871BBA35-758E-498F-ABEF-B02CE8AC1B8D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4992FB7C-FE77-4EAC-B803-AD4CA14C597A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{610D4E4C-F964-4889-B4A6-2D364FFE49CE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{C409B66D-519C-42F2-82CB-9951E13D5E01}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{77F61042-B983-44AE-B4B8-2DCD5B361DFE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{C4CAB395-D15B-4232-9AE9-07DA75340A77}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{764A8880-5C73-4775-B1A2-C5E79C020823}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Worm.is The Game\Wormis.exe
FirewallRules: [{116A1C2E-54E5-48C6-87DA-441F717B36F6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Worm.is The Game\Wormis.exe
FirewallRules: [{25B1A4C2-62AE-4BD0-BABB-E13AFE2F1AA9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{CF4D73B3-33BB-4B4F-950D-7E7FF36ADFEE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{4FE850DC-4F1D-4AD5-9FF3-1CBA2C5ACCE0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{523DF7C7-D463-4890-B88A-14AF0FEE4D5F}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2A2F745E-8D08-4691-94A1-ECB44E9A4A84}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{98D8356C-DE4C-4CE6-8F46-2D417AE1FDBB}] => (Allow) E:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5CA88B1E-3DDF-4640-A6D4-4B3CAD0E3CE0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\FiveNightsatFreddys4\FiveNightsatFreddys4.exe
FirewallRules: [{27508072-506D-4A85-922E-4B3218BE544B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\FiveNightsatFreddys4\FiveNightsatFreddys4.exe
FirewallRules: [{2D6227DB-217D-4142-9A99-B24F3BB18172}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\FiveNightsatFreddys4\HalloweenEdition.exe
FirewallRules: [{3F1F65C5-C6A7-4CDC-85DC-1452FBDFA1DE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\FiveNightsatFreddys4\HalloweenEdition.exe
FirewallRules: [{9F515DED-143A-4026-8A14-2DDA40235A63}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{0C5F87EE-DFA7-41C7-9221-27AF1054DFD7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{6DB9D992-8EB6-4D2B-91FA-A54694DE4E6B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warface\live\gflauncher.exe
FirewallRules: [{114D0582-E652-4BB7-AB9A-3A6E86B83E91}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warface\live\gflauncher.exe
FirewallRules: [{0E382E2B-C8F4-4BED-A93F-6A637077E221}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Miscreated\Miscreated.exe
FirewallRules: [{7A9C659E-CC49-4D9D-9F73-CB13998DB5B6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Miscreated\Miscreated.exe
FirewallRules: [{271C6D4E-F920-4300-B081-27F802263030}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{807BD5A4-443F-4814-BE4B-59369A4BA786}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B54F3E01-B01E-430A-AE7A-FBF0D6842BB3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Miscreated\Bin64\Miscreated.exe
FirewallRules: [{BFBFFAAA-38F7-49D2-8B99-83F68E7C664F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Miscreated\Bin64\Miscreated.exe
FirewallRules: [{CBC415D3-D050-4799-879A-2B8C5B3BFB64}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Miscreated\EasyAntiCheat\EasyAntiCheat_x64.dll
FirewallRules: [{C55D20B2-61C8-4CCD-950D-EFE4E14956DE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Miscreated\EasyAntiCheat\EasyAntiCheat_x64.dll
FirewallRules: [{13ACB9C5-8818-44B7-8D2A-CA4D42E12403}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{8E6AA758-23CA-4EF0-9396-647E2BD3423F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{EC78D98C-2AA5-44D8-A69D-D11F3FBFC489}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{26CB40E9-228F-4ECB-980A-F677635F9702}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{5F1DBB20-BC32-4353-A748-8F47AE8FADC2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{E402E430-DC03-4538-8B5A-79F9C99406D9}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{4BC1C933-FE9E-44C8-B02B-6CD10345A713}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9DCB74D6-AE76-4400-A06C-46968BF6E777}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FA8E6780-0240-453B-BB70-3B4D50209823}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{8BCE7FBE-E784-489F-9B44-E508DADAF0B1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{5DACFCA4-5C02-4846-AD9E-B24230536AD1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [{40007BBA-3AE4-44D1-B9E8-1D072D44795D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [TCP Query User{D8984EEE-E4CD-4A6B-A62B-5C42BCD1A78F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{01208F23-F43C-417C-97E6-46E59D2DE4CA}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{3C3258DB-D4E7-48DF-90B5-109EA9E74D67}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{BFC4A8F2-D727-4737-8E29-8C2A27B0ACF2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{43A8AD91-23BE-453A-935C-DF9217AA0AFB}E:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{89F63FD9-B843-467C-B2A8-9A22CA7C7F3F}E:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{56246679-9BAF-46F5-AA13-20CD7987BBCC}E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{30BE01BB-9A3B-4FDE-B9F5-7B147A60D5EC}E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/19/2017 03:44:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: coInst.exe, version: 2015.5.2.16, time stamp: 0x559f422b
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0xc06d007e
Fault offset: 0x001008b2
Faulting process id: 0x32f8
Faulting application start time: 0x01d3791afd18010f
Faulting application path: C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coInst.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: dcbbecc4-01a9-40c6-bc79-03a58a5548da
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/19/2017 03:44:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: coInst.exe, version: 2015.5.2.16, time stamp: 0x559f422b
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0xc06d007e
Fault offset: 0x001008b2
Faulting process id: 0x2a7c
Faulting application start time: 0x01d3791af9a9f76b
Faulting application path: C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coInst.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 2ece2f27-45da-45b1-bfc5-168fe5db87ec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/19/2017 03:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: InstCA.exe, version: 22.5.2.15, time stamp: 0x55a7cb5e
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0xc06d007e
Fault offset: 0x001008b2
Faulting process id: 0x22bc
Faulting application start time: 0x01d3791af8bf548d
Faulting application path: C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\InstCA.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 6d985074-3410-4d1f-999f-7eafc275be7c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/19/2017 03:44:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cltLMH.exe, version: 15.5.2.6, time stamp: 0x559c81a2
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0xc06d007e
Fault offset: 0x001008b2
Faulting process id: 0x1770
Faulting application start time: 0x01d3791af754739d
Faulting application path: C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\cltLMH.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 29cc39c2-0681-4260-ac25-2ef6105179e0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/19/2017 03:44:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.16299.125, time stamp: 0xfeba44fb
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c
Exception code: 0xc06d007e
Fault offset: 0x0000000000013fb8
Faulting process id: 0x2c44
Faulting application start time: 0x01d3791ae58972c9
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 2258fbda-a6a0-4a02-a993-702a4e6d2da6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/19/2017 03:44:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Notes.exe, version: 2.0.5.0, time stamp: 0x5a30c8be
Faulting module name: CoreUIComponents.dll, version: 10.0.16299.15, time stamp: 0x35d247d6
Exception code: 0xc0000005
Fault offset: 0x000000000008e1f4
Faulting process id: 0x2f0c
Faulting application start time: 0x01d3791ad6a23ec4
Faulting application path: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
Faulting module path: C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
Report Id: 8764345a-5b62-4778-a069-2ea043836538
Faulting package full name: Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (12/19/2017 03:44:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.16299.125, time stamp: 0xfeba44fb
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c
Exception code: 0xc06d007e
Fault offset: 0x0000000000013fb8
Faulting process id: 0xff4
Faulting application start time: 0x01d3791ad4267f4e
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 8c462b12-4568-479a-a2fc-edddc3c575fc
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/19/2017 03:44:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.16299.125, time stamp: 0xfeba44fb
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c
Exception code: 0xc06d007e
Fault offset: 0x0000000000013fb8
Faulting process id: 0x2094
Faulting application start time: 0x01d3791adfabdba9
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: e43e13b4-601c-4404-8229-5c5f2c44f278
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/19/2017 03:43:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WSCStub.exe, version: 22.5.2.15, time stamp: 0x55a7cbca
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0xc06d007e
Fault offset: 0x001008b2
Faulting process id: 0x2e98
Faulting application start time: 0x01d3791ad9614e1d
Faulting application path: C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\WSCStub.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: a69460de-0935-4067-9fae-c90a9ba918dd
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/19/2017 03:43:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Notes.exe, version: 2.0.5.0, time stamp: 0x5a30c8be
Faulting module name: CoreUIComponents.dll, version: 10.0.16299.15, time stamp: 0x35d247d6
Exception code: 0xc0000005
Fault offset: 0x000000000008e1f4
Faulting process id: 0x5d4
Faulting application start time: 0x01d3791ac021fb99
Faulting application path: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
Faulting module path: C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
Report Id: d3a4393f-ab7e-4b29-8b0d-0315cc3f882e
Faulting package full name: Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (12/19/2017 09:21:20 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (12/19/2017 09:21:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/19/2017 09:21:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/19/2017 09:21:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/19/2017 09:21:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/19/2017 09:21:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/19/2017 09:02:41 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (12/19/2017 09:02:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symantec Real Time Storage Protection x64 service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (12/19/2017 09:02:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symantec Real Time Storage Protection x64 service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (12/19/2017 09:02:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symantec Real Time Storage Protection x64 service failed to start due to the following error: 
The system cannot find the path specified.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-19 21:16:47.066
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-19 21:16:47.065
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-19 21:15:44.510
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-19 21:15:44.509
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-19 21:13:09.556
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-19 21:13:09.554
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-19 21:04:10.913
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-19 21:04:10.912
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-19 21:03:47.081
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-19 21:03:47.080
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 43%
Total physical RAM: 16341.57 MB
Available physical RAM: 9201.95 MB
Total Virtual: 32725.57 MB
Available Virtual: 24158.28 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.24 GB) (Free:33.91 GB) NTFS
Drive d: (Tablet_CD) (CDROM) (Total:0.36 GB) (Free:0 GB) CDFS
Drive e: (New Volume) (Fixed) (Total:931.39 GB) (Free:553.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,852 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:02 AM

Posted 20 December 2017 - 07:50 AM

Gubbins:

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

 

 


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,852 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:02 AM

Posted 20 December 2017 - 12:12 PM

Gubbins:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: You have Norton Security installed. You should not have more than one anti-virus program installed. I would recommend that you uninstall, via the Control Panel, the Clamwin Free Anti-Virus program that is shown as being installed in the "Addition.txt" log and then reboot your computer before proceeding to Step :step2:.

.

:step2: Please run a FRST fix for me. It appears that you might have a "Smart Service" infection, the newer versions of which can interfere with FRST. Let's try the attached script; and, if it doesn't work, then there is an alternative way to tackle this malware which we will move to, if we have to. So don't be too concerned if the FRST "fixlist" script does not properly execute or is prevented from running. Just let me as soon as possible.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Windows\System32\upmxzcgsvc.exe;E:\Program Files (x86)\BAND\BAND.exe
() C:\Users\Louie\AppData\Local\auneosh\auneosh.exe
() C:\Users\Louie\AppData\Local\igfxmtc\igfxmtc.exe
() C:\Users\Louie\AppData\Local\auneosh\vsnkair.exe
C:\Users\Louie\AppData\Local\auneosh
C:\Users\Louie\AppData\Local\igfxmtc
VirusTotal: C:\Program Files (x86)\Loiselle\savers.exe;C:\Program Files (x86)\promethean\grubs.exe;C:\Program Files (x86)\Imitative\savers.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Hosts: Hosts file not detected in the default directory
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
VirusTotal: C:\WINDOWS\system32\drivers\85417eb5e89d7589673d009387f5bcc4.sys
File: C:\WINDOWS\System32\drivers\nrlk.sys
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
S1 bomrrhbs; \??\C:\WINDOWS\system32\drivers\bomrrhbs.sys [X]
R3 udiskMgr; system32\drivers\wadgkn.sys [X]
Virustotal: C:\Users\Louie\Downloads\xw7r1ilm.exe
2017-12-19 20:16 - 2017-12-19 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2017-12-19 20:16 - 2017-12-19 20:16 - 000000000 ____D C:\ProgramData\.clamwin
2017-12-19 20:16 - 2017-12-19 20:16 - 000000000 ____D C:\Program Files (x86)\ClamWin
2017-12-19 20:02 - 2017-12-19 20:14 - 120690586 _____ (alch ) C:\Users\Louie\Downloads\clamwin-0.99.1-setup.exe
2017-12-19 16:41 - 2017-12-19 16:42 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Louie\Downloads\AVG_Protection_Free_1606 (1).exe
2017-12-19 15:37 - 2017-12-19 15:37 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Louie\Downloads\AVG_Protection_Free_1606.exe
2017-12-18 10:44 - 2017-12-19 21:16 - 000000000 ____D C:\Users\Louie\AppData\Local\vsslhaw
VirusTotal: C:\WINDOWS\system32\upmxzcgsvc.exe;C:\WINDOWS\b64070200
2017-12-18 10:31 - 2017-12-18 10:38 - 000000000 ____D C:\Users\Louie\AppData\Local\kxenavgdr
Folder: C:\WINDOWS\SysWOW64\upiesmz
Folder: C:\WINDOWS\system32\upiesmz
Folder: C:\Users\Louie\AppData\Roaming\et
Folder: C:\Program Files (x86)\chancing
Folder: C:\Users\Louie\AppData\Local\AdService
VirusTotal: C:\WINDOWS\System32\Tasks\agK0yNOtVkMd
Folder: C:\WINDOWS\system32\Drivers\wd
2017-12-02 10:34 - 2017-12-02 10:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
C:\WINDOWS\system32\drivers\senrvybe.sys
ContextMenuHandlers6: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
Task: {659EE4EF-82BD-4CE2-83C4-B61F2AB1396E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DC581C52-509C-4A34-B029-DF4C90D674E5} - System32\Tasks\agK0yNOtVkMd => agk0ynotvkmd.exe
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

:step3: Your Norton Security anti-virus component is shown as disabled. Please attempt to enable it and let me know how it goes. The "Smart Service" infection is known to interfere with anti-malware applications, so don't be concerned if the Norton Security anti-virus component will not enable. It will just mean that we haven't destroyed all of the "Smart Service" infection. The Windows error logs in the "Addition.txt" file show that something appears to be interfering with Norton.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 Gubbins

Gubbins
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 20 December 2017 - 01:19 PM

Hello Phil, my name is Louie. I am very excited to see that someone here can help me.  I have done everything that you said above and I also tried to re enable Norton after uninstalling Clamware (another failed attempt to remove this virus) and after re-enabling the antivirus, I reopened the window and found that Norton was now disabled. I would like to add that after posting this I checked Norton again and it now no longer gives me the option to enable the antivirus. The "switches" are grayed out and are not movable anymore. The three options that are disabled are the Smart Firewall, Intrusion Prevention, and Browser Protection. other than that everything else says it is enabled.

