Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NTUSERLITELIST Virus And Resource is in use


  • This topic is locked This topic is locked
4 replies to this topic

#1 Thezlehman

Thezlehman

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 02 January 2018 - 09:52 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by zalehman123 (administrator) on ZALEHMAN987 (02-01-2018 21:49:39)
Running from C:\Users\zalehman123\Downloads
Loaded Profiles: zalehman123 (Available Profiles: zalehman123)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
() C:\Windows\System32\mswqcnk.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) D:\Office\Office14\MSOSYNC.EXE
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-07-02] (Realtek Semiconductor)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
HKLM-x32\...\Run: [svcvmx] => "C:\Users\zalehman123\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [BCSSync] => D:\Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646680 2017-09-27] (Oracle Corporation)
HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\...\Run: [OfficeSyncProcess] => D:\Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [16971752 2017-12-13] (Plex, Inc.)
HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
Startup: C:\Users\zalehman123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-12-24]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\zalehman123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-10-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
BootExecute: autocheck autochk * Partizan
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1159C4B8-027D-4620-A0DB-7964661D4FE5}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{B5454333-9B65-45DC-8F60-E1C56295D98E}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-9.0.1\bin\ssv.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-9.0.1\bin\jp2ssv.dll [2017-12-22] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-14] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-14] (Oracle Corporation)
DPF: HKLM-x32 {8C9DC9DB-121B-47F3-AE1F-72D903A417DB} hxxp://vision.cable.comcast.com/comcast/controls/contactbehaviors.dll

FireFox:
========
FF DefaultProfile: ldizmq19.default-1510619146557
FF ProfilePath: C:\Users\zalehman123\AppData\Roaming\Mozilla\Firefox\Profiles\ldizmq19.default-1510619146557 [2018-01-02]
FF Homepage: Mozilla\Firefox\Profiles\ldizmq19.default-1510619146557 -> file:///D:/startpage/startpage-master/index.html
FF Extension: (Honey) - C:\Users\zalehman123\AppData\Roaming\Mozilla\Firefox\Profiles\ldizmq19.default-1510619146557\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2017-12-30]
FF Extension: (uBlock Origin) - C:\Users\zalehman123\AppData\Roaming\Mozilla\Firefox\Profiles\ldizmq19.default-1510619146557\Extensions\uBlock0@raymondhill.net.xpi [2017-12-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-24] ()
FF Plugin: @java.com/DTPlugin,version=12.0.1.0 -> C:\Program Files\Java\jre-9.0.1\bin\dtplugin\npDeployJava1.dll [2017-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=12.0.1.0 -> C:\Program Files\Java\jre-9.0.1\bin\plugin2\npjp2.dll [2017-12-22] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2393918241-2313618224-3958569718-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\zalehman123\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-10] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\zalehman123\AppData\Local\Google\Chrome\User Data\Default [2018-01-02]
CHR Extension: (Docs) - C:\Users\zalehman123\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]
CHR Extension: (Google Drive) - C:\Users\zalehman123\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-12]
CHR Extension: (YouTube) - C:\Users\zalehman123\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-12]
CHR Extension: (Adobe Acrobat) - C:\Users\zalehman123\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-12]
CHR Extension: (Google Docs Offline) - C:\Users\zalehman123\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zalehman123\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-03]
CHR Extension: (Gmail) - C:\Users\zalehman123\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-12]
CHR Extension: (Chrome Media Router) - C:\Users\zalehman123\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\rzyojpi <==== ATTENTION (Rootkit!)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-12-23] (Advanced Micro Devices) [File not signed]
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2102248 2017-12-13] (Plex, Inc.)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142432 2017-11-09] (Microsoft Corporation)
S3 wampapache64; c:\wamp64\bin\apache\apache2.4.27\bin\httpd.exe [29184 2017-07-07] (Apache Software Foundation) [File not signed]
S3 wampmariadb64; c:\wamp64\bin\mariadb\mariadb10.2.8\bin\mysqld.exe [14545920 2017-08-17] () [File not signed]
S3 wampmysqld64; c:\wamp64\bin\mysql\mysql5.7.19\bin\mysqld.exe [39496704 2017-06-22] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S2 ClickToRunSvc; "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2017-07-02] (Advanced Micro Devices)
R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [11944 2017-07-02] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2017-07-02] (Advanced Micro Devices)
S3 FLxHCIv; C:\Windows\System32\Drivers\FLxHCIv.sys [173736 2017-07-02] ()
S4 hkccnksa; C:\Windows\System32\drivers\uddgyl.sys [79064 2017-08-08] (Malwarebytes)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-07-02] (REALiX™)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2018-01-02] (Greatis Software)
S4 psfqlg; C:\Windows\System32\drivers\guud.sys [79064 2017-08-08] (Malwarebytes)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-12-30] ()
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-06-10] (Cisco Systems, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-11-10] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-11-10] (Zemana Ltd.)