 

I also ran the fix script you gave me:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Louie (20-12-2017 11:10:01) Run:2
Running from C:\Users\Louie\Downloads
Loaded Profiles: Louie (Available Profiles: Louie & loutu & postgres)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
File: C:\Windows\System32\upmxzcgsvc.exe;E:\Program Files (x86)\BAND\BAND.exe
() C:\Users\Louie\AppData\Local\auneosh\auneosh.exe
() C:\Users\Louie\AppData\Local\igfxmtc\igfxmtc.exe
() C:\Users\Louie\AppData\Local\auneosh\vsnkair.exe
C:\Users\Louie\AppData\Local\auneosh
C:\Users\Louie\AppData\Local\igfxmtc
VirusTotal: C:\Program Files (x86)\Loiselle\savers.exe;C:\Program Files (x86)\promethean\grubs.exe;C:\Program Files (x86)\Imitative\savers.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Hosts: Hosts file not detected in the default directory
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
VirusTotal: C:\WINDOWS\system32\drivers\85417eb5e89d7589673d009387f5bcc4.sys
File: C:\WINDOWS\System32\drivers\nrlk.sys
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
S1 bomrrhbs; \??\C:\WINDOWS\system32\drivers\bomrrhbs.sys [X]
R3 udiskMgr; system32\drivers\wadgkn.sys [X]
Virustotal: C:\Users\Louie\Downloads\xw7r1ilm.exe
2017-12-19 20:16 - 2017-12-19 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2017-12-19 20:16 - 2017-12-19 20:16 - 000000000 ____D C:\ProgramData\.clamwin
2017-12-19 20:16 - 2017-12-19 20:16 - 000000000 ____D C:\Program Files (x86)\ClamWin
2017-12-19 20:02 - 2017-12-19 20:14 - 120690586 _____ (alch ) C:\Users\Louie\Downloads\clamwin-0.99.1-setup.exe
2017-12-19 16:41 - 2017-12-19 16:42 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Louie\Downloads\AVG_Protection_Free_1606 (1).exe
2017-12-19 15:37 - 2017-12-19 15:37 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Louie\Downloads\AVG_Protection_Free_1606.exe
2017-12-18 10:44 - 2017-12-19 21:16 - 000000000 ____D C:\Users\Louie\AppData\Local\vsslhaw
VirusTotal: C:\WINDOWS\system32\upmxzcgsvc.exe;C:\WINDOWS\b64070200
2017-12-18 10:31 - 2017-12-18 10:38 - 000000000 ____D C:\Users\Louie\AppData\Local\kxenavgdr
Folder: C:\WINDOWS\SysWOW64\upiesmz
Folder: C:\WINDOWS\system32\upiesmz
Folder: C:\Users\Louie\AppData\Roaming\et
Folder: C:\Program Files (x86)\chancing
Folder: C:\Users\Louie\AppData\Local\AdService
VirusTotal: C:\WINDOWS\System32\Tasks\agK0yNOtVkMd
Folder: C:\WINDOWS\system32\Drivers\wd
2017-12-02 10:34 - 2017-12-02 10:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
C:\WINDOWS\system32\drivers\senrvybe.sys
ContextMenuHandlers6: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
Task: {659EE4EF-82BD-4CE2-83C4-B61F2AB1396E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DC581C52-509C-4A34-B029-DF4C90D674E5} - System32\Tasks\agK0yNOtVkMd => agk0ynotvkmd.exe
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========================= File: C:\Windows\System32\upmxzcgsvc.exe;E:\Program Files (x86)\BAND\BAND.exe ========================
 
C:\Windows\System32\upmxzcgsvc.exe
File not signed
MD5: D41D8CD98F00B204E9800998ECF8427E (0-byte)
Creation and modification date: 2017-12-18 10:31 - 2017-12-19 20:57
Size: 002884096
Attributes: ----A
Company Name: TOSHIBA CORPORATION
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 1.0.0.1
Product Version: 1.0.0.1
Copyright: Copyright © Microsoft Corporation. All rights reserved. Smartsoft
VirusTotal: 0-byte
 
E:\Program Files (x86)\BAND\BAND.exe
File is digitally signed
MD5: BAA52C316DEA805C27DA6476946549E3
Creation and modification date: 2017-12-01 16:10 - 2017-11-29 10:17
Size: 056599952
Attributes: ----A
Company Name: Camp Mobile Corp.
Internal Name: BAND pc
Original Name: BAND.exe
Product: BAND
Description: BAND
File Version: 1.8.3
Product Version: 1.8.3
Copyright: © CampMobile. All rights reserved.
 
====== End of File: ======
 
C:\Users\Louie\AppData\Local\auneosh\auneosh.exe => No running process found
C:\Users\Louie\AppData\Local\igfxmtc\igfxmtc.exe => Could not close process
C:\Users\Louie\AppData\Local\auneosh\vsnkair.exe => No running process found
 
"C:\Users\Louie\AppData\Local\auneosh" folder move:
 
Could not move "C:\Users\Louie\AppData\Local\auneosh" => Scheduled to move on reboot.
 
 
"C:\Users\Louie\AppData\Local\igfxmtc" folder move:
 
Could not move "C:\Users\Louie\AppData\Local\igfxmtc" => Scheduled to move on reboot.
 
VirusTotal: C:\Program Files (x86)\Loiselle\savers.exe => not found
VirusTotal: C:\Program Files (x86)\promethean\grubs.exe => not found
VirusTotal: C:\Program Files (x86)\Imitative\savers.exe => not found
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
Hosts restored successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => removed successfully
VirusTotal: C:\WINDOWS\system32\drivers\85417eb5e89d7589673d009387f5bcc4.sys => https://www.virustotal.com/file/2e3c7a2fb7a8d97a6bcc87ddb969d504ac754421853f9b22a05572e3168c4b34/analysis/1513788386/
 
========================= File: C:\WINDOWS\System32\drivers\nrlk.sys ========================
 
C:\WINDOWS\System32\drivers\nrlk.sys
File is digitally signed
MD5: 8C17F3795DAE9A0ECDE4B3A3B0740E5F
Creation and modification date: 2017-12-18 10:45 - 2017-12-18 10:45
Size: 000079064
Attributes: ----A
Company Name: Malwarebytes
Internal Name: mbam.sys
Original Name: mbam.sys
Product: Malwarebytes Anti-Malware
Description: Malwarebytes Anti-Malware
File Version: 0.0.7.0
Product Version: 0.0.7.0
Copyright: © Malwarebytes. All rights reserved.
 
====== End of File: ======
 
"HKLM\System\CurrentControlSet\Services\amdacpksd" => removed successfully
amdacpksd => service removed successfully
"HKLM\System\CurrentControlSet\Services\bomrrhbs" => removed successfully
bomrrhbs => service removed successfully
udiskMgr => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\udiskMgr" => removed successfully
udiskMgr => service removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus" => not found.
"C:\ProgramData\.clamwin" => not found.
"C:\Program Files (x86)\ClamWin" => not found.
C:\Users\Louie\Downloads\clamwin-0.99.1-setup.exe => moved successfully
C:\Users\Louie\Downloads\AVG_Protection_Free_1606 (1).exe => moved successfully
C:\Users\Louie\Downloads\AVG_Protection_Free_1606.exe => moved successfully
 
"C:\Users\Louie\AppData\Local\vsslhaw" folder move:
 
Could not move "C:\Users\Louie\AppData\Local\vsslhaw" => Scheduled to move on reboot.
 
VirusTotal: C:\WINDOWS\system32\upmxzcgsvc.exe => D41D8CD98F00B204E9800998ECF8427E (0-byte MD5)
C:\Users\Louie\AppData\Local\kxenavgdr => moved successfully
 
========================= Folder: C:\WINDOWS\SysWOW64\upiesmz ========================
 
 
====== End of Folder: ======
 
 
========================= Folder: C:\WINDOWS\system32\upiesmz ========================
 
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\Louie\AppData\Roaming\et ========================
 
 
====== End of Folder: ======
 
 
========================= Folder: C:\Program Files (x86)\chancing ========================
 
2017-12-18 06:12 - 2017-12-18 06:12 - 000005120 ____A [5B74D0030C58B9FA79EF36CBBD43C07F] (crudup) C:\Program Files (x86)\chancing\chancing.exe
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\Louie\AppData\Local\AdService ========================
 
 
====== End of Folder: ======
 
 
========================= Folder: C:\WINDOWS\system32\Drivers\wd ========================
 
2017-12-12 15:03 - 2017-12-12 15:03 - 000046072 ____A [71E8950CF0DEC853EF72EB6A67AD67ED] (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wd\WdBoot.sys
2017-12-12 15:03 - 2017-12-12 15:03 - 000288848 ____A [F8BB41D6A300A6D7DE64678BAD3D7D6F] (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wd\WdFilter.sys
2017-12-12 15:03 - 2017-12-12 15:03 - 000129616 ____A [BDD91FCE8883C0E2110FE34E8D22711A] (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wd\WdNisDrv.sys
 
====== End of Folder: ======
 
C:\WINDOWS\System32\Tasks\McAfee => moved successfully
Could not move "C:\WINDOWS\system32\drivers\senrvybe.sys" => Scheduled to move on reboot.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\ClamWin => key not found
"HKLM\Software\Classes\CLSID\{65713842-C410-4f44-8383-BFE01A398C90}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{659EE4EF-82BD-4CE2-83C4-B61F2AB1396E} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{659EE4EF-82BD-4CE2-83C4-B61F2AB1396E}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC581C52-509C-4A34-B029-DF4C90D674E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC581C52-509C-4A34-B029-DF4C90D674E5}" => removed successfully
C:\WINDOWS\System32\Tasks\agK0yNOtVkMd => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\agK0yNOtVkMd" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34294596 B
Java, Flash, Steam htmlcache => 193366821 B
Windows/system/drivers => 7647623 B
Edge => 1432799 B
Chrome => 313252828 B
Firefox => 19172452 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 16402 B
NetworkService => 21498 B
Louie => 354736055 B
loutu => 27288 B
postgres => 6656 B
 
RecycleBin => 1023978 B
EmptyTemp: => 889.7 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 20-12-2017 11:12:04)
 
"C:\Users\Louie\AppData\Local\auneosh" => Could not move
"C:\Users\Louie\AppData\Local\igfxmtc" => Could not move
"C:\Users\Louie\AppData\Local\vsslhaw" => Could not move
C:\WINDOWS\system32\drivers\senrvybe.sys => Is moved successfully
 
==== End of Fixlog 11:12:04 ====

Edited by Gubbins, 20 December 2017 - 01:28 PM.


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,852 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:02 AM

Posted 20 December 2017 - 02:44 PM

Louie:

Thank you for your post, the FRST "fixlist" script results log, and for permission to address you by your first name. :thumbup2:

It definitely appears that you have the "SmartService" infection. It is very troublesome because it is constantly mutating to prevent anti-malware software from functioning. In fact, it changes its filenames with every reboot!

There was a recent automated removal improvement to FRST that might work on the version that is afflicting your computer; however if the malware has mutated again, it might not work, but have no fear - we never give up and we have alternatives!

.

:step1: Please boot your computer normally. Then please run the following FRST "fixlist" script, as you did before for me. Please copy and paste the results into your next reply/replies.

 

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers
End::

.

:step2: I want you to run another FRST scan for me, but this time, in the Windows Recovery Environment, please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another clean computer to download a new copy of FRST64.exe

Preparing the USB Flash Drive

Download a new copy of FRST64.exe for your system from a "clean" computer. Do * * * NOT * * * insert the USB flash drive into your infected computer until it has booted into the Recovery Environment.

  • FRST 64-bit
  • Boot in the Recovery Environment
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums

Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • Two logs will be created called FRST.txt and Addition.txt on your USB flash drive. Please copy and paste the contents of those log files into your next reply

.

There will be no further replies from me today, as my computer is downloading the Fall Creators Update. It has previously failed twice, so who knows, maybe third time lucky?!

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 Gubbins

Gubbins
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 20 December 2017 - 04:43 PM

Phil, I have made my way to recovery mode but in no way have found access to Command Prompt unless you mean the Windows SafeMode. Could you specify for me?

 

Here is the fixlog you asked for:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Louie (20-12-2017 12:54:16) Run:3
Running from C:\Users\Louie\Downloads
Loaded Profiles: Louie (Available Profiles: Louie & loutu & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers

*****************


========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========


========= fltmc instances =========

Filter Volume Name Altitude Instance Name Frame SprtFtrs VlStatus
-------------------- ------------------------------------- ------------ ---------------------- ----- -------- --------
BHDrvx64 365100 BHDrvx64 0 00000007
BHDrvx64 365100 BHDrvx64 0 00000007
BHDrvx64 C: 365100 BHDrvx64 0 00000007
BHDrvx64 E: 365100 BHDrvx64 0 00000007
FileInfo D: 40500 FileInfo 0 00000007
FileInfo 40500 FileInfo 0 00000007
FileInfo 40500 FileInfo 0 00000007
FileInfo C: 40500 FileInfo 0 00000007
FileInfo E: 40500 FileInfo 0 00000007
FileInfo \Device\Mup 40500 FileInfo 0 00000007
MBAMChameleon D: 400900 MBAMChameleon 0 00000000
MBAMChameleon 400900 MBAMChameleon 0 00000000
MBAMChameleon 400900 MBAMChameleon 0 00000000
MBAMChameleon C: 400900 MBAMChameleon 0 00000000
MBAMChameleon E: 400900 MBAMChameleon 0 00000000
MBAMChameleon \Device\Mup 400900 MBAMChameleon 0 00000000
MBAMFarflt D: 268150 MBAMFarflt 0 00000004
MBAMFarflt 268150 MBAMFarflt 0 00000004
MBAMFarflt 268150 MBAMFarflt 0 00000004
MBAMFarflt C: 268150 MBAMFarflt 0 00000004
MBAMFarflt E: 268150 MBAMFarflt 0 00000004
MBAMProtection D: 328800 MBAMProtection 0 00000004
MBAMProtection 328800 MBAMProtection 0 00000004
MBAMProtection 328800 MBAMProtection 0 00000004
MBAMProtection C: 328800 MBAMProtection 0 00000004
MBAMProtection E: 328800 MBAMProtection 0 00000004
MBAMProtection \Device\Mup 328800 MBAMProtection 0 00000004
SRTSP D: 329000 SRTSP 0 00000007
SRTSP 329000 SRTSP 0 00000007
SRTSP 329000 SRTSP 0 00000007
SRTSP C: 329000 SRTSP 0 00000007
SRTSP E: 329000 SRTSP 0 00000007
SRTSP \Device\Mup 329000 SRTSP 0 00000007
SymEFASI D: 260610 SymEFASI 0 00000007
SymEFASI 260610 SymEFASI 0 00000007
SymEFASI 260610 SymEFASI 0 00000007
SymEFASI C: 260610 SymEFASI 0 00000007
SymEFASI E: 260610 SymEFASI 0 00000007
SymEFASI \Device\Mup 260610 SymEFASI 0 00000007
WdFilter D: 328010 WdFilter Instance 0 00000007
WdFilter 328010 WdFilter Instance 0 00000007
WdFilter 328010 WdFilter Instance 0 00000007
WdFilter C: 328010 WdFilter Instance 0 00000007
WdFilter E: 328010 WdFilter Instance 0 00000007
WdFilter \Device\Mup 328010 WdFilter Instance 0 00000007
Wof 40700 Wof Instance 0 00000007
Wof C: 40700 Wof Instance 0 00000007
Wof E: 40700 Wof Instance 0 00000007
eeCtrl 329010 eeCtrl 0 00000007
eeCtrl 329010 eeCtrl 0 00000007
eeCtrl C: 329010 eeCtrl 0 00000007
eeCtrl E: 329010 eeCtrl 0 00000007
luafv C: 135000 luafv 0 00000007
npsvctrig \Device\NamedPipe 46000 npsvctrig 0 00000000
pilkgvox C: 45666 pilkgvox Instance 0 00000000
pilkgvox \Device\Mup 45666 pilkgvox Instance 0 00000000
udiskMgr D: 45888 udiskMgr Instance 0 00000000
udiskMgr 45888 udiskMgr Instance 0 00000000
udiskMgr 45888 udiskMgr Instance 0 00000000
udiskMgr C: 45888 udiskMgr Instance 0 00000000
udiskMgr E: 45888 udiskMgr Instance 0 00000000
wcifs C: 189900 wcifs Instance 0 00000007

========= End of CMD: =========


========= dir /a:-d /o:d C:\windows\system32\drivers =========

Volume in drive C has no label.
Volume Serial Number is C20F-D0DF

Directory of C:\windows\system32\drivers

09/02/2014 05:01 PM 41,192 vbaudio_cable64_win7.sys
07/07/2015 03:33 PM 155,192 iANSW60e.sys
07/20/2015 01:52 PM 281,896 iaLPSS2_UART2.sys
09/17/2015 11:29 AM 149,240 asmthub3.sys
09/17/2015 11:29 AM 443,128 asmtxhci.sys
09/18/2015 05:54 PM 37,832 iqvw64e.sys
10/08/2015 09:16 PM 185,600 TeeDriverW8x64.sys
10/16/2015 06:08 AM 18,720 IntelMEFWVer.dll
12/10/2015 07:08 PM 4,486,133 RTAIODAT.DAT
12/10/2015 07:08 PM 4,705,536 RTKVHD64.sys
12/10/2015 07:08 PM 3,152,591 rtkSSTsetting.dat
12/10/2015 07:08 PM 5,804,772 rtvienna.dat
05/10/2016 03:41 PM 101,376 SETD0E8.tmp
07/16/2016 04:42 AM 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
07/24/2016 03:21 AM 101,376 AtihdWT6.sys
08/18/2016 05:41 AM 49,448 amdkmafd.sys
09/13/2016 09:08 PM 60,920 ati2erec.dll
09/13/2016 09:08 PM 518,656 atikmpag.sys
09/13/2016 09:08 PM 26,706,432 atikmdag.sys
09/21/2016 07:42 AM 460,992 cbfs6.sys
09/21/2016 07:42 AM 18,624 vpnpbus.sys
01/23/2017 03:20 PM 26,008 LGVirHid.sys
01/23/2017 03:20 PM 67,736 LGJoyXlCore.sys
01/23/2017 03:20 PM 36,496 LGBusEnum.sys
04/27/2017 04:09 PM 0 Msft_User_WpdFs_01_11_00.Wdf
06/01/2017 10:33 AM 41,192 vbaudio_vmvaio64_win7.sys
06/01/2017 10:33 AM 41,192 vbaudio_vmauxvaio64_win7.sys
09/25/2017 07:48 PM 0 Msft_User_WpdMtpDr_01_11_00.Wdf
09/29/2017 06:40 AM 79,360 iaLPSS2i_GPIO2.sys
09/29/2017 06:40 AM 36,864 iagpio.sys
09/29/2017 06:40 AM 88,576 iaLPSS2i_GPIO2_BXT_P.sys
09/29/2017 06:40 AM 171,520 iaLPSS2i_I2C.sys
09/29/2017 06:40 AM 174,592 iaLPSS2i_I2C_BXT_P.sys
09/29/2017 06:40 AM 60,312 CAD.sys
09/29/2017 06:40 AM 524,800 e1i63x64.sys
09/29/2017 06:40 AM 91,648 iai2c.sys
09/29/2017 06:40 AM 119,704 pcmcia.sys
09/29/2017 06:40 AM 46,592 hidir.sys
09/29/2017 06:40 AM 86,016 hdaudbus.sys
09/29/2017 06:40 AM 118,680 EhStorTcgDrv.sys
09/29/2017 06:40 AM 49,152 circlass.sys
09/29/2017 06:40 AM 113,152 iaLPSSi_I2C.sys
09/29/2017 06:40 AM 67,584 bthmodem.sys
09/29/2017 06:40 AM 379,392 portcls.sys
09/29/2017 06:40 AM 102,912 usbcir.sys
09/29/2017 06:40 AM 96,768 drmk.sys
09/29/2017 06:40 AM 16,224 drmkaud.sys
09/29/2017 06:41 AM 27,136 usbprint.sys
09/29/2017 06:41 AM 38,912 monitor.sys
09/29/2017 06:41 AM 38,128 iaLPSSi_GPIO.sys
09/29/2017 06:41 AM 130,640 intelpep.sys
09/29/2017 06:41 AM 2,224,128 netr28ux.sys
09/29/2017 06:41 AM 16,896 pnpmem.sys
09/29/2017 06:41 AM 20,626 Patch_7662.bin
09/29/2017 06:41 AM 79,216 FW_7662.bin
09/29/2017 06:41 AM 103,936 rhproxy.sys
09/29/2017 06:41 AM 14,336 acpipmi.sys
09/29/2017 06:41 AM 533,912 bxvbda.sys
09/29/2017 06:41 AM 3,419,032 evbda.sys
09/29/2017 06:41 AM 109,976 sbp2port.sys
09/29/2017 06:41 AM 20,480 AcpiDev.sys
09/29/2017 06:41 AM 159,744 cdrom.sys
09/29/2017 06:41 AM 237,056 1394ohci.sys
09/29/2017 06:41 AM 107,416 3ware.sys
09/29/2017 06:41 AM 122,368 capimg.sys
09/29/2017 06:41 AM 1,135,512 adp80xx.sys
09/29/2017 06:41 AM 27,032 amdxata.sys
09/29/2017 06:41 AM 131,992 arcsas.sys
09/29/2017 06:41 AM 258,592 amdsbs.sys
09/29/2017 06:41 AM 83,352 amdsata.sys
09/29/2017 06:41 AM 9,728 bcmfn2.sys
09/29/2017 06:41 AM 82,840 lsi_sss.sys
09/29/2017 06:41 AM 103,320 lsi_sas3i.sys
09/29/2017 06:41 AM 123,800 lsi_sas2i.sys
09/29/2017 06:41 AM 108,064 lsi_sas.sys
09/29/2017 06:41 AM 30,720 wacompen.sys
09/29/2017 06:41 AM 63,520 HpSAMD.sys
09/29/2017 06:41 AM 59,800 megasas.sys
09/29/2017 06:41 AM 63,520 MegaSas2i.sys
09/29/2017 06:41 AM 63,896 mvumis.sys
09/29/2017 06:41 AM 575,896 megasr.sys
09/29/2017 06:41 AM 16,896 MTConfig.sys
09/29/2017 06:41 AM 58,776 percsas2i.sys
09/29/2017 06:41 AM 166,296 nvstor.sys
09/29/2017 06:41 AM 150,424 nvraid.sys
09/29/2017 06:41 AM 31,128 stexstor.sys
09/29/2017 06:41 AM 61,848 percsas3i.sys
09/29/2017 06:41 AM 81,816 sisraid4.sys
09/29/2017 06:41 AM 44,952 sisraid2.sys
09/29/2017 06:41 AM 56,320 umbus.sys
09/29/2017 06:41 AM 166,808 vsmraid.sys
09/29/2017 06:41 AM 305,560 VSTXRAID.SYS
09/29/2017 06:41 AM 357,272 cht4sx64.sys
09/29/2017 06:41 AM 141,208 cht4dx64.sys
09/29/2017 06:41 AM 279,448 msiscsi.sys
09/29/2017 06:41 AM 1,723,288 cht4vx64.sys
09/29/2017 06:41 AM 13,824 errdev.sys
09/29/2017 06:41 AM 526,232 ibbus.sys
09/29/2017 06:41 AM 64,920 winverbs.sys
09/29/2017 06:41 AM 108,952 ndfltr.sys
09/29/2017 06:41 AM 842,648 mlx4_bus.sys
09/29/2017 06:41 AM 32,152 winmad.sys
09/29/2017 06:41 AM 17,920 sfloppy.sys
09/29/2017 06:41 AM 38,296 hidbatt.sys
09/29/2017 06:41 AM 32,768 fdc.sys
09/29/2017 06:41 AM 26,624 flpydisk.sys
09/29/2017 06:41 AM 18,840 msisadrv.sys
09/29/2017 06:41 AM 92,056 IPMIDrv.sys
09/29/2017 06:41 AM 22,936 isapnp.sys
09/29/2017 06:41 AM 674,200 iaStorAV.sys
09/29/2017 06:41 AM 412,056 iaStorV.sys
09/29/2017 06:41 AM 38,912 invdimm.sys
09/29/2017 06:41 AM 53,144 pciidex.sys
09/29/2017 06:41 AM 16,280 pciide.sys
09/29/2017 06:41 AM 28,568 atapi.sys
09/29/2017 06:41 AM 19,352 intelide.sys
09/29/2017 06:41 AM 194,456 ataport.sys
09/29/2017 06:41 AM 84,992 serial.sys
09/29/2017 06:41 AM 25,088 serenum.sys
09/29/2017 06:41 AM 98,816 parport.sys
09/29/2017 06:41 AM 40,856 mssmbios.sys
09/29/2017 06:41 AM 88,576 nvdimmn.sys
09/29/2017 06:41 AM 100,352 pmem.sys
09/29/2017 06:41 AM 103,320 stornvme.sys
09/29/2017 06:41 AM 118,168 scmbus.sys
09/29/2017 06:41 AM 43,008 vnvdimm.sys
09/29/2017 06:41 AM 54,680 vdrvroot.sys
09/29/2017 06:41 AM 79,256 uaspstor.sys
09/29/2017 06:41 AM 37,784 bttflt.sys
09/29/2017 06:41 AM 18,432 wmiacpi.sys
09/29/2017 06:41 AM 733,592 acpi.sys
09/29/2017 06:41 AM 58,880 BasicDisplay.sys
09/29/2017 06:41 AM 198,656 intelppm.sys
09/29/2017 06:41 AM 180,224 amdk8.sys
09/29/2017 06:41 AM 177,152 processr.sys
09/29/2017 06:41 AM 94,104 disk.sys
09/29/2017 06:41 AM 178,176 amdppm.sys
09/29/2017 06:41 AM 15,392 volume.sys
09/29/2017 06:41 AM 171,416 spacedump.sys
09/29/2017 06:41 AM 28,568 uefi.sys
09/29/2017 06:41 AM 39,832 battc.sys
09/29/2017 06:41 AM 55,840 mausbip.sys
09/29/2017 06:41 AM 29,696 CmBatt.sys
09/29/2017 06:41 AM 12,800 acpipagr.sys
09/29/2017 06:41 AM 13,312 acpitime.sys
09/29/2017 06:41 AM 505,240 mausbhost.sys
09/29/2017 06:41 AM 71,680 usbser.sys
09/29/2017 06:41 AM 33,176 SDFRd.sys
09/29/2017 06:41 AM 35,328 TsUsbGD.sys
09/29/2017 06:41 AM 18,328 swenum.sys
09/29/2017 06:41 AM 9,216 vms3cap.sys
09/29/2017 06:41 AM 28,160 HyperVideo.sys
09/29/2017 06:41 AM 46,592 dmvsc.sys
09/29/2017 06:41 AM 25,088 VMBusHID.sys
09/29/2017 06:41 AM 16,896 hyperkbd.sys
09/29/2017 06:41 AM 13,312 vmgencounter.sys
09/29/2017 06:41 AM 75,160 vpci.sys
09/29/2017 06:41 AM 43,008 RfxVmt.sys
09/29/2017 06:41 AM 64,512 Synth3dVsc.sys
09/29/2017 06:41 AM 39,320 storvsc.sys
09/29/2017 06:41 AM 10,240 vmgid.sys
09/29/2017 06:41 AM 109,976 vmbus.sys
09/29/2017 06:41 AM 47,512 vmstorfl.sys
09/29/2017 06:41 AM 23,040 BtaMPM.sys
09/29/2017 06:41 AM 45,056 BthAvrcpTg.sys
09/29/2017 06:41 AM 31,232 BthhfHid.sys
09/29/2017 06:41 AM 107,008 bthhfenum.sys
09/29/2017 06:41 AM 27,544 urssynopsys.sys
09/29/2017 06:41 AM 20,992 genericusbfn.sys
09/29/2017 06:41 AM 97,312 UfxChipidea.sys
09/29/2017 06:41 AM 28,568 urschipidea.sys
09/29/2017 06:41 AM 140,696 ufxsynopsys.sys
09/29/2017 06:41 AM 14,336 umpass.sys
09/29/2017 06:41 AM 46,592 xinputhid.sys
09/29/2017 06:41 AM 281,600 xboxgip.sys
09/29/2017 06:41 AM 114,688 hidbth.sys
09/29/2017 06:41 AM 45,056 devauthe.sys
09/29/2017 06:41 AM 52,224 hidi2c.sys
09/29/2017 06:41 AM 45,568 hidparse.sys
09/29/2017 06:41 AM 105,984 i8042prt.sys
09/29/2017 06:41 AM 187,392 hidclass.sys
09/29/2017 06:41 AM 39,424 buttonconverter.sys
09/29/2017 06:41 AM 40,448 kbdhid.sys
09/29/2017 06:41 AM 63,384 kbdclass.sys
09/29/2017 06:41 AM 40,960 hidusb.sys
09/29/2017 06:41 AM 50,584 hidinterrupt.sys
09/29/2017 06:41 AM 32,768 mouhid.sys
09/29/2017 06:41 AM 30,720 usbohci.sys
09/29/2017 06:41 AM 28,160 sermouse.sys
09/29/2017 06:41 AM 168,856 usbccgp.sys
09/29/2017 06:41 AM 57,240 mouclass.sys
09/29/2017 06:41 AM 95,640 usbehci.sys
09/29/2017 06:41 AM 454,040 usbport.sys
09/29/2017 06:41 AM 32,152 usbd.sys
09/29/2017 06:41 AM 92,672 winusb.sys
09/29/2017 06:41 AM 513,944 usbhub.sys
09/29/2017 06:41 AM 130,968 USBSTOR.SYS
09/29/2017 06:41 AM 35,328 usbuhci.sys
09/29/2017 06:41 AM 18,000 WindowsTrustedRTProxy.sys
09/29/2017 06:41 AM 96,664 sdstor.sys
09/29/2017 06:41 AM 229,272 tpm.sys
09/29/2017 06:41 AM 26,112 npsvctrig.sys
09/29/2017 06:41 AM 23,040 kdnic.sys
09/29/2017 06:41 AM 49,048 msgpiowin32.sys
09/29/2017 06:41 AM 59,904 rteth.sys
09/29/2017 06:41 AM 225,280 winnat.sys
09/29/2017 06:41 AM 55,808 filecrypt.sys
09/29/2017 06:41 AM 26,112 ipt.sys
09/29/2017 06:41 AM 39,832 ramdisk.sys
09/29/2017 06:41 AM 97,688 sdport.sys
09/29/2017 06:41 AM 227,224 Ucx01000.sys
09/29/2017 06:41 AM 28,568 cmimcext.sys