S1 msidntfs; system32\drivers\msidntfs.sys [X]
S1 slwabvce; \??\C:\Windows\system32\drivers\slwabvce.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-02 21:49 - 2018-01-02 21:49 - 000015257 _____ C:\Users\zalehman123\Downloads\FRST.txt
2018-01-02 21:49 - 2018-01-02 21:49 - 000000000 ____D C:\FRST
2018-01-02 21:48 - 2018-01-02 21:48 - 002393088 _____ (Farbar) C:\Users\zalehman123\Downloads\FRST64.exe
2018-01-02 21:38 - 2018-01-02 21:38 - 000016106 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2018-01-02 21:21 - 2018-01-02 21:21 - 000000000 ____D C:\ProgramData\RegRun
2018-01-02 21:10 - 2018-01-02 21:10 - 000040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2018-01-02 21:09 - 2018-01-02 21:47 - 000000000 ____D C:\Users\zalehman123\Documents\RegRun2
2018-01-02 21:09 - 2018-01-02 21:34 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2018-01-02 21:09 - 2018-01-02 21:12 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-01-02 21:09 - 2018-01-02 21:09 - 000003342 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2018-01-02 21:09 - 2018-01-02 21:09 - 000001062 _____ C:\Users\zalehman123\Desktop\UnHackMe.lnk
2018-01-02 21:09 - 2018-01-02 21:09 - 000000002 RSHOT C:\Windows\winstart.bat
2018-01-02 21:09 - 2018-01-02 21:09 - 000000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2018-01-02 21:09 - 2018-01-02 21:09 - 000000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2018-01-02 21:09 - 2018-01-02 21:09 - 000000000 ____D C:\Users\zalehman123\Downloads\unhackmeb
2018-01-02 21:09 - 2018-01-02 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2018-01-02 21:09 - 2017-12-18 21:19 - 000000660 _____ C:\Windows\system32\Drivers\etc\hosts.old
2018-01-02 21:09 - 2017-12-13 17:47 - 000014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2018-01-02 21:09 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2018-01-02 21:08 - 2018-01-02 21:09 - 018989045 _____ C:\Users\zalehman123\Downloads\unhackmeb.zip
2018-01-02 20:45 - 2018-01-02 20:45 - 000000947 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2018-01-02 20:45 - 2018-01-02 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2018-01-02 20:44 - 2018-01-02 20:45 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-01-02 20:42 - 2018-01-02 20:44 - 300349592 _____ (Emsisoft Ltd. ) C:\Users\zalehman123\Downloads\EmsisoftAntiMalwareSetup.exe
2018-01-02 20:42 - 2018-01-02 20:42 - 001790024 _____ (Malwarebytes) C:\Users\zalehman123\Downloads\JRT.exe
2018-01-02 20:41 - 2018-01-02 20:41 - 008198432 _____ (Malwarebytes) C:\Users\zalehman123\Downloads\AdwCleaner.exe
2018-01-02 20:04 - 2018-01-02 20:07 - 000000000 ____D C:\Users\zalehman123\AppData\Local\Plex Media Server
2018-01-02 20:02 - 2018-01-02 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2018-01-02 20:02 - 2018-01-02 20:02 - 000000000 ____D C:\Program Files (x86)\Plex
2018-01-02 20:01 - 2018-01-02 20:02 - 076272656 _____ (Plex, Inc.) C:\Users\zalehman123\Downloads\Plex-Media-Server-1.10.1.4602-f54242b6b.exe
2018-01-02 19:39 - 2018-01-02 19:39 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\PSMoveService
2018-01-02 19:00 - 2018-01-02 19:00 - 007916819 _____ (PSMoveService ) C:\Users\zalehman123\Downloads\PSMoveService-Setup64.exe
2018-01-02 19:00 - 2018-01-02 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSMoveService
2018-01-02 19:00 - 2018-01-02 19:00 - 000000000 ____D C:\Program Files\PSMoveService
2018-01-02 18:56 - 2018-01-02 18:56 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2018-01-02 18:55 - 2018-01-02 18:57 - 000001305 _____ C:\Users\Public\Desktop\CL-Eye Test.lnk
2018-01-02 18:55 - 2018-01-02 18:55 - 005410368 _____ (Code Laboratories, Inc.) C:\Users\zalehman123\Downloads\CL-Eye-Driver-5.3.0.0341-Emuline.exe
2018-01-02 18:55 - 2018-01-02 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CL-Eye Driver
2018-01-02 18:55 - 2018-01-02 18:55 - 000000000 ____D C:\Program Files (x86)\Code Laboratories
2018-01-01 10:56 - 2018-01-01 11:15 - 840098245 _____ C:\Users\zalehman123\Downloads\Silent.Hill.2006.BluRay.720p.x264.YIFY.mp4
2018-01-01 10:55 - 2018-01-01 11:01 - 682596135 _____ C:\Users\zalehman123\Downloads\Spy.Kids.2001.720p.BrRip.x264.YIFY.mp4
2017-12-31 19:26 - 2017-12-31 19:50 - 2374431110 _____ C:\Users\zalehman123\Downloads\Full.Metal.Jacket.1987.1080p.BluRay.H264.AAC-RARBG.mp4
2017-12-31 11:27 - 2017-12-31 11:39 - 1628162048 _____ C:\Users\zalehman123\Downloads\Three.Billboards.Outside.Ebbing,Missouri.2017.DVDScr.XVID.AC3.HQ.Hive-CM8.avi
2017-12-30 22:18 - 2017-12-30 22:30 - 1607527853 _____ C:\Users\zalehman123\Downloads\Edward.Scissorhands.1990.1080p.BrRip.x264.YIFY.mp4
2017-12-30 22:09 - 2017-12-30 22:14 - 731766784 _____ C:\Users\zalehman123\Downloads\Superbabies.Baby.Geniuses.2.avi
2017-12-30 21:23 - 2017-12-30 21:33 - 524501642 _____ C:\Users\zalehman123\Downloads\Juno.2007.720p.x264.BrRip.YIFY.mkv
2017-12-30 21:23 - 2017-12-30 21:30 - 789361187 _____ C:\Users\zalehman123\Downloads\Matilda.1996.720p.BluRay.x264.YIFY.mp4
2017-12-30 18:25 - 2017-12-30 18:39 - 1786596620 _____ C:\Users\zalehman123\Downloads\Annabelle.Creation.2017.1080p.BluRay.x264-[YTS.AG].mp4
2017-12-30 17:19 - 2017-12-30 17:27 - 1078263935 _____ C:\Users\zalehman123\Downloads\Harry.Potter.And.The.Deathly.Hallows.Part.2.2011.720p.BrRip.264.YIFY.mkv-muxed.mp4
2017-12-30 17:00 - 2017-12-30 17:16 - 2152024532 _____ C:\Users\zalehman123\Downloads\Harry.Potter.and.the.Deathly.Hallows.Part.1.2010.1080p.BrRip.x264.YIFY.mp4
2017-12-30 16:32 - 2017-12-30 16:44 - 682790506 _____ C:\Users\zalehman123\Downloads\Harry_Potter_and_the_Half_Blood_Prince_2009.mkv
2017-12-30 16:31 - 2017-12-30 16:49 - 1991293412 _____ C:\Users\zalehman123\Downloads\Harry.Potter.and.the.Order.of.the.Phoenix.2007.1080p.BrRip.x264.YIFY.mp4
2017-12-30 16:07 - 2017-12-30 16:22 - 2260089520 _____ C:\Users\zalehman123\Downloads\Harry.Potter.and.the.Goblet.of.Fire.2005.1080p.BrRip.x264.YIFY.mp4
2017-12-30 15:40 - 2017-12-30 15:51 - 1448398518 _____ C:\Users\zalehman123\Downloads\Captain.Underpants.The.First.Epic.Movie.2017.1080p.BluRay.x264-[YTS.AG].mp4
2017-12-30 14:35 - 2017-12-30 14:36 - 000000000 ____D C:\Users\zalehman123\Desktop\desktop clear
2017-12-30 14:33 - 2018-01-02 21:43 - 000000000 ____D C:\Users\zalehman123\AppData\Local\ntuserlitelist
2017-12-30 12:17 - 2017-12-30 12:17 - 000000000 ____D C:\Windows\pss
2017-12-30 00:11 - 2017-12-30 00:11 - 000000978 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2017-12-30 00:11 - 2017-12-30 00:11 - 000000000 ____D C:\Users\zalehman123\AppData\LocalLow\Blizzard Entertainment
2017-12-30 00:11 - 2017-12-30 00:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2017-12-30 00:07 - 2017-12-30 00:07 - 089579672 _____ (The GIMP Team ) C:\Users\zalehman123\Downloads\gimp-2.8.22-setup.exe
2017-12-29 23:56 - 2017-12-31 10:10 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-12-29 23:55 - 2017-12-29 23:55 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2017-12-29 23:53 - 2018-01-02 20:41 - 000000000 ____D C:\Users\zalehman123\AppData\Local\Battle.net
2017-12-29 23:53 - 2017-12-29 23:55 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\Battle.net
2017-12-29 23:53 - 2017-12-29 23:53 - 000000000 ____D C:\Users\zalehman123\AppData\Local\Blizzard Entertainment
2017-12-29 23:53 - 2017-12-29 23:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-12-29 23:51 - 2018-01-01 18:31 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-12-29 23:51 - 2017-12-30 00:11 - 000000000 ____D C:\Users\zalehman123\AppData\Local\Blizzard
2017-12-29 23:51 - 2017-12-29 23:51 - 000000000 ____D C:\ProgramData\Battle.net
2017-12-29 23:50 - 2017-12-29 23:50 - 004039152 _____ (Blizzard Entertainment) C:\Users\zalehman123\Downloads\Hearthstone-Setup.exe
2017-12-29 15:56 - 2017-12-29 16:07 - 851222350 _____ C:\Users\zalehman123\Downloads\Pixels.2015.720p.BluRay.x264.YIFY.mp4
2017-12-29 15:56 - 2017-12-29 16:04 - 576131414 _____ C:\Users\zalehman123\Downloads\Harry_Potter_and_the_Prisoner_of_Azkaban_2004.mkv
2017-12-28 22:19 - 2017-12-28 22:26 - 628979934 _____ C:\Users\zalehman123\Downloads\Harry_Potter_and_the_Chamber_of_Secrets_2002.mkv
2017-12-28 22:11 - 2017-12-28 22:39 - 2315657594 _____ C:\Users\zalehman123\Downloads\Harry Potter - Quidditch World Cup (USA) (En,Fr,Es).7z
2017-12-28 19:30 - 2017-12-28 19:30 - 008790420 _____ C:\Users\zalehman123\Downloads\LiveSplit_1.7.4.zip
2017-12-27 19:45 - 2017-12-27 19:45 - 000109952 _____ C:\Users\zalehman123\Downloads\Resume 12142017.pdf
2017-12-27 19:13 - 2017-12-27 19:18 - 629319046 _____ C:\Users\zalehman123\Downloads\Shrek.2001.720p.BluRay.x264.YIFY.mp4
2017-12-27 18:49 - 2017-12-27 19:35 - 1098907095 _____ C:\Users\zalehman123\Downloads\War.For.The.Planet.Of.The.Apes.2017.720p.BluRay.x264-[YTS.AG].mp4
2017-12-27 17:44 - 2017-12-27 17:44 - 000000000 ___SH C:\Users\zalehman123\AppData\Local\LumaEmu
2017-12-27 17:44 - 2017-12-27 17:44 - 000000000 ____D C:\Users\zalehman123\AppData\Local\LumaEmu_SteamCloud
2017-12-27 15:47 - 2017-12-27 16:28 - 2024897382 _____ C:\Users\zalehman123\Downloads\Life-Is-Strange_COMPLETE_nosTEAM.part3.rar