09/29/2017 06:41 AM 127,896 acpiex.sys
09/29/2017 06:41 AM 62,872 fsdepends.sys
09/29/2017 06:41 AM 34,816 vhf.sys
09/29/2017 06:41 AM 62,976 TsUsbFlt.sys
09/29/2017 06:41 AM 123,288 pdc.sys
09/29/2017 06:41 AM 45,056 Udecx.sys
09/29/2017 06:41 AM 81,304 vmbkmcl.sys
09/29/2017 06:41 AM 31,640 winhv.sys
09/29/2017 06:41 AM 30,104 WpdUpFltr.sys
09/29/2017 06:41 AM 101,888 bowser.sys
09/29/2017 06:41 AM 309,144 WdFilter.sys
09/29/2017 06:41 AM 44,608 WdBoot.sys
09/29/2017 06:41 AM 119,192 WdNisDrv.sys
09/29/2017 06:41 AM 56,728 iorate.sys
09/29/2017 06:41 AM 43,520 mmcss.sys
09/29/2017 06:41 AM 62,464 winhvr.sys
09/29/2017 06:41 AM 3,440,660 gm.dls
09/29/2017 06:41 AM 646 gmreadme.txt
09/29/2017 06:41 AM 124,416 Ndu.sys
09/29/2017 06:41 AM 73,112 hvservice.sys
09/29/2017 06:41 AM 1,007,512 ClipSp.sys
09/29/2017 06:41 AM 8,192 gpuenergydrv.sys
09/29/2017 06:41 AM 56,320 watchdog.sys
09/29/2017 06:41 AM 80,384 vmbkmclr.sys
09/29/2017 06:41 AM 408,096 dxgmms1.sys
09/29/2017 06:41 AM 75,776 mpsdrv.sys
09/29/2017 06:41 AM 163,736 wfplwfs.sys
09/29/2017 06:41 AM 78,744 CEA.sys
09/29/2017 06:41 AM 169,880 msgpioclx.sys
09/29/2017 06:41 AM 152,984 pacer.sys
09/29/2017 06:41 AM 27,136 mshwnclx.sys
09/29/2017 06:41 AM 79,872 storqosflt.sys
09/29/2017 06:41 AM 32,256 dumpsdport.sys
09/29/2017 06:41 AM 71,248 WindowsTrustedRT.sys
09/29/2017 06:41 AM 81,816 SpbCx.sys
09/29/2017 06:41 AM 39,424 IndirectKmd.sys
09/29/2017 06:41 AM 76,288 wcnfs.sys
09/29/2017 06:41 AM 74,784 SerCx.sys
09/29/2017 06:41 AM 146,944 UcmTcpciCx.sys
09/29/2017 06:41 AM 154,520 SerCx2.sys
09/29/2017 06:41 AM 8,704 mshidkmdf.sys
09/29/2017 06:41 AM 11,776 mshidumdf.sys
09/29/2017 06:41 AM 39,320 cnghwassist.sys
09/29/2017 06:41 AM 28,056 tbs.sys
09/29/2017 06:41 AM 266,648 ufx01000.sys
09/29/2017 06:41 AM 214,016 ipnat.sys
09/29/2017 06:41 AM 384,000 cldflt.sys
09/29/2017 06:41 AM 936,856 refsv1.sys
09/29/2017 06:41 AM 191,008 appid.sys
09/29/2017 06:41 AM 18,432 applockerfltr.sys
09/29/2017 06:41 AM 33,792 wdnsfltr.sys
09/29/2017 06:41 AM 35,736 wimmount.sys
09/29/2017 06:41 AM 354,304 exfat.sys
09/29/2017 06:41 AM 1,849,752 refs.sys
09/29/2017 06:41 AM 1,103,768 http.sys
09/29/2017 06:41 AM 85,400 fileinfo.sys
09/29/2017 06:41 AM 209,304 wof.sys
09/29/2017 06:41 AM 371,608 fastfat.sys
09/29/2017 06:41 AM 36,864 filetrace.sys
09/29/2017 06:41 AM 35,736 Dumpata.sys
09/29/2017 06:41 AM 139,672 ksecdd.sys
09/29/2017 06:41 AM 29,592 hwpolicy.sys
09/29/2017 06:41 AM 225,688 VerifierExt.sys
09/29/2017 06:41 AM 34,200 SleepStudyHelper.sys
09/29/2017 06:41 AM 535,960 netio.sys
09/29/2017 06:41 AM 2,773,400 tcpip.sys
09/29/2017 06:41 AM 441,240 FWPKCLNT.SYS
09/29/2017 06:41 AM 44,544 nsiproxy.sys
09/29/2017 06:41 AM 103,320 mountmgr.sys
09/29/2017 06:41 AM 55,704 condrv.sys
09/29/2017 06:41 AM 121,240 tdx.sys
09/29/2017 06:41 AM 65,024 ndisuio.sys
09/29/2017 06:41 AM 403,352 Classpnp.sys
09/29/2017 06:41 AM 20,376 wmilib.sys
09/29/2017 06:41 AM 132,608 NetAdapterCx.sys
09/29/2017 06:41 AM 33,176 WppRecorder.sys
09/29/2017 06:41 AM 85,912 crashdmp.sys
09/29/2017 06:41 AM 7,168 null.sys
09/29/2017 06:41 AM 918,240 Wdf01000.sys
09/29/2017 06:41 AM 31,232 msfs.sys
09/29/2017 06:41 AM 73,216 npfs.sys
09/29/2017 06:41 AM 61,664 WdfLdr.sys
09/29/2017 06:41 AM 93,184 cdfs.sys
09/29/2017 06:41 AM 34,200 fs_rec.sys
09/29/2017 06:41 AM 40,344 tdi.sys
09/29/2017 06:41 AM 170,904 ksecpkg.sys
09/29/2017 06:41 AM 53,144 pcw.sys
09/29/2017 06:41 AM 614,296 afd.sys
09/29/2017 06:41 AM 45,464 werkernel.sys
09/29/2017 06:41 AM 376,864 msrpc.sys
09/29/2017 06:41 AM 38,808 Diskdump.sys
09/29/2017 06:41 AM 151,040 dfsc.sys
09/29/2017 06:41 AM 44,544 videoprt.sys
09/29/2017 06:41 AM 25,600 Dumpstorport.sys
09/29/2017 06:41 AM 123,800 mup.sys
09/29/2017 06:41 AM 15,360 Dmpusbstor.sys
09/29/2017 06:41 AM 128,408 tm.sys
09/29/2017 06:41 AM 373,144 volmgrx.sys
09/29/2017 06:41 AM 80,896 rspndr.sys
09/29/2017 06:41 AM 65,024 lltdio.sys
09/29/2017 06:41 AM 116,736 bridge.sys
09/29/2017 06:41 AM 87,960 EhStorClass.sys
09/29/2017 06:41 AM 33,280 mskssrv.sys
09/29/2017 06:41 AM 12,800 mstee.sys
09/29/2017 06:41 AM 10,752 mspclock.sys
09/29/2017 06:41 AM 10,752 mspqm.sys
09/29/2017 06:41 AM 27,136 ksthunk.sys
09/29/2017 06:41 AM 149,504 rmcast.sys
09/29/2017 06:41 AM 115,200 WUDFPf.sys
09/29/2017 06:41 AM 259,584 WUDFRd.sys
09/29/2017 06:41 AM 19,864 ntosext.sys
09/29/2017 06:41 AM 240,640 ahcache.sys
09/29/2017 06:41 AM 316,928 netbt.sys
09/29/2017 06:41 AM 51,712 tcpipreg.sys
09/29/2017 06:41 AM 21,504 NdisVirtualBus.sys
09/29/2017 06:41 AM 128,000 NdisImPlatform.sys
09/29/2017 06:41 AM 49,152 qwavedrv.sys
09/29/2017 06:41 AM 57,752 netbios.sys
09/29/2017 06:41 AM 84,480 mslldp.sys
09/29/2017 06:41 AM 106,496 tunnel.sys
09/29/2017 06:41 AM 85,504 ipfltdrv.sys
09/29/2017 06:41 AM 17,920 rasacd.sys
09/29/2017 06:41 AM 108,032 agilevpn.sys
09/29/2017 06:41 AM 82,944 raspppoe.sys
09/29/2017 06:41 AM 62,464 ndproxy.sys
09/29/2017 06:41 AM 80,896 wanarp.sys
09/29/2017 06:41 AM 27,136 ndistapi.sys
09/29/2017 06:41 AM 78,336 rassstp.sys
09/29/2017 06:41 AM 97,280 raspptp.sys
09/29/2017 06:41 AM 106,496 rasl2tp.sys
09/29/2017 06:41 AM 28,160 asyncmac.sys
09/29/2017 06:41 AM 192,000 ndiswan.sys
09/29/2017 06:41 AM 23,040 usb8023.sys
09/29/2017 06:42 AM 35,328 RNDISMP.sys
09/29/2017 06:42 AM 31,232 tape.sys
09/29/2017 06:42 AM 23,552 mcd.sys
09/29/2017 06:42 AM 21,504 smclib.sys
09/29/2017 06:42 AM 10,240 beep.sys
09/29/2017 06:42 AM 175,512 scsiport.sys
09/29/2017 06:42 AM 75,264 stream.sys
09/29/2017 06:42 AM 43,008 scfilter.sys
09/29/2017 06:42 AM 13,312 rootmdm.sys
09/29/2017 06:42 AM 42,496 modem.sys
09/29/2017 06:42 AM 50,688 ndiscap.sys
09/29/2017 06:42 AM 323,072 udfs.sys
09/29/2017 06:42 AM 23,040 ws2ifsl.sys
09/29/2017 06:42 AM 81,304 dam.sys
09/29/2017 06:42 AM 37,376 USBCAMD2.sys
09/29/2017 06:42 AM 119,808 irda.sys
09/29/2017 06:42 AM 143,872 mrxdav.sys
09/29/2017 06:42 AM 282,520 rdyboost.sys
09/29/2017 06:42 AM 19,968 irenum.sys
09/29/2017 06:42 AM 723,968 PEAuth.sys
09/29/2017 06:42 AM 27,136 vwifibus.sys
09/29/2017 06:42 AM 76,800 vwififlt.sys
09/29/2017 06:43 AM 727,448 fvevol.sys
09/29/2017 06:43 AM 91,152 dumpfve.sys
09/29/2017 07:43 AM 182,784 rdpdr.sys
09/29/2017 07:43 AM 30,616 rdpvideominiport.sys
09/29/2017 07:43 AM 56,216 SpatialGraphFilter.sys
09/29/2017 07:43 AM 37,272 terminpt.sys
09/29/2017 07:43 AM 27,136 rdpbus.sys
10/01/2017 11:16 AM 33,512 vbaudio_hfvaio64_win7.sys
11/29/2017 09:11 AM 77,432 mbae64.sys
12/01/2017 06:51 PM 821,416 EasyAntiCheat.sys
12/02/2017 11:25 AM 149,400 storahci.sys
12/02/2017 11:25 AM 82,840 volmgr.sys
12/02/2017 11:25 AM 285,080 sdbus.sys
12/02/2017 11:25 AM 57,344 UcmUcsi.sys
12/02/2017 11:25 AM 713,624 vhdmp.sys
12/02/2017 11:25 AM 187,288 dumpsd.sys
12/02/2017 11:25 AM 555,416 USBHUB3.SYS
12/02/2017 11:25 AM 45,464 storufs.sys
12/02/2017 11:25 AM 34,816 BasicRender.sys
12/02/2017 11:25 AM 147,864 wcifs.sys
12/02/2017 11:25 AM 373,656 clfs.sys
12/02/2017 11:25 AM 559,512 storport.sys
12/02/2017 11:25 AM 2,573,208 dxgkrnl.sys
12/02/2017 11:25 AM 749,976 dxgmms2.sys
12/02/2017 11:25 AM 60,824 urscx01000.sys
12/02/2017 11:25 AM 114,688 UcmCx.sys
12/02/2017 11:25 AM 230,296 mrxsmb20.sys
12/02/2017 11:25 AM 726,016 srv2.sys
12/02/2017 11:25 AM 2,395,032 ntfs.sys
12/02/2017 11:25 AM 428,952 rdbss.sys
12/02/2017 11:25 AM 398,744 fltMgr.sys
12/02/2017 11:25 AM 1,277,848 ndis.sys
12/02/2017 11:25 AM 259,072 srvnet.sys
12/02/2017 11:25 AM 495,000 mrxsmb.sys
12/02/2017 11:25 AM 124,928 luafv.sys
12/02/2017 11:25 AM 394,752 ks.sys
12/02/2017 11:25 AM 770,048 WdiWiFi.sys
12/02/2017 11:25 AM 529,408 nwifi.sys
12/02/2017 11:25 AM 41,472 vwifimp.sys
12/02/2017 11:25 AM 422,912 srv.sys
12/02/2017 11:25 AM 285,696 mrxsmb10.sys
12/04/2017 06:06 PM 45,640 dbx-canary.sys
12/04/2017 06:06 PM 45,672 dbx-dev.sys
12/04/2017 06:06 PM 45,640 dbx-stable.sys
12/07/2017 03:07 PM 192,512 netvsc.sys
12/07/2017 04:10 PM 362,904 pci.sys
12/07/2017 04:12 PM 401,304 volsnap.sys
12/07/2017 04:14 PM 571,288 spaceport.sys
12/07/2017 04:22 PM 129,432 hvsocket.sys
12/07/2017 04:23 PM 677,272 cng.sys
12/07/2017 04:24 PM 437,144 USBXHCI.SYS
12/07/2017 04:30 PM 166,296 partmgr.sys
12/07/2017 04:34 PM 59,800 bam.sys
12/17/2017 05:20 AM 106,536 85417eb5e89d7589673d009387f5bcc4.sys
12/18/2017 10:32 AM 37,552 WinDivert64.sys
12/18/2017 10:45 AM 79,064 nrlk.sys
12/18/2017 08:31 PM 193,968 MbamChameleon.sys
12/19/2017 08:36 AM 94,144 mwac.sys
12/19/2017 03:53 PM 111,344 SYMEVENT64x86.SYS
12/20/2017 11:11 AM 142,160 sencfjmp.sys
12/20/2017 11:11 AM 253,880 mbamswissarmy.sys
12/20/2017 11:11 AM 110,016 farflt.sys
12/20/2017 11:12 AM 46,008 mbam.sys
12/20/2017 11:37 AM 101,112 SYMEVENT64x86.SY1
12/20/2017 11:37 AM 856 SYMEVENT64x86.INF
12/20/2017 11:37 AM 8,270 SYMEVENT64x86.CAT
433 File(s) 126,193,557 bytes
0 Dir(s) 37,574,455,296 bytes free