2017-12-27 15:45 - 2017-12-27 17:19 - 4293918720 _____ C:\Users\zalehman123\Downloads\Life-Is-Strange_COMPLETE_nosTEAM.part1.exe
2017-12-27 15:41 - 2017-12-27 15:41 - 000000000 ____D C:\Users\zalehman123\startpage
2017-12-27 15:40 - 2017-12-27 15:40 - 006989300 _____ C:\Users\zalehman123\Downloads\startpage-master.zip
2017-12-27 15:28 - 2017-12-27 17:00 - 4293918720 _____ C:\Users\zalehman123\Downloads\Life-Is-Strange_COMPLETE_nosTEAM.part2.rar
2017-12-27 10:25 - 2017-12-27 10:26 - 008041792 _____ (Trend Media Corporation Limited.) C:\Users\zalehman123\Downloads\flashget3.7.0.1195en.exe
2017-12-26 01:02 - 2017-12-26 01:11 - 1284933512 _____ C:\Users\zalehman123\Downloads\The.Fate.of.the.Furious.2017.720p.HDTC.x264.ShAaNiG.mkv
2017-12-26 00:17 - 2017-12-26 00:26 - 987269325 _____ C:\Users\zalehman123\Downloads\Coco 2017 720p HDTS x264 AAC.mkv
2017-12-25 23:49 - 2017-12-25 23:49 - 006654960 _____ (AVAST Software) C:\Users\zalehman123\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-12-25 23:14 - 2017-12-25 23:29 - 1084830675 _____ C:\Users\zalehman123\Downloads\Justice.League.2017.KORSUB.HDRip.x264-STUTTERbleep.mp4
2017-12-24 23:09 - 2017-12-24 23:09 - 020862801 _____ C:\Users\zalehman123\Downloads\Improved Trees and Flora 2-11891.7z
2017-12-24 22:35 - 2017-12-24 22:35 - 000000000 ____D C:\Program Files (x86)\Bethesda Softworks1
2017-12-24 20:22 - 2017-12-24 21:51 - 196804608 _____ C:\Users\zalehman123\Downloads\rld-tes4.iso
2017-12-24 18:26 - 2017-12-24 18:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls IV - Oblivion [GOG.com]
2017-12-24 18:26 - 2017-12-24 18:26 - 000000000 ____D C:\ProgramData\GOG.com
2017-12-24 18:26 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-12-24 18:26 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-12-24 18:26 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-12-24 18:26 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-12-24 18:26 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-12-24 18:26 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-12-24 18:26 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-12-24 18:26 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-12-24 18:26 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-12-24 18:26 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-12-24 18:26 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-12-24 18:26 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-12-24 18:26 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-12-24 18:26 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-12-24 18:26 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-12-24 18:26 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-12-24 18:26 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-12-24 18:26 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-12-24 18:26 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-12-24 18:26 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-12-24 18:26 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-12-24 18:26 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-12-24 18:26 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-12-24 18:26 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-12-24 18:26 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-12-24 18:26 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-12-24 18:26 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-12-24 18:26 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-12-24 18:26 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-12-24 18:26 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-12-24 18:26 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-12-24 18:26 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-12-24 18:26 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-12-24 18:26 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-12-24 18:26 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-12-24 18:26 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-12-24 18:26 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2017-12-24 18:26 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2017-12-24 18:26 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-12-24 18:26 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-12-24 18:26 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-12-24 18:26 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-12-24 18:26 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-12-24 18:26 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-12-24 18:26 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-12-24 18:26 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-12-24 18:26 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-12-24 18:26 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-12-24 18:26 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-12-24 18:26 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2017-12-24 18:26 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-12-24 18:26 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2017-12-24 18:26 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-12-24 18:26 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-12-24 18:26 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-12-24 18:26 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-12-24 18:26 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-12-24 18:26 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-12-24 18:26 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-12-24 18:26 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-12-24 18:26 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-12-24 18:26 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-12-24 18:26 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-12-24 18:26 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-12-24 18:26 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-12-24 18:26 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-12-24 18:26 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-12-24 18:26 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-12-24 18:26 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-12-24 18:26 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-12-24 18:26 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-12-24 18:26 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-12-24 18:26 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-12-24 18:26 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-12-24 18:26 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-12-24 18:26 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-12-24 18:26 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-12-24 18:26 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-12-24 18:26 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-12-24 18:26 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-12-24 18:26 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-12-24 18:26 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-12-24 18:26 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-12-24 18:26 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-12-24 18:26 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-12-24 18:26 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-12-24 18:26 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-12-24 18:26 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-12-24 18:26 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-12-24 18:26 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-12-24 18:26 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-12-24 18:26 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-12-24 18:26 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-12-24 18:26 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-12-24 18:26 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-12-24 18:26 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-12-24 18:26 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-12-24 18:26 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-12-24 18:26 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-12-24 18:26 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-12-24 18:26 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-12-24 18:26 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-12-24 18:26 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-12-24 18:26 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-12-24 18:26 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-12-24 18:26 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-12-24 18:26 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-12-24 18:26 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-12-24 18:26 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-12-24 18:26 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-12-24 18:26 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-12-24 18:26 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-12-24 18:26 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-12-24 