========= End of CMD: =========


==== End of Fixlog 12:54:17 ====

 

Also good luck with installing the update :)


Edited by Gubbins, 20 December 2017 - 04:50 PM.


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,852 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:02 AM

Posted 21 December 2017 - 01:52 PM

Gubbins:
 
Thank you for running that first script.  To get the command prompt in the Recovery Environment, see this link, instructions 1 to 3 only.  You don't need to create the installation media.  Click on the link that is titled: "Entry Points into WinRE."  I have also inserted that URL hyperlink into this post.
 
If you have any additional questions, please ask.
 
Thank you for your good wishes.  The upgrade to Build 1709 was successful, so now both of my Windows 10 Pro x64 computers are up to date.  There was no issue updating my laptop on the first try, but the desktop computer twice would get right to the end, into the multiple reboot phase, and then report that it encountered an error and would roll back to 1703.
 
Have a great day.
 
Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#9 Gubbins

Gubbins
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 21 December 2017 - 03:37 PM

Phil, glad to hear the update went well. I have successfully made my way to the command prompt and have opened frst. But I noticed that addition is not under optional scans, I have attached a photo so you can see what I mean.

Attached File  IMG_20171221_133002.jpg   45.22KB   0 downloads
 
I do have the FRST scan that you requested though:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by SYSTEM on MININT-39K7V7N (21-12-2017 13:28:26)
Running from g:\
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-10] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [NahimicMSIUILauncher] => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [740320 2015-12-04] ()
HKLM\...\Run: [iTunesHelper] => "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-23] (Logitech Inc.)
HKLM\...\Run: [stephane] => "C:\Program Files (x86)\Loiselle\savers.exe"
HKLM\...\Run: [stephanestinnett] => "C:\Program Files (x86)\promethean\grubs.exe"
HKLM\...\Run: [stephanestephane] => "C:\Program Files (x86)\Imitative\savers.exe"
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Louie\...\Run: [Steam] => "E:\Program Files (x86)\Steam\steam.exe" -silent
HKU\Louie\...\Run: [f.lux] => C:\Users\Louie\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\Louie\...\Run: [Discord] => C:\Users\Louie\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\Louie\...\Run: [GoogleChromeAutoLaunch_FF82A2E1C591AC4718E7E1E2F66F1CCC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-05] (Google Inc.)
HKU\Louie\...\RunOnce: [Application Restart #0] => C:\Windows\System32\Taskmgr.exe [1312504 2017-09-29] (Microsoft Corporation)
HKU\loutu\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\postgres\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
SSODL: EldosMountNotificator-cbfs6 - {14B5CBA2-BFB1-4525-A3F6-648FB8FEA57B} - C:\WINDOWS\system32\cbfsMntNtf6.dll (/n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {14B5CBA2-BFB1-4525-A3F6-648FB8FEA57B} -  No File
Startup: C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BAND.lnk [2017-10-03]
ShortcutTarget: BAND.lnk -> E:\Program Files (x86)\BAND\BAND.exe (No File)
Startup: C:\Users\Louie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter Banana.LNK [2017-10-03]
ShortcutTarget: Voicemeeter Banana.LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe (VB-AUDIO Software)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-05-10] (Advanced Micro Devices)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2017-12-09] ()
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-12-04] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [242448 2016-12-11] (EasyAntiCheat Ltd)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-01-23] (Logitech Inc.)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2017-04-02] ()
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\NS.exe [289080 2016-06-16] (Symantec Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-12] (Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-03-27] (Wacom Technology, Corp.)
S2 postgresql-x64-9.2; C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w [X]
S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 85417eb5e89d7589673d009387f5bcc4; C:\WINDOWS\system32\drivers\85417eb5e89d7589673d009387f5bcc4.sys [106536 2017-12-17] ()
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
S3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys [36558208 2017-05-16] (Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys [528760 2017-05-16] (Advanced Micro Devices, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [101376 2016-07-24] (Advanced Micro Devices)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\BASHDefs\20171218.003\BHDrvx64.sys [1872024 2017-12-18] (Symantec Corporation)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
S1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.)
S1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508056 2017-12-19] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158360 2017-12-19] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\IPSDefs\20171219.001\IDSvia64.sys [1056920 2017-12-19] (Symantec Corporation)
S4 iwwv; C:\Windows\System32\drivers\nrlk.sys [79064 2017-12-18] (Malwarebytes)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-01-23] (Logitech Inc.)
S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2017-12-20] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2017-12-20] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2017-12-20] (Malwarebytes)
S1 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-20] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2017-12-19] (Malwarebytes)
S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2017-09-29] (MediaTek Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NSx64\1607000.04C\SRTSP64.SYS [773360 2016-06-01] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
S0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1607000.04C\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [101112 2017-12-20] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NSx64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NSx64\1607000.04C\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation)
S3 VBAudioHFVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_hfvaio64_win7.sys [33512 2017-10-01] (Windows ® Win 7 DDK provider)
S3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows ® Win 7 DDK provider)
S3 VBAudioVMAUXVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2017-06-01] (Windows ® Win 7 DDK provider)
S3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-06-01] (Windows ® Win 7 DDK provider)
S3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2016-09-21] (/n software, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2017-12-12] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [288848 2017-12-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-12] (Microsoft Corporation)
S2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2017-12-18] (Basil)
S1 msidntfs; system32\drivers\msidntfs.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\SDSDefs\20171220.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\SDSDefs\20171220.002\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-20 13:37 - 2017-12-20 13:38 - 000269582 _____ C:\Windows\ntbtlog.txt
2017-12-20 13:26 - 2017-12-20 13:26 - 000003386 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-12-20 10:10 - 2017-12-20 11:54 - 000031668 _____ C:\Users\Louie\Downloads\Fixlog.txt
2017-12-19 20:25 - 2017-12-19 20:25 - 000095438 _____ C:\Users\Louie\Downloads\Addition.txt
2017-12-19 20:04 - 2017-12-19 20:56 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2017-12-19 20:04 - 2017-12-19 20:04 - 000000000 ____D C:\Program Files\Common Files\AV
2017-12-19 20:02 - 2017-12-19 20:25 - 000119566 _____ C:\Users\Louie\Downloads\FRST.txt
2017-12-19 20:01 - 2017-12-20 19:57 - 000000000 ____D C:\FRST
2017-12-19 20:00 - 2017-12-19 20:01 - 002392064 _____ (Farbar) C:\Users\Louie\Downloads\FRST64.exe
2017-12-19 19:58 - 2017-12-19 19:58 - 000740684 _____ C:\Windows\Minidump\121917-56937-01.dmp
2017-12-19 19:51 - 2017-12-19 19:51 - 000164562 _____ C:\Users\Louie\Downloads\Extras.Txt
2017-12-19 19:50 - 2017-12-19 19:50 - 000383600 _____ C:\Users\Louie\Downloads\OTL.Txt
2017-12-19 19:28 - 2017-12-19 19:28 - 000380928 _____ C:\Users\Louie\Downloads\xw7r1ilm.exe
2017-12-19 19:24 - 2017-12-19 19:25 - 000602112 _____ (OldTimer Tools) C:\Users\Louie\Downloads\OTL.exe
2017-12-19 19:10 - 2017-12-19 19:11 - 011203696 _____ (Piriform Ltd) C:\Users\Louie\Downloads\ccsetup538pro.exe
2017-12-19 14:53 - 2017-12-20 13:26 - 000002381 _____ C:\Users\Public\Desktop\Norton Security.lnk
2017-12-19 14:53 - 2017-12-20 13:26 - 000000000 ____D C:\Windows\System32\Drivers\NSx64
2017-12-19 14:53 - 2017-12-20 10:37 - 000101112 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2017-12-19 14:53 - 2017-12-20 10:37 - 000008270 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2017-12-19 14:53 - 2017-12-19 14:53 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2017-12-19 14:53 - 2017-12-19 14:53 - 000000000 ____D C:\Program Files (x86)\Norton Security
2017-12-19 14:48 - 2017-12-19 14:48 - 000741212 _____ C:\Windows\Minidump\121917-65984-01.dmp
2017-12-19 14:45 - 2017-12-19 14:45 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2017-12-19 14:33 - 2017-12-19 14:33 - 000734116 _____ C:\Windows\Minidump\121917-107625-01.dmp
2017-12-19 14:31 - 2017-12-19 19:58 - 2427384759 ____N C:\Windows\MEMORY.DMP
2017-12-19 14:25 - 2017-12-19 19:58 - 000000000 ____D C:\Windows\Minidump
2017-12-19 14:23 - 2017-12-19 14:53 - 000000000 ____D C:\ProgramData\Norton
2017-12-19 14:23 - 2017-12-19 14:28 - 000000000 ____D C:\ProgramData\NortonInstaller
2017-12-19 14:16 - 2017-12-19 14:23 - 144897312 _____ (Symantec Corporation) C:\Users\Louie\Downloads\NSD_22.5.2_SYMTB_PROMO_4_MRFTT_13376-EN-US.exe
2017-12-18 19:31 - 2017-12-20 13:37 - 000193968 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2017-12-18 19:31 - 2017-12-20 13:36 - 000110016 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2017-12-18 19:31 - 2017-12-18 19:31 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-18 19:31 - 2017-12-18 19:31 - 000000000 ____D C:\ProgramData\MB2Migration
2017-12-18 19:31 - 2017-12-18 19:31 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-18 19:31 - 2017-11-29 08:11 - 000077432 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-12-18 10:48 - 2017-12-18 11:03 - 000000000 ____D C:\Users\Louie\AppData\Roaming\FaggoCheat
2017-12-18 09:45 - 2017-12-18 09:45 - 000079064 _____ (Malwarebytes) C:\Windows\System32\Drivers\nrlk.sys
2017-12-18 09:44 - 2017-12-20 10:35 - 000000000 ____D C:\Users\Louie\AppData\Local\vsslhaw
2017-12-18 09:32 - 2017-12-20 19:57 - 000000000 ____D C:\Users\Louie\AppData\Local\igfxmtc
2017-12-18 09:32 - 2017-12-20 19:57 - 000000000 ____D C:\Users\Louie\AppData\Local\auneosh
2017-12-18 09:32 - 2017-12-18 09:32 - 000037552 _____ (Basil) C:\Windows\System32\Drivers\WinDivert64.sys
2017-12-18 09:31 - 2017-12-20 13:37 - 002884096 _____ C:\Windows\System32\upmxzcgsvc.exe
2017-12-18 09:31 - 2017-12-18 09:31 - 000003786 _____ C:\Windows\System32\Tasks\ts64070200640702006407020064070200
2017-12-18 09:31 - 2017-12-18 09:31 - 000003784 _____ C:\Windows\System32\Tasks\ts17025427170254271702542717025427
2017-12-18 09:31 - 2017-12-18 09:31 - 000003776 _____ C:\Windows\System32\Tasks\ts71934786719347867193478671934786
2017-12-18 09:31 - 2017-12-18 09:31 - 000000020 _____ C:\Windows\b64070200
2017-12-18 09:31 - 2017-12-18 09:31 - 000000000 ____D C:\Windows\SysWOW64\upiesmz
2017-12-18 09:31 - 2017-12-18 09:31 - 000000000 ____D C:\Windows\System32\upiesmz
2017-12-18 09:31 - 2017-12-18 09:31 - 000000000 ____D C:\Users\Louie\AppData\Roaming\et
2017-12-18 09:31 - 2017-12-18 09:31 - 000000000 ____D C:\Program Files (x86)\chancing
2017-12-18 09:30 - 2017-12-18 16:06 - 000000000 ____D C:\Users\Louie\AppData\Local\AdService
2017-12-18 09:29 - 2017-12-18 09:41 - 000000000 ____D C:\Windows\SysWOW64\SSL
2017-12-18 08:38 - 2017-12-18 08:38 - 000000000 ____D C:\Windows\System32\Drivers\wd
2017-12-18 07:59 - 2017-12-18 07:59 - 000000222 _____ C:\Users\Louie\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server).url
2017-12-17 04:20 - 2017-12-17 04:20 - 000106536 _____ C:\Windows\System32\Drivers\85417eb5e89d7589673d009387f5bcc4.sys
2017-12-17 04:20 - 2017-12-17 04:20 - 000051627 _____ C:\Windows\uninstaller.dat
2017-12-16 15:28 - 2010-02-04 09:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2017-12-16 15:28 - 2010-02-04 09:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-12-16 15:28 - 2007-04-04 17:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2017-12-16 15:23 - 2017-12-16 15:28 - 000000000 ____D C:\ProgramData\Epic
2017-12-16 15:23 - 2017-12-16 15:23 - 000000951 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-12-16 15:23 - 2017-12-16 15:23 - 000000000 ____D C:\Users\Louie\AppData\Local\UnrealEngineLauncher
2017-12-16 15:23 - 2017-12-16 15:23 - 000000000 ____D C:\Users\Louie\AppData\Local\EpicGamesLauncher
2017-12-16 15:18 - 2017-12-16 15:22 - 032145408 _____ C:\Users\Louie\Downloads\EpicInstaller-6.10.0.msi
2017-12-14 19:14 - 2017-12-14 19:14 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-12-12 14:13 - 2017-12-07 22:52 - 000666112 _____ (Microsoft Corporation) C:\Windows\System32\DHolographicDisplay.dll
2017-12-12 14:13 - 2017-12-07 15:34 - 001925296 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.dll
2017-12-12 14:13 - 2017-12-07 15:34 - 001634288 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll
2017-12-12 14:13 - 2017-12-07 15:34 - 000059800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bam.sys
2017-12-12 14:13 - 2017-12-07 15:31 - 008590744 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-12-12 14:13 - 2017-12-07 15:31 - 000779440 _____ (Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
2017-12-12 14:13 - 2017-12-07 15:30 - 000166296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2017-12-12 14:13 - 2017-12-07 15:28 - 000710912 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2017-12-12 14:13 - 2017-12-07 15:28 - 000630752 _____ (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2017-12-12 14:13 - 2017-12-07 15:27 - 004504456 _____ (Microsoft Corporation) C:\Windows\System32\sppsvc.exe
2017-12-12 14:13 - 2017-12-07 15:27 - 003903784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-12-12 14:13 - 2017-12-07 15:27 - 000184984 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2017-12-12 14:13 - 2017-12-07 15:26 - 007385088 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
2017-12-12 14:13 - 2017-12-07 15:26 - 002709200 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2017-12-12 14:13 - 2017-12-07 15:26 - 000525208 _____ (Microsoft Corporation) C:\Windows\System32\wimserv.exe
2017-12-12 14:13 - 2017-12-07 15:25 - 000374032 _____ (Microsoft Corporation) C:\Windows\System32\vac.exe
2017-12-12 14:13 - 2017-12-07 15:24 - 000705944 _____ (Microsoft Corporation) C:\Windows\System32\wimgapi.dll
2017-12-12 14:13 - 2017-12-07 15:24 - 000437144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2017-12-12 14:13 - 2017-12-07 15:24 - 000246168 _____ (Microsoft Corporation) C:\Windows\System32\browserbroker.dll
2017-12-12 14:13 - 2017-12-07 15:23 - 005905752 _____ (Microsoft Corporation) C:\Windows\System32\StartTileData.dll
2017-12-12 14:13 - 2017-12-07 15:23 - 000677272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2017-12-12 14:13 - 2017-12-07 15:22 - 001003104 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2017-12-12 14:13 - 2017-12-07 15:22 - 000979352 _____ (Microsoft Corporation) C:\Windows\System32\LicenseManager.dll
2017-12-12 14:13 - 2017-12-07 15:22 - 000137544 _____ (Microsoft Corporation) C:\Windows\System32\bcrypt.dll
2017-12-12 14:13 - 2017-12-07 15:22 - 000129432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hvsocket.sys
2017-12-12 14:13 - 2017-12-07 15:21 - 007676296 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
2017-12-12 14:13 - 2017-12-07 15:20 - 001170000 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2017-12-12 14:13 - 2017-12-07 15:19 - 021352136 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2017-12-12 14:13 - 2017-12-07 15:16 - 001776272 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2017-12-12 14:13 - 2017-12-07 15:16 - 000603920 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2017-12-12 14:13 - 2017-12-07 15:15 - 001426152 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2017-12-12 14:13 - 2017-12-07 15:15 - 000721592 _____ (Microsoft Corporation) C:\Windows\System32\sppwinob.dll
2017-12-12 14:13 - 2017-12-07 15:14 - 000571288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2017-12-12 14:13 - 2017-12-07 15:12 - 000401304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2017-12-12 14:13 - 2017-12-07 15:10 - 000362904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2017-12-12 14:13 - 2017-12-07 14:58 - 000123512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-12-12 14:13 - 2017-12-07 14:57 - 000649304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2017-12-12 14:13 - 2017-12-07 14:56 - 001528904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-12-12 14:13 - 2017-12-07 14:55 - 001490328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-12 14:13 - 2017-12-07 14:55 - 000097144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-12-12 14:13 - 2017-12-07 14:39 - 006092664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2017-12-12 14:13 - 2017-12-07 14:37 - 001145104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-12-12 14:13 - 2017-12-07 14:36 - 000769096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2017-12-12 14:13 - 2017-12-07 14:34 - 003484840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-12-12 14:13 - 2017-12-07 14:34 - 002192112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-12 14:13 - 2017-12-07 14:33 - 000747416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2017-12-12 14:13 - 2017-12-07 14:33 - 000592280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2017-12-12 14:13 - 2017-12-07 14:32 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-12-12 14:13 - 2017-12-07 14:31 - 001522176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-12-12 14:13 - 2017-12-07 14:31 - 001246432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-12-12 14:13 - 2017-12-07 14:31 - 000982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-12-12 14:13 - 2017-12-07 14:23 - 006478528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-12 14:13 - 2017-12-07 14:22 - 025245696 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2017-12-12 14:13 - 2017-12-07 14:13 - 002905600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-12-12 14:13 - 2017-12-07 14:13 - 001008640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2017-12-12 14:13 - 2017-12-07 14:12 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2017-12-12 14:13 - 2017-12-07 14:12 - 000202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2017-12-12 14:13 - 2017-12-07 14:12 - 000101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscript.ocx
2017-12-12 14:13 - 2017-12-07 14:11 - 003669504 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2017-12-12 14:13 - 2017-12-07 14:10 - 018916352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-12-12 14:13 - 2017-12-07 14:10 - 006466048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-12-12 14:13 - 2017-12-07 14:10 - 001313792 _____ (Microsoft Corporation) C:\Windows\System32\InstallService.dll
2017-12-12 14:13 - 2017-12-07 14:10 - 000536064 _____ (Microsoft Corporation) C:\Windows\System32\edgeIso.dll
2017-12-12 14:13 - 2017-12-07 14:10 - 000250368 _____ (Microsoft Corporation) C:\Windows\System32\AppxAllUserStore.dll
2017-12-12 14:13 - 2017-12-07 14:10 - 000150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-12 14:13 - 2017-12-07 14:10 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-12-12 14:13 - 2017-12-07 14:10 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-12 14:13 - 2017-12-07 14:09 - 001663488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2017-12-12 14:13 - 2017-12-07 14:09 - 000235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FSClient.dll
2017-12-12 14:13 - 2017-12-07 14:09 - 000147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2017-12-12 14:13 - 2017-12-07 14:09 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2017-12-12 14:13 - 2017-12-07 14:09 - 000136704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gamingtcui.dll
2017-12-12 14:13 - 2017-12-07 14:08 - 019336192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-12 14:13 - 2017-12-07 14:08 - 000514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-12 14:13 - 2017-12-07 14:08 - 000450048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2017-12-12 14:13 - 2017-12-07 14:08 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2017-12-12 14:13 - 2017-12-07 14:08 - 000206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2017-12-12 14:13 - 2017-12-07 14:08 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2017-12-12 14:13 - 2017-12-07 14:07 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-12-12 14:13 - 2017-12-07 14:07 - 000254976 _____ (Microsoft Corporation) C:\Windows\System32\PushToInstall.dll
2017-12-12 14:13 - 2017-12-07 14:07 - 000246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-12 14:13 - 2017-12-07 14:07 - 000192512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netvsc.sys
2017-12-12 14:13 - 2017-12-07 14:07 - 000172544 _____ (Microsoft Corporation) C:\Windows\System32\itss.dll
2017-12-12 14:13 - 2017-12-07 14:07 - 000164864 _____ (Microsoft Corporation) C:\Windows\System32\dmcertinst.exe
2017-12-12 14:13 - 2017-12-07 14:07 - 000140800 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2017-12-12 14:13 - 2017-12-07 14:06 - 023652864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-12-12 14:13 - 2017-12-07 14:06 - 000676352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2017-12-12 14:13 - 2017-12-07 14:06 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-12 14:13 - 2017-12-07 14:06 - 000174080 _____ (Microsoft Corporation) C:\Windows\System32\gamingtcui.dll
2017-12-12 14:13 - 2017-12-07 14:06 - 000164864 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2017-12-12 14:13 - 2017-12-07 14:05 - 006037504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-12-12 14:13 - 2017-12-07 14:05 - 001670656 _____ (Microsoft Corporation) C:\Windows\System32\batmeter.dll
2017-12-12 14:13 - 2017-12-07 14:05 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-12 14:13 - 2017-12-07 14:05 - 000559616 _____ (Microsoft Corporation) C:\Windows\System32\iprtrmgr.dll
2017-12-12 14:13 - 2017-12-07 14:05 - 000539136 _____ (Microsoft Corporation) C:\Windows\System32\HolographicExtensions.dll
2017-12-12 14:13 - 2017-12-07 14:05 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2017-12-12 14:13 - 2017-12-07 14:05 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-12 14:13 - 2017-12-07 14:05 - 000431616 _____ (Microsoft Corporation) C:\Windows\System32\msIso.dll
2017-12-12 14:13 - 2017-12-07 14:05 - 000363008 _____ (Microsoft Corporation) C:\Windows\System32\SettingsEnvironment.Desktop.dll
2017-12-12 14:13 - 2017-12-07 14:05 - 000334848 _____ (Microsoft Corporation) C:\Windows\System32\dusmsvc.dll
2017-12-12 14:13 - 2017-12-07 14:05 - 000306688 _____ (Microsoft Corporation) C:\Windows\System32\FSClient.dll
2017-12-12 14:13 - 2017-12-07 14:05 - 000222208 _____ (Microsoft Corporation) C:\Windows\System32\scrobj.dll
2017-12-12 14:13 - 2017-12-07 14:05 - 000164864 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2017-12-12 14:13 - 2017-12-07 14:05 - 000019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll
2017-12-12 14:13 - 2017-12-07 14:04 - 003678208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-12 14:13 - 2017-12-07 14:04 - 001498112 _____ (Microsoft Corporation) C:\Windows\System32\WebRuntimeManager.dll
2017-12-12 14:13 - 2017-12-07 14:04 - 001321472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-12 14:13 - 2017-12-07 14:04 - 000568832 _____ (Microsoft Corporation) C:\Windows\System32\TileDataRepository.dll
2017-12-12 14:13 - 2017-12-07 14:03 - 002467840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2017-12-12 14:13 - 2017-12-07 14:03 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-12 14:13 - 2017-12-07 14:03 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2017-12-12 14:13 - 2017-12-07 14:03 - 000841728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2017-12-12 14:13 - 2017-12-07 14:03 - 000708096 _____ (Microsoft Corporation) C:\Windows\System32\SndVolSSO.dll
2017-12-12 14:13 - 2017-12-07 14:03 - 000708096 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2017-12-12 14:13 - 2017-12-07 14:03 - 000594944 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2017-12-12 14:13 - 2017-12-07 14:03 - 000403968 _____ (Microsoft Corporation) C:\Windows\System32\WpAXHolder.dll
2017-12-12 14:13 - 2017-12-07 14:03 - 000308736 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-12 14:13 - 2017-12-07 14:03 - 000085504 _____ (Microsoft Corporation) C:\Windows\System32\hascsp.dll
2017-12-12 14:13 - 2017-12-07 14:02 - 007545344 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2017-12-12 14:13 - 2017-12-07 14:02 - 002864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-12-12 14:13 - 2017-12-07 14:02 - 002117632 _____ (Microsoft Corporation) C:\Windows\System32\pnidui.dll
2017-12-12 14:13 - 2017-12-07 14:02 - 000815616 _____ (Microsoft Corporation) C:\Windows\System32\ieproxy.dll
2017-12-12 14:13 - 2017-12-07 14:02 - 000813056 _____ (Microsoft Corporation) C:\Windows\System32\bisrv.dll
2017-12-12 14:13 - 2017-12-07 14:02 - 000496640 _____ (Microsoft Corporation) C:\Windows\System32\sppcext.dll
2017-12-12 14:13 - 2017-12-07 14:01 - 008097280 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2017-12-12 14:13 - 2017-12-07 14:01 - 004592640 _____ (Microsoft Corporation) C:\Windows\System32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-12 14:13 - 2017-12-07 14:01 - 001980928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-12-12 14:13 - 2017-12-07 14:01 - 000601088 _____ (Microsoft Corporation) C:\Windows\System32\ipnathlp.dll
2017-12-12 14:13 - 2017-12-07 14:01 - 000021504 _____ (Microsoft Corporation) C:\Windows\System32\slcext.dll
2017-12-12 14:13 - 2017-12-07 14:00 - 004740608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2017-12-12 14:13 - 2017-12-07 14:00 - 002862080 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2017-12-12 14:13 - 2017-12-07 14:00 - 001509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2017-12-12 14:13 - 2017-12-07 13:59 - 003121664 _____ (Microsoft Corporation) C:\Windows\System32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-12 14:13 - 2017-12-07 13:59 - 002105856 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2017-12-12 14:13 - 2017-12-07 13:59 - 001666048 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Input.Inking.dll
2017-12-12 14:13 - 2017-12-07 13:59 - 001058304 _____ (Microsoft Corporation) C:\Windows\System32\comdlg32.dll
2017-12-12 14:13 - 2017-12-07 13:59 - 000880640 _____ (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2017-12-12 14:13 - 2017-12-07 13:58 - 003478016 _____ (Microsoft Corporation) C:\Windows\System32\mispace.dll
2017-12-12 14:13 - 2017-12-07 13:58 - 003211776 _____ (Microsoft Corporation) C:\Windows\System32\NetworkMobileSettings.dll
2017-12-12 14:13 - 2017-12-07 13:58 - 001547264 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-12-12 14:13 - 2017-12-07 13:58 - 001353728 _____ (Microsoft Corporation) C:\Windows\System32\usercpl.dll
2017-12-12 14:13 - 2017-12-07 13:58 - 000812032 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2017-12-12 14:13 - 2017-12-07 13:57 - 001822208 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2017-12-12 14:13 - 2017-12-07 13:57 - 001487872 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2017-12-12 14:13 - 2017-12-07 13:56 - 002666496 _____ (Microsoft Corporation) C:\Windows\System32\storagewmi.dll
2017-12-12 14:13 - 2017-12-07 13:56 - 001739264 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Immersive.dll
2017-12-12 14:13 - 2017-12-07 13:56 - 000685056 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2017-12-12 14:13 - 2017-12-07 13:54 - 002510336 _____ (Microsoft Corporation) C:\Windows\System32\ResetEngine.dll
2017-12-12 14:13 - 2017-12-07 13:54 - 001570816 _____ (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2017-12-12 14:13 - 2017-12-07 13:54 - 001160704 _____ (Microsoft Corporation) C:\Windows\System32\reseteng.dll
2017-12-04 17:06 - 2017-12-04 17:06 - 000051016 _____ (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
2017-12-04 17:06 - 2017-12-04 17:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-dev.sys
2017-12-04 17:06 - 2017-12-04 17:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys
2017-12-04 17:06 - 2017-12-04 17:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-canary.sys
2017-12-03 22:50 - 2017-12-03 22:50 - 000440128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2017-12-03 22:50 - 2017-12-03 22:50 - 000263856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2017-12-03 22:50 - 2017-12-03 22:50 - 000242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2017-12-03 22:50 - 2017-12-03 22:50 - 000083792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2017-12-03 22:38 - 2017-12-03 22:38 - 000641696 _____ (Microsoft Corporation) C:\Windows\System32\msvcp140.dll
2017-12-03 22:38 - 2017-12-03 22:38 - 000389296 _____ (Microsoft Corporation) C:\Windows\System32\vccorlib140.dll
2017-12-03 22:38 - 2017-12-03 22:38 - 000331432 _____ (Microsoft Corporation) C:\Windows\System32\concrt140.dll
2017-12-03 22:38 - 2017-12-03 22:38 - 000087728 _____ (Microsoft Corporation) C:\Windows\System32\vcruntime140.dll
2017-12-03 20:55 - 2017-12-03 20:55 - 001829245 _____ C:\Users\Louie\Downloads\Aphrodite (1).pptx
2017-12-03 20:51 - 2017-12-03 20:51 - 001823863 _____ C:\Users\Louie\Downloads\Aphrodite.pptx
2017-12-02 15:06 - 2017-12-02 15:06 - 000000000 ____D C:\Users\Louie\Desktop\HitFilm Express 2017 Exports
2017-12-02 14:32 - 2017-12-02 14:34 - 045660901 _____ C:\Users\Louie\Downloads\Elektronomia - Vitality [NCS Release].mp4
2017-12-02 10:51 - 2017-12-02 10:51 - 017939992 _____ (VB-AUDIO Software) C:\Users\Louie\Downloads\VoicemeeterProSetup (1).exe
2017-12-02 10:28 - 2017-12-14 19:01 - 000000000 ____D C:\Windows.old
2017-12-02 10:26 - 2017-12-02 10:28 - 000000000 ____D C:\Windows\System32\config\bbimigrate
2017-12-02 10:26 - 2017-12-02 10:26 - 000008192 _____ C:\Windows\System32\config\userdiff
2017-12-02 10:26 - 2017-12-02 10:26 - 000000000 ____D C:\Windows\ServiceProfiles
2017-12-02 10:25 - 2017-12-02 10:25 - 021754368 _____ (Microsoft Corporation) C:\Windows\System32\Hydrogen.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 017159680 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 017084416 _____ (Microsoft Corporation) C:\Windows\System32\HologramCompositor.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 013703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 013655552 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 012829696 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 012687360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 011923456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 007831248 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 006791472 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 006015200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 004814848 _____ (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 004772352 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 004648528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 004487968 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 004385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 004249600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 003578368 _____ (Microsoft Corporation) C:\Windows\System32\SRH.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 003334144 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 003331520 _____ C:\Windows\System32\Windows.Mirage.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 003186688 _____ (Microsoft Corporation) C:\Windows\System32\Windows.CloudStore.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 003163648 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 003010720 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002972672 _____ (Microsoft Corporation) C:\Windows\System32\twinui.pcshell.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002890240 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.Resources.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002783744 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002717392 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002633216 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002596352 _____ (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 002573208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 002491112 _____ C:\Windows\SysWOW64\Windows.Mirage.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002465848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002446744 _____ (Microsoft Corporation) C:\Windows\System32\UpdateAgent.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002412168 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002395032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 002393600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002339296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002269080 _____ (Microsoft Corporation) C:\Windows\System32\mfsrcsnk.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 002208768 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001990160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001970520 _____ (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001954048 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001806336 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Speech.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001694224 _____ (Microsoft Corporation) C:\Windows\System32\winmde.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001664000 _____ (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001642520 _____ (Microsoft Corporation) C:\Windows\System32\d3d9.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001636376 _____ (Microsoft Corporation) C:\Windows\System32\gdi32full.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001615720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001585376 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001558856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001554216 _____ (Microsoft Corporation) C:\Windows\System32\twinapi.appcore.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001507736 _____ (Microsoft Corporation) C:\Windows\System32\mfmpeg2srcsnk.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001495040 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.desktop.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001488792 _____ (Microsoft Corporation) C:\Windows\System32\ContentDeliveryManager.Utilities.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001474680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001470976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001463856 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001454568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001432816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001425408 _____ (Microsoft Corporation) C:\Windows\System32\SystemSettings.Handlers.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001424896 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001413760 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2017-12-02 10:25 - 2017-12-02 10:25 - 001377080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001323840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001289216 _____ (Microsoft Corporation) C:\Windows\System32\usocore.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001280000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001277848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 001261864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001259344 _____ (Microsoft Corporation) C:\Windows\System32\mfsvr.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001208184 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 001200536 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 001167360 _____ (Microsoft Corporation) C:\Windows\System32\ISM.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001148216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001124760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001090440 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2017-12-02 10:25 - 2017-12-02 10:25 - 001057824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001054720 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001054280 _____ (Microsoft Corporation) C:\Windows\System32\msvproc.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001053592 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 001015008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 001012120 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Services.TargetedContent.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000975872 _____ C:\Windows\System32\FaceProcessor.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000956416 _____ (Microsoft Corporation) C:\Windows\System32\Spectrum.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000925184 _____ (Microsoft Corporation) C:\Windows\System32\MPSSVC.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000924136 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000902416 _____ (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000899584 _____ (Microsoft Corporation) C:\Windows\System32\samsrv.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000891800 _____ (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000887296 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000882688 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Mirage.Internal.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000840440 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Perception.Stub.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000830464 _____ (Microsoft Corporation) C:\Windows\System32\d3d9on12.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000823808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000791960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000770048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdiWiFi.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000768512 _____ (Microsoft Corporation) C:\Windows\System32\PCPKsp.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000754688 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000749976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms2.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000746904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Services.TargetedContent.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000739696 _____ (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000726016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000720896 _____ (Microsoft Corporation) C:\Windows\System32\LogonController.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000713624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000703568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000703536 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000665088 _____ (Microsoft Corporation) C:\Windows\System32\TpmCoreProvisioning.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000661664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000660480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000654848 _____ (Microsoft Corporation) C:\Windows\System32\RDXService.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000654048 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000615768 _____ (Microsoft Corporation) C:\Windows\System32\services.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000614912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000612760 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000610712 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000597160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000590944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000588288 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000566272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000559512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000557056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9on12.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000556544 _____ (Microsoft Corporation) C:\Windows\System32\LockAppBroker.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000555416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2017-12-02 10:25 - 2017-12-02 10:25 - 000542208 _____ (Microsoft Corporation) C:\Windows\System32\FirewallAPI.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000534528 _____ (Microsoft Corporation) C:\Windows\System32\apphelp.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000529408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000519152 _____ (Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000516096 _____ (Microsoft Corporation) C:\Windows\System32\ActivationManager.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000506256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Perception.Stub.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000495000 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000479912 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000478208 _____ (Microsoft Corporation) C:\Windows\System32\NgcCtnr.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000474112 _____ (Microsoft Corporation) C:\Windows\System32\DictationManager.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000471960 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000464408 _____ (Microsoft Corporation) C:\Windows\System32\bcryptprimitives.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000462336 _____ (Microsoft Corporation) C:\Windows\System32\wuuhext.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000461312 _____ (Microsoft Corporation) C:\Windows\System32\wlansec.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000456704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000442880 _____ (Microsoft Corporation) C:\Windows\System32\cryptngc.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000436120 _____ (Microsoft Corporation) C:\Windows\System32\CloudExperienceHostCommon.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000432640 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.LockScreen.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000432640 _____ (Microsoft Corporation) C:\Windows\System32\provengine.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000428952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000424960 _____ (Microsoft Corporation) C:\Windows\System32\provhandlers.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000422912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000418712 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000404888 _____ (Microsoft Corporation) C:\Windows\System32\CloudExperienceHost.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000398744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000394752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000373656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\clfs.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcLayers.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000362176 _____ (Microsoft Corporation) C:\Windows\System32\BioIso.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000361984 _____ (Microsoft Corporation) C:\Windows\System32\SpatializerApo.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000354304 _____ (Microsoft Corporation) C:\Windows\System32\WwaApi.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000354200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000353848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000353688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000351232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DictationManager.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000336896 _____ (Microsoft Corporation) C:\Windows\System32\HolographicRuntimes.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000329728 _____ (Microsoft Corporation) C:\Windows\System32\AcGenral.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000327680 _____ (Microsoft Corporation) C:\Windows\System32\MusNotification.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000326144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000319352 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000315392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000301056 _____ (Microsoft Corporation) C:\Windows\System32\AcLayers.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WwaApi.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000292864 _____ (Microsoft Corporation) C:\Windows\System32\ExecModelClient.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000285696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000285080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000271872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SpatializerApo.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000269696 _____ C:\Windows\System32\FaceProcessorCore.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000266752 _____ (Microsoft Corporation) C:\Windows\System32\SIHClient.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000264040 _____ (Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000259072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExecModelClient.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000239104 _____ (Microsoft Corporation) C:\Windows\System32\smartscreenps.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000238080 _____ (Microsoft Corporation) C:\Windows\System32\DeviceSetupManager.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000230296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000227328 _____ (Microsoft Corporation) C:\Windows\System32\CapabilityAccessManager.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000211456 _____ (Microsoft Corporation) C:\Windows\System32\MusNotificationUx.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000204288 _____ (Microsoft Corporation) C:\Windows\System32\provisioningcsp.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000198888 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000187288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000175104 _____ (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000170496 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000169472 _____ (Microsoft Corporation) C:\Windows\System32\wuuhosdeployment.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000168448 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_SIUF.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000151040 _____ (Microsoft Corporation) C:\Windows\System32\umpo.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000149400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storahci.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000147864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wcifs.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000135168 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_CapabilityAccess.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000126464 _____ (Microsoft Corporation) C:\Windows\System32\cryptcatsvc.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000124928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000115200 _____ (Microsoft Corporation) C:\Windows\System32\updatepolicy.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000114688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UcmCx.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000097792 _____ C:\Windows\System32\runexehelper.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000095744 _____ (Microsoft Corporation) C:\Windows\System32\CapabilityAccessManagerClient.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000092160 _____ (Microsoft Corporation) C:\Windows\System32\usoapi.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000086016 _____ (Microsoft Corporation) C:\Windows\System32\XblAuthTokenBrokerExt.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000084992 _____ (Microsoft Corporation) C:\Windows\System32\DeviceUpdateAgent.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000082840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000079360 _____ (Microsoft Corporation) C:\Windows\System32\acppage.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\System32\provtool.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\acppage.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CapabilityAccessManagerClient.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000060824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\urscx01000.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000059392 _____ (Microsoft Corporation) C:\Windows\System32\aadjcsp.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000058880 _____ (Microsoft Corporation) C:\Windows\System32\TpmTasks.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000057856 _____ (Microsoft Corporation) C:\Windows\System32\wuautoappupdate.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000057344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UcmUcsi.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000056320 _____ (Microsoft Corporation) C:\Windows\System32\AcSpecfc.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000048112 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000046080 _____ (Microsoft Corporation) C:\Windows\System32\rdrleakdiag.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000045464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storufs.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdrleakdiag.exe