18:26 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-12-24 18:26 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-12-24 18:26 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-12-24 18:26 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-12-24 18:26 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-12-24 18:26 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-12-24 18:26 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-12-24 18:26 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-12-24 18:26 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-12-24 18:26 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-12-24 18:26 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-12-24 18:26 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-12-24 18:26 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-12-24 18:26 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-12-24 18:26 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-12-24 18:26 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-12-24 18:26 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-12-24 18:26 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-12-24 18:26 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-12-24 18:26 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-12-24 18:26 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-12-24 18:26 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-12-24 18:26 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-12-24 18:26 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-12-24 18:26 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-12-24 18:26 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-12-24 18:26 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-12-24 18:26 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-12-24 18:26 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-12-24 18:26 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-12-24 18:26 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-12-24 18:26 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-12-24 18:26 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-12-24 18:26 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2017-12-24 18:26 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2017-12-24 18:26 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-12-24 18:26 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-12-24 18:26 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-12-24 18:26 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-12-24 18:26 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-12-24 18:26 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-12-24 18:26 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-12-24 18:26 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-12-24 18:26 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-12-24 18:26 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-12-24 18:26 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-12-24 18:26 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-12-24 18:26 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-12-24 18:26 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-12-24 18:26 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-12-24 18:26 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-12-24 18:25 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-12-24 18:25 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-12-24 18:25 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-12-24 18:25 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-12-24 18:25 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-12-24 18:25 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-12-24 18:25 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-12-24 18:25 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-12-24 18:25 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-12-24 18:25 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-12-24 18:25 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-12-24 18:25 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-12-24 18:25 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-12-24 18:25 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-12-24 18:25 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-12-24 18:25 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-12-24 18:25 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-12-24 18:25 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-12-24 18:16 - 2017-12-24 18:16 - 000000000 ____D C:\GOG Games