2017-12-02 10:25 - 2017-12-02 10:25 - 000041472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000034816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BasicRender.sys
2017-12-02 10:25 - 2017-12-02 10:25 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcVSp1res.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000022528 _____ (Microsoft Corporation) C:\Windows\System32\msdtcVSp1res.dll
2017-12-02 10:25 - 2017-12-02 10:25 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-12-02 10:23 - 2017-12-02 10:23 - 001166520 _____ (Microsoft Corporation) C:\Windows\System32\PresentationNative_v0300.dll
2017-12-02 10:23 - 2017-12-02 10:23 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-12-02 10:23 - 2017-12-02 10:23 - 000124624 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2017-12-02 10:23 - 2017-12-02 10:23 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-12-02 10:23 - 2017-12-02 10:23 - 000035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-12-02 10:23 - 2017-12-02 10:23 - 000035456 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2017-12-02 10:23 - 2017-12-02 10:23 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-12-02 10:23 - 2017-12-02 10:23 - 000000000 ____D C:\Program Files\MSBuild
2017-12-02 10:23 - 2017-12-02 10:23 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-12-02 10:23 - 2017-12-02 10:23 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-12-02 09:39 - 2017-12-02 09:39 - 000000000 ____D C:\ProgramData\USOShared
2017-12-02 09:39 - 2017-12-02 09:39 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-12-02 09:38 - 2017-12-20 10:17 - 001172330 _____ C:\Windows\System32\PerfStringBackup.INI
2017-12-02 09:38 - 2017-12-02 09:38 - 000000020 ___SH C:\Users\Louie\ntuser.ini
2017-12-02 09:38 - 2017-12-02 09:38 - 000000000 ___HD C:\Users\Louie\MicrosoftEdgeBackups
2017-12-02 09:34 - 2017-12-20 13:36 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-02 09:34 - 2017-12-20 10:09 - 000004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F4659663-4B5C-4A36-AF3E-05A24889D459}
2017-12-02 09:34 - 2017-12-09 20:02 - 000003374 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2560975061-945233026-2718747551-1003
2017-12-02 09:34 - 2017-12-02 09:34 - 000015243 _____ C:\Windows\diagwrn.xml
2017-12-02 09:34 - 2017-12-02 09:34 - 000015243 _____ C:\Windows\diagerr.xml
2017-12-02 09:34 - 2017-12-02 09:34 - 000003452 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-12-02 09:34 - 2017-12-02 09:34 - 000003344 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-02 09:34 - 2017-12-02 09:34 - 000003228 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-12-02 09:34 - 2017-12-02 09:34 - 000003120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-02 09:34 - 2017-12-02 09:34 - 000002810 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-musicmaker610@gmail.com
2017-12-02 09:34 - 2017-12-02 09:34 - 000002412 _____ C:\Windows\System32\Tasks\NahimicMSIUILauncherRun
2017-12-02 09:34 - 2017-12-02 09:34 - 000002400 _____ C:\Windows\System32\Tasks\NahimicMSIsvc64Run
2017-12-02 09:34 - 2017-12-02 09:34 - 000002392 _____ C:\Windows\System32\Tasks\NahimicMSIsvc32Run
2017-12-02 09:34 - 2017-12-02 09:34 - 000002146 _____ C:\Windows\System32\Tasks\StartCN
2017-12-02 09:34 - 2017-12-02 09:34 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2017-12-02 09:33 - 2017-12-02 09:33 - 000000020 ___SH C:\Users\postgres\ntuser.ini
2017-12-02 09:32 - 2017-09-29 05:41 - 002241024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-12-02 09:31 - 2017-12-19 21:40 - 000000000 ____D C:\users\Louie
2017-12-02 09:31 - 2017-12-14 12:10 - 000000000 ____D C:\Users\Louie\AppData\Local\Packages
2017-12-02 09:31 - 2017-12-02 09:33 - 000000000 ____D C:\users\postgres
2017-12-02 09:31 - 2017-12-02 09:33 - 000000000 ____D C:\users\loutu
2017-12-02 09:30 - 2017-12-19 21:35 - 000000000 ____D C:\Windows\System32\SleepStudy
2017-12-02 09:30 - 2017-12-18 08:38 - 000421792 _____ C:\Windows\System32\FNTCACHE.DAT
2017-12-02 02:53 - 2017-12-02 02:53 - 000000000 ____D C:\Users\Louie\Documents\FXHOME
2017-12-02 02:53 - 2017-12-02 02:53 - 000000000 ____D C:\Users\Louie\AppData\Local\HitFilm Express 2017 Activation
2017-12-02 02:53 - 2017-12-02 02:53 - 000000000 ____D C:\Users\Louie\AppData\Local\FXHOME Helper
2017-12-02 02:53 - 2017-12-02 02:53 - 000000000 ____D C:\Users\Louie\AppData\Local\FXHOME
2017-12-02 02:53 - 2017-12-02 02:53 - 000000000 ____D C:\ProgramData\FXHOME
2017-12-02 02:53 - 2017-12-02 02:53 - 000000000 ____D C:\Program Files\FXHOME
2017-12-02 02:53 - 2017-12-02 02:53 - 000000000 ____D C:\Program Files\Common Files\OFX
2017-12-02 02:53 - 2017-12-02 02:53 - 000000000 ____D C:\Program Files\Boris FX, Inc
2017-12-02 02:53 - 2017-12-02 02:53 - 000000000 ____D C:\Program Files (x86)\Boris FX, Inc
2017-12-02 02:43 - 2017-12-02 02:52 - 288817152 _____ C:\Users\Louie\Downloads\HitFilmExpress2017_x64_5.0.7012.39363.msi
2017-11-30 18:44 - 2017-11-30 18:44 - 000414332 _____ C:\Users\Louie\Downloads\againts.zip
2017-11-29 17:26 - 2017-11-29 17:26 - 000018113 _____ C:\Users\Louie\AppData\Local\recently-used.xbel
2017-11-29 17:05 - 2017-12-02 09:38 - 000000000 ___DC C:\Windows\Panther
2017-11-27 17:46 - 2017-11-27 17:47 - 003257160 _____ C:\Users\Louie\Downloads\Eglamour.pptx
2017-11-21 19:02 - 2017-11-21 19:02 - 000000000 ____D C:\Users\Louie\AppData\Roaming\bluray
2017-11-21 18:57 - 2017-11-21 18:57 - 000000955 _____ C:\Users\Public\Desktop\Leawo Blu-ray Player.lnk
2017-11-21 18:57 - 2017-11-21 18:57 - 000000000 ____D C:\Users\Louie\AppData\Roaming\Leawo
2017-11-21 18:57 - 2017-11-21 18:57 - 000000000 ____D C:\ProgramData\Leawo
2017-11-21 18:54 - 2017-11-21 18:56 - 055727872 _____ (Leawo Software Co., Ltd. ) C:\Users\Louie\Downloads\blurayplayer_setup.exe
2017-11-21 12:01 - 2017-11-21 12:01 - 000000222 _____ C:\Users\Louie\Desktop\Alien Swarm Reactive Drop.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-20 19:57 - 2017-05-22 18:20 - 000000000 ____D C:\Users\Louie\AppData\Local\MyComGames
2017-12-20 13:38 - 2017-09-29 00:45 - 021757952 _____ C:\Windows\System32\config\HARDWARE
2017-12-20 13:38 - 2017-09-29 00:45 - 000786432 _____ C:\Windows\System32\config\BBI
2017-12-20 13:37 - 2016-11-01 15:56 - 000253880 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2017-12-20 13:37 - 2016-11-01 15:56 - 000046008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-12-20 13:36 - 2017-04-27 15:09 - 000065536 _____ C:\Windows\System32\spu_storage.bin
2017-12-20 13:34 - 2017-06-27 10:02 - 000000000 ____D C:\Users\Louie\AppData\Roaming\band-desktop
2017-12-20 13:34 - 2017-06-01 09:34 - 000034170 _____ C:\Users\Louie\AppData\Roaming\VoiceMeeterDefault.xml
2017-12-20 13:34 - 2016-05-23 17:13 - 000000000 ___RD C:\Users\Louie\OneDrive
2017-12-20 13:29 - 2017-09-29 05:46 - 000000000 ___HD C:\Windows\ELAMBKUP
2017-12-20 10:10 - 2016-05-25 14:20 - 000000000 ____D C:\Users\Louie\AppData\LocalLow\Temp
2017-12-19 19:59 - 2016-11-21 16:05 - 000000000 ____D C:\Users\Louie\AppData\Roaming\discord
2017-12-19 19:54 - 2017-09-29 05:44 - 000000000 ____D C:\Windows\INF
2017-12-19 17:30 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\rescache
2017-12-19 16:58 - 2017-09-29 00:45 - 000032768 _____ C:\Windows\System32\config\ELAM
2017-12-19 14:44 - 2017-05-05 15:58 - 000000000 ____D C:\Users\Louie\AppData\Local\CrashDumps
2017-12-19 14:25 - 2016-05-18 10:06 - 000903783 ____N C:\Windows\Minidump\121917-9328-01.dmp
2017-12-19 07:36 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\AppReadiness
2017-12-19 07:36 - 2016-11-01 15:56 - 000094144 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2017-12-18 19:31 - 2016-11-01 15:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-18 09:46 - 2017-01-23 14:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-18 09:46 - 2017-01-23 14:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-18 09:39 - 2016-05-23 17:49 - 000002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-18 09:34 - 2017-01-23 14:04 - 000000000 ____D C:\Users\Louie\AppData\LocalLow\Mozilla
2017-12-18 09:31 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2017-12-18 08:39 - 2016-05-24 18:20 - 000000000 ___RD C:\Users\Louie\3D Objects
2017-12-18 08:39 - 2016-02-13 05:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-18 08:38 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\TextInput
2017-12-18 08:38 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\SysWOW64\Dism
2017-12-18 08:38 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\oobe
2017-12-18 08:38 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\appraiser
2017-12-18 08:38 - 2017-09-29 00:45 - 000000000 ____D C:\Windows\System32\Dism
2017-12-17 09:59 - 2017-05-21 15:03 - 000000000 ____D C:\Users\Louie\AppData\Local\Roblox
2017-12-17 09:46 - 2017-05-21 15:03 - 000000252 _____ C:\Users\Louie\AppData\LocalLow\rbxcsettings.rbx
2017-12-17 09:34 - 2017-05-21 15:07 - 000001473 _____ C:\Users\Louie\Desktop\Roblox Player.lnk
2017-12-17 09:34 - 2017-05-21 15:03 - 000001288 _____ C:\Users\Louie\Desktop\Roblox Studio.lnk
2017-12-16 15:28 - 2016-09-22 14:23 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-16 15:23 - 2017-09-22 13:19 - 000000000 ____D C:\Users\Louie\AppData\Local\UnrealEngine
2017-12-16 14:47 - 2017-09-29 05:37 - 000000000 ____D C:\Windows\CbsTemp
2017-12-16 14:43 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-14 19:14 - 2017-09-29 05:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-14 19:14 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-14 19:14 - 2016-03-03 11:51 - 000000000 ____D C:\Program Files\Microsoft Office
2017-12-14 12:03 - 2016-05-24 15:33 - 000000000 ____D C:\Windows\System32\MRT
2017-12-14 12:02 - 2017-10-10 17:22 - 133326408 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2017-12-14 12:02 - 2016-05-24 15:33 - 133326408 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-12-14 12:00 - 2017-06-01 10:21 - 000000000 ____D C:\Users\Louie\Documents\Voicemeeter
2017-12-12 14:14 - 2016-11-21 16:05 - 000002277 _____ C:\Users\Louie\Desktop\Discord.lnk
2017-12-12 14:14 - 2016-11-21 16:05 - 000000000 ____D C:\Users\Louie\AppData\Local\Discord
2017-12-09 20:14 - 2016-05-24 18:23 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-12-03 14:38 - 2017-09-29 05:49 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-03 14:38 - 2017-09-29 05:49 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-03 12:03 - 2016-07-12 13:13 - 000000000 ____D C:\Users\Louie\AppData\Roaming\OBS
2017-12-02 15:38 - 2016-06-12 17:34 - 000000000 ____D C:\Users\Louie\AppData\Roaming\vlc
2017-12-02 11:04 - 2017-06-01 10:33 - 000034170 _____ C:\Users\Louie\Desktop\settings.xml
2017-12-02 10:53 - 2017-06-01 09:33 - 000000000 ____D C:\Program Files\VB
2017-12-02 10:52 - 2017-06-01 09:33 - 000000000 ____D C:\Program Files (x86)\VB
2017-12-02 10:39 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\appcompat
2017-12-02 10:29 - 2017-09-29 05:46 - 000028672 _____ C:\Windows\System32\config\BCD-Template
2017-12-02 10:28 - 2017-09-29 05:49 - 000000000 ____D C:\Windows\Setup
2017-12-02 10:28 - 2017-09-29 05:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-12-02 10:28 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\WinBioDatabase
2017-12-02 10:28 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\spool
2017-12-02 10:28 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\NDF
2017-12-02 10:28 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\LiveKernelReports
2017-12-02 10:28 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\Help
2017-12-02 10:28 - 2017-04-12 17:07 - 000000000 ____D C:\Program Files\UNP
2017-12-02 10:28 - 2017-03-31 14:51 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-12-02 10:28 - 2017-03-18 13:03 - 000000000 ____D C:\Windows\System32\Tasks_Migrated
2017-12-02 10:28 - 2016-11-04 17:24 - 000000000 ____D C:\Windows\System32\ÿÿÿÿÿÿÿÿ8
2017-12-02 10:28 - 2016-05-18 10:20 - 000000000 ____D C:\Program Files\Intel
2017-12-02 10:28 - 2016-02-29 17:43 - 000000000 ___HD C:\Windows\OEM
2017-12-02 10:26 - 2017-04-27 15:09 - 000000000 ____D C:\Program Files\Realtek
2017-12-02 10:26 - 2017-04-27 15:09 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\yo-NG
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\wo-SN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\ur-PK
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\ug-CN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\tt-RU
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\tk-TM
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\ti-ET
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\te-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\ta-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\sw-KE
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\sq-AL
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\si-LK
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\rw-RW
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\quz-PE
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\prs-AF
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\pa-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\or-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\nn-NO
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\ne-NP
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\mt-MT
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\mr-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\mn-MN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\ml-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\mk-MK
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\lo-LA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\lb-LU
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\ky-KG
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\kok-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\kn-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\km-KH
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\ka-GE
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\is-IS
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\ig-NG
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\hy-AM
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\gu-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\gd-GB
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\ga-IE
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\fil-PH
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\fa-IR
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\cy-GB
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\bn-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\bn-BD
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\be-BY
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\as-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\am-ET
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\SysWOW64\af-ZA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\zu-ZA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\yo-NG
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\xh-ZA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\wo-SN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\vi-VN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\uz-Latn-UZ
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\ur-PK
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\ug-CN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\tt-RU
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\tn-ZA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\tk-TM
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\ti-ET
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\tg-Cyrl-TJ
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\te-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\ta-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\sw-KE
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\sr-Cyrl-RS
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\sr-Cyrl-BA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\sq-AL
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\si-LK
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\sd-Arab-PK
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\rw-RW
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\quz-PE
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\quc-Latn-GT
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\prs-AF
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\pa-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\pa-Arab-PK
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\or-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\nso-ZA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\nn-NO
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\ne-NP
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\mt-MT
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\mr-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\mn-MN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\ml-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\mk-MK
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\mi-NZ
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\lo-LA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\lb-LU
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\ky-KG
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\ku-Arab-IQ
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\kok-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\kn-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\km-KH
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\kk-KZ
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\ka-GE
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\is-IS
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\ig-NG
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\id-ID
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\hy-AM
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\ha-Latn-NG
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\gu-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\gd-GB
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\ga-IE
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\fil-PH
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\fa-IR
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\cy-GB
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\chr-CHER-US
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\ca-ES-valencia
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\bs-Latn-BA
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\bn-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\bn-BD
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\be-BY
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\az-Latn-AZ
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\as-IN
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\am-ET
2017-12-02 10:25 - 2017-09-29 06:42 - 000000000 ____D C:\Windows\System32\af-ZA
2017-12-02 10:25 - 2017-09-29 05:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2017-12-02 10:25 - 2017-09-29 05:46 - 000000000 ___SD C:\Windows\System32\F12
2017-12-02 10:25 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2017-12-02 10:25 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\WinMetadata
2017-12-02 10:25 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\WinBioPlugIns
2017-12-02 10:25 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\ShellExperiences
2017-12-02 10:25 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\Provisioning
2017-12-02 10:25 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-02 10:25 - 2017-09-29 05:46 - 000000000 ____D C:\PerfLogs
2017-12-02 09:39 - 2017-09-29 05:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-12-02 09:38 - 2016-05-23 17:12 - 000000000 ____D C:\Users\Louie\AppData\Local\TileDataLayer
2017-12-02 09:35 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\Registration
2017-12-02 09:34 - 2016-09-22 14:27 - 000022840 _____ C:\Windows\System32\emptyregdb.dat
2017-12-02 09:32 - 2017-09-29 05:46 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2017-12-02 09:31 - 2017-09-29 00:45 - 000000000 ____D C:\Windows\System32\Sysprep
2017-12-02 09:31 - 2016-07-20 17:11 - 000000000 ____D C:\Users\loutu\AppData\Local\Packages
2017-12-02 09:30 - 2017-04-27 15:09 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2017-12-02 09:30 - 2017-04-27 15:09 - 000000000 ____D C:\Windows\System32\DAX2
2017-12-02 09:30 - 2017-04-27 15:09 - 000000000 ____D C:\Program Files\AMD
2017-12-02 09:30 - 2016-05-18 10:11 - 000000000 ____D C:\AMD
2017-12-01 17:51 - 2016-12-26 19:09 - 000821416 _____ C:\Windows\System32\Drivers\EasyAntiCheat.sys
2017-12-01 15:11 - 2017-06-27 10:02 - 000000733 _____ C:\Users\Public\Desktop\BAND.lnk
2017-11-29 17:29 - 2016-07-15 08:20 - 000000000 ____D C:\Users\Louie\.gimp-2.8
2017-11-29 17:26 - 2016-07-15 09:20 - 000000000 ____D C:\Users\Louie\AppData\Local\gtk-2.0
2017-11-25 11:11 - 2016-06-13 12:49 - 000000000 ____D C:\Users\Louie\AppData\Roaming\.technic
2017-11-25 11:11 - 2016-06-13 12:43 - 004734880 _____ () C:\Users\Louie\Downloads\TechnicLauncher.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2017-12-12 14:13] - [2017-12-07 15:27] - 003903784 _____ (Microsoft Corporation) 2B41096DED5180E1FE733DFC652D1AFF
 
C:\Windows\SysWOW64\explorer.exe
[2017-12-12 14:13] - [2017-12-07 14:34] - 003484840 _____ (Microsoft Corporation) 3F7DFCC49334A83CF9CA1213A70CBC9E
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2017-12-12 14:13] - [2017-12-07 15:34] - 001634288 _____ (Microsoft Corporation) 0370364D4D8846B6CF316ABBB2EDB083
 
C:\Windows\SysWOW64\User32.dll
[2017-12-12 14:13] - [2017-12-07 14:56] - 001528904 _____ (Microsoft Corporation) 5D41A00F6ED104C9639D5CBF0D38A1D6
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2017-12-12 14:13] - [2017-12-07 15:12] - 000401304 _____ (Microsoft Corporation) 5B27846CF4B1C21AFB3A35A8336BA02F
 
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 6%
Total physical RAM: 16341.57 MB
Available physical RAM: 15242.13 MB
Total Virtual: 16341.57 MB
Available Virtual: 15325.54 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.24 GB) (Free:36.09 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.39 GB) (Free:553.32 GB) NTFS
Drive e: (Tablet_CD) (CDROM) (Total:0.36 GB) (Free:0 GB) CDFS
Drive f: (Recovery) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
Drive g: () (Removable) (Total:28.86 GB) (Free:25.37 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 28.9 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.
 
LastRegBack: 2017-12-14 19:00
 
==================== End of FRST.txt ============================

Edited by Gubbins, 21 December 2017 - 09:34 PM.


#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,852 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:02 AM

Posted 22 December 2017 - 12:59 PM

Gubbins:

 

Thank you for the FRST log.  I apologize.  FRST will not generate an "Addition.txt" file when run in WinRE.  Senior moment! :blush:

 

I have to be away this afternoon and evening.  I will analyze the new logs tomorrow and post back further instructions.

 

Thank you for your patience and understanding.  Have a great weekend.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#11 Gubbins

Gubbins
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 22 December 2017 - 01:01 PM

Alright, thank you for letting me know about the addition.txt file. That is a relief.

 

Enjoy your weekend


Edited by Gubbins, 22 December 2017 - 01:18 PM.


#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,852 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:02 AM

Posted 23 December 2017 - 01:46 PM

Gubbins:

Thank you for your patience while I analyzed your FRST logs.

IMPORTANT: I would strongly recommend that you backup all of your important data before running the FRST "fixlist" script that is attached. This script should disable the SmartService infection and then Malwarebytes will clean up the remnants.

.

:step1: Please run a FRST fix for me. Please save the attached FRST "fixlist.txt" file to the USB flash drive/folder where FRST64.exe is located.

You must reboot your computer to the Windows Recovery Environment and go to the command prompt as before. Then insert the USB flash drive, containing both FRST64.exe and the attached "fixlist.txt" file, into the infected computer. Launch FRST64.exe, as previously instructed in Step :step2: of this post.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.

  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder on the USB flash drive as the FRST64.exe program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

:step2: Boot your computer normally.

Please run a Malwarebytes Anti-Malware scan for me. Please very carefully follow the instructions below. It is very important to ensure that "Scan for rootkits" and "Automatic quarantine" are turned on BEFORE beginning the scan.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

Please let me know whether you are now able to activate your Norton protection components and how your computer is running, in your next reply, along with the scan/fix logs.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 Gubbins

Gubbins
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 23 December 2017 - 03:34 PM

Good News! (I think). I ran the fix script you gave me and I have the log that you requested. I ran Malwarebytes and I could not find anything in the program that is labeled History or Application, but I did export the scan summary and will put that in my next post. All of Norton's protection features are enabled now as well. I believe that my PC is running fine but it is hard to tell because the only real signs that I had that something was wrong were random spikes in CPU usage.

 

Here is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by SYSTEM (23-12-2017 13:17:51) Run:4
Running from g:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
DeleteKey: HKLM\SYSTEM\ControlSet001\Services\udiskMgr
DeleteKey: HKLM\SYSTEM\ControlSet001\Services\amdacpksd
DeleteKey: HKLM\SYSTEM\ControlSet001\Services\bomrrhbs
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
S1 bomrrhbs; \??\C:\WINDOWS\system32\drivers\bomrrhbs.sys [X]
R3 udiskMgr; system32\drivers\wadgkn.sys [X]
C:\Users\Louie\AppData\Local\auneosh
C:\Users\Louie\AppData\Local\igfxmtc
C:\Users\Louie\AppData\Local\vsslhaw
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
C:\WINDOWS\system32\drivers\85417eb5e89d7589673d009387f5bcc4.sys
C:\WINDOWS\system32\upmxzcgsvc.exe;
C:\WINDOWS\SysWOW64\upiesmz
C:\WINDOWS\system32\upiesmz
C:\Users\Louie\AppData\Roaming\et
C:\Program Files (x86)\chancing
C:\Users\Louie\AppData\Local\AdService
C:\WINDOWS\system32\Drivers\pil*.sys
*****************
 
HKLM\SYSTEM\ControlSet001\Services\udiskMgr => key not found
HKLM\SYSTEM\ControlSet001\Services\amdacpksd => key not found
HKLM\SYSTEM\ControlSet001\Services\bomrrhbs => key not found
amdacpksd => service not found.
bomrrhbs => service not found.
udiskMgr => service not found.
C:\Users\Louie\AppData\Local\auneosh => moved successfully
C:\Users\Louie\AppData\Local\igfxmtc => moved successfully
C:\Users\Louie\AppData\Local\vsslhaw => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
C:\WINDOWS\system32\drivers\85417eb5e89d7589673d009387f5bcc4.sys => moved successfully
"C:\WINDOWS\system32\upmxzcgsvc.exe;" => not found.
C:\WINDOWS\SysWOW64\upiesmz => moved successfully
C:\WINDOWS\system32\upiesmz => moved successfully
C:\Users\Louie\AppData\Roaming\et => moved successfully
C:\Program Files (x86)\chancing => moved successfully
C:\Users\Louie\AppData\Local\AdService => moved successfully
 
=========== "C:\WINDOWS\system32\Drivers\pil*.sys" ==========
 
not found
 
========= End -> "C:\WINDOWS\system32\Drivers\pil*.sys" ========
 
 

==== End of Fixlog 13:18:04 ==== 


Edited by Gubbins, 23 December 2017 - 03:39 PM.


#14 Gubbins

Gubbins
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 23 December 2017 - 03:36 PM

And here is the Malwarebytes scan summary:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/23/17
Scan Time: 1:19 PM
Log File: 9e5588d4-e81e-11e7-bbc4-4ccc6a0ad569.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3551
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User: LOUIE2-DESKTOP\Louie
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362589
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 2 min, 32 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
Trojan.Clicker, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\msidntfs, Quarantined, [20], [433331],1.0.3551
 
Registry Value: 1
Adware.Adservice, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SVCHOST|HNSERVICEGROUP, Quarantined, [2383], [472036],1.0.3551
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.WinResSync, C:\USERS\LOUIE\APPDATA\ROAMING\MICROSOFT\PROTECT\WINRESCHECK.WRC, Quarantined, [2696], [471379],1.0.3551
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,852 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:02 AM

Posted 24 December 2017 - 01:12 PM

Louie:

Thank you for your FRST "fixlog.txt" results and for the copy of the Malwarebytes scan log. I am really happy to hear that your computer appears to be running fine! :thumbup2:

I am going to want to run some more scans to ensure that we got everything that was nefarious. This being the Christmas season, I don't expect your usual very prompt responses, but I have appreciated your timely responses.

All of the following scans are to be run from Normal Boot mode. It sure is a lot less painful than the WinRE! :)

.

:step1: Let's run a Malwarebytes Anti-Rootkit (MBAR) Scan.

  • Download Malwarebytes Anti-Rootkit from this link.
  • Run the file and follow the onscreen instructions to extract it to a location of your choosing (your desktop by default).
  • Malwarebytes Anti-Rootkit will then open, follow the instruction in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional: Internet access, Windows Update, Windows Firewall.
  • If there are additional problems with your system, such as any of those listed above or other system issues, then run the "fixdamage" tool included with Malwarebytes Anti-Rootkit located within the "Plugins" folder and reboot.
  • Verify that your system is now functioning normally.
  • If you experience any problems running the tool or it hasn't fully resolved all of the issues you had, please let me know.

.

:step2: Please run an ESET Online Scanner using Internet Explorer. Please note that if no threats are detected, no log will be produced. This product is the "go to" online scanner because it is very thorough and there are not many false positives.

Note: You will need to disable your currently installed Norton Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step3: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining "Clean" instructions until directed to do so by me, if you have questions or concerns about one or more of the detections.
If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

.

:step4: I saw some issues in your original FRST logs that concerned me, which might have been due to the "SmartService" infection. I would like to get a fresh set of Normal Boot FRST logs to ensure that there are no remaining traces of the "SmartService" infection and to see whether the errors that concerned me are still persisting. If so, I will address those with you, in future posts, once we are certain that your computer is no longer infected with malware.

So if you would be so kind as to run a normal FRST scan on your computer and then copy and paste the logs (FRST.txt and Addition.txt) into your next replies, I would greatly appreciate it.

.

Thank you and have a great day ... and Merry Christmas to you and yours!

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users