2017-12-24 17:26 - 2017-12-24 17:26 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-24 17:08 - 2017-12-24 17:08 - 000000000 ____D C:\Users\zalehman123\Documents\MEGAsync Downloads
2017-12-24 17:03 - 2017-12-24 17:03 - 000000000 ____D C:\Windows\System32\Tasks\MEGA
2017-12-24 17:03 - 2017-12-24 17:03 - 000000000 ____D C:\Users\zalehman123\AppData\Local\Mega Limited
2017-12-24 17:03 - 2017-12-24 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync
2017-12-24 17:03 - 2017-12-24 17:03 - 000000000 ____D C:\ProgramData\MEGAsync
2017-12-24 17:02 - 2017-12-24 17:02 - 014975800 _____ (MEGA Limited) C:\Users\zalehman123\Downloads\MEGAsyncSetup.exe
2017-12-24 15:19 - 2017-12-24 15:28 - 734898176 _____ C:\Users\zalehman123\Downloads\The Search For Santa Paws 2010 [DVDRip.XviD-miguel] [ENG].avi
2017-12-24 11:53 - 2017-12-24 12:03 - 1398895210 _____ C:\Users\zalehman123\Downloads\The.Santa.Clause.1994.1080p.BrRip.x264.YIFY.mp4
2017-12-23 18:43 - 2017-12-23 18:48 - 460173504 _____ C:\Users\zalehman123\Downloads\HarryPotter(1).iso
2017-12-23 18:24 - 2017-12-23 18:29 - 460173504 _____ C:\Users\zalehman123\Downloads\HarryPotter.iso
2017-12-23 18:12 - 2017-12-23 18:59 - 1251012044 _____ C:\Users\zalehman123\Downloads\Harry.Potter.and.the.Sorcerers.Stone.2001.1080p.BrRip.x264.YIFY ( FIRST TRY).mp4
2017-12-23 11:29 - 2017-12-23 11:34 - 678918534 _____ C:\Users\zalehman123\Downloads\Flubber.1997.HDTV.720p.x264.YIFY.mp4
2017-12-22 23:03 - 2017-12-22 23:13 - 669570761 _____ C:\Users\zalehman123\Downloads\Liar.Liar.1997.720p.BrRip.x264.Deceit.YIFY.mp4
2017-12-22 13:31 - 2017-12-22 13:32 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\NetBeans
2017-12-22 13:31 - 2017-12-22 13:31 - 000000000 ____D C:\Users\zalehman123\AppData\Local\NetBeans
2017-12-22 13:29 - 2017-12-22 13:29 - 000000000 ____D C:\Program Files (x86)\Apache Software Foundation
2017-12-22 13:28 - 2017-12-22 13:29 - 000000000 ____D C:\Program Files (x86)\glassfish-4.1.1
2017-12-22 13:25 - 2017-12-22 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
2017-12-22 13:23 - 2017-12-22 13:30 - 000000000 ____D C:\Program Files (x86)\NetBeans 8.2
2017-12-22 13:22 - 2017-12-22 13:22 - 000144448 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-12-22 13:22 - 2017-12-22 13:22 - 000003668 _____ C:\Windows\System32\Tasks\JavaUpdateSched
2017-12-22 13:21 - 2017-12-22 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-12-22 13:21 - 2017-12-22 13:21 - 000000000 ____D C:\Program Files\Java
2017-12-22 13:20 - 2017-12-22 13:20 - 000000000 ____D C:\Users\zalehman123\AppData\LocalLow\Oracle
2017-12-22 13:15 - 2017-12-22 13:31 - 000000000 ____D C:\Users\zalehman123\.nbi
2017-12-22 13:15 - 2017-12-22 13:20 - 393748024 _____ (Oracle Corporation) C:\Users\zalehman123\Downloads\jdk-9.0.1_windows-x64_bin.exe
2017-12-22 13:12 - 2017-12-22 13:14 - 205741184 _____ C:\Users\zalehman123\Downloads\netbeans-8.2-javaee-windows.exe
2017-12-22 13:07 - 2017-12-22 13:07 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\Microsoft FxCop
2017-12-22 11:24 - 2017-12-22 11:24 - 000054272 _____ C:\Users\zalehman123\Downloads\Silent Hacks Bilge Bot.exe
2017-12-22 11:24 - 2017-12-22 11:24 - 000000034 _____ C:\Users\zalehman123\Downloads\Score Track.csv
2017-12-22 11:21 - 2017-12-22 11:21 - 000206336 _____ (Bot-Supply) C:\Users\zalehman123\Downloads\Vedic AoF Bor.exe
2017-12-21 23:36 - 2017-12-21 23:36 - 000000000 ____D C:\Users\zalehman123\AppData\LocalLow\Ookla
2017-12-21 23:36 - 2017-12-21 23:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedtest By Ookla
2017-12-21 23:36 - 2017-12-21 23:36 - 000000000 ____D C:\Program Files (x86)\Speedtest
2017-12-21 23:33 - 2017-12-21 23:35 - 054638080 _____ C:\Users\zalehman123\Downloads\speedtestbyookla_x64.msi
2017-12-21 23:32 - 2017-12-21 23:38 - 850324245 _____ C:\Users\zalehman123\Downloads\Home.Alone.1990.720p.BluRay.x264.YIFY.mp4
2017-12-21 23:20 - 2017-12-21 23:31 - 1290257415 _____ C:\Users\zalehman123\Downloads\the mothman prophecies 2002 dvdrip x264 aac 5 1 vlis.zip
2017-12-21 23:09 - 2017-12-21 23:13 - 478969323 _____ C:\Users\zalehman123\Downloads\HP 3.zip
2017-12-21 22:57 - 2017-12-21 22:57 - 000009790 _____ C:\Users\zalehman123\Downloads\Cheat Mod.zip-31-1-0-5.zip
2017-12-21 22:56 - 2017-12-21 22:56 - 000238751 _____ C:\Users\zalehman123\Downloads\gamedevtycoon-mods-ultimatelib-release.zip
2017-12-21 14:55 - 2017-12-24 11:57 - 000000000 ____D C:\Users\zalehman123\AppData\Local\Game Dev Tycoon - Steam
2017-12-21 14:19 - 2017-12-21 14:20 - 120955224 _____ C:\Users\zalehman123\Downloads\Game.Dev.Tycoon.v1.5.27.zip
2017-12-21 09:11 - 2017-12-21 09:20 - 732672000 _____ C:\Users\zalehman123\Downloads\Minions.2015.HDRip.XViD ETRG.avi
2017-12-20 18:32 - 2017-12-20 18:42 - 1278802990 _____ C:\Users\zalehman123\Downloads\Justice.League.Dark.2017.HDRip.XviD.AC3-EVO.avi
2017-12-19 09:34 - 2017-12-27 15:41 - 000000000 ____D C:\Users\zalehman123\source
2017-12-19 09:33 - 2017-12-19 09:33 - 000000000 ____D C:\Users\zalehman123\AppData\Local\.IdentityService
2017-12-19 09:30 - 2017-12-19 09:30 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio
2017-12-19 09:27 - 2018-01-02 21:39 - 000000000 ___RD C:\Users\zalehman123\Google Drive
2017-12-19 09:26 - 2017-12-19 09:26 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools
2017-12-19 09:25 - 2017-12-19 09:25 - 001129816 _____ (Google Inc.) C:\Users\zalehman123\Downloads\installbackupandsync.exe
2017-12-19 09:25 - 2017-12-19 09:25 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-19 09:25 - 2017-12-19 09:25 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-19 09:25 - 2017-12-19 09:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-12-19 09:25 - 2017-12-19 09:25 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\SysWOW64\3082
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\SysWOW64\2052
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\SysWOW64\1055
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\SysWOW64\1049
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\SysWOW64\1046
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\SysWOW64\1045
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\SysWOW64\1042
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\SysWOW64\1041
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\SysWOW64\1040
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\SysWOW64\1036
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\SysWOW64\1033
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\SysWOW64\1031
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\SysWOW64\1029
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\SysWOW64\1028
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\system32\3082
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\system32\2052
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\system32\1055
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\system32\1049
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\system32\1046
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\system32\1045
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\system32\1042
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\system32\1041
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\system32\1040
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\system32\1036
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\system32\1033
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\system32\1031
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\system32\1029
2017-12-19 09:14 - 2017-12-19 09:26 - 000000000 ____D C:\Windows\system32\1028
2017-12-19 09:14 - 2017-12-19 09:14 - 000000000 ____D C:\Program Files\Windows Kits
2017-12-19 09:02 - 2017-12-19 09:02 - 000000000 ____D C:\Program Files (x86)\NuGet
2017-12-19 08:50 - 2017-12-19 08:51 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-12-19 08:50 - 2017-12-19 08:50 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-12-19 08:47 - 2017-12-19 08:47 - 000000000 ____D C:\Program Files\Microsoft ASP.NET Core Runtime Package Store
2017-12-19 08:46 - 2017-12-19 08:46 - 000000000 ____D C:\Users\zalehman123\.dotnet
2017-12-19 08:45 - 2017-12-19 08:47 - 000000000 ____D C:\Program Files\dotnet
2017-12-19 08:43 - 2017-12-19 09:24 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-12-19 08:43 - 2017-12-19 09:04 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2017-12-19 08:43 - 2017-12-19 08:43 - 000001782 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2017-12-19 08:43 - 2017-12-19 08:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-12-19 08:30 - 2017-12-19 08:30 - 000001499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2017-12-19 08:25 - 2017-12-19 08:25 - 001117448 _____ (Microsoft Corporation) C:\Users\zalehman123\Downloads\vs_community__1481927909.1513689911.exe
2017-12-19 08:22 - 2017-12-19 08:22 - 033078569 _____ C:\Users\zalehman123\Downloads\Bot Sources_mpgh.net.rar
2017-12-19 08:22 - 2017-12-19 08:22 - 000085295 _____ C:\Users\zalehman123\Downloads\Pure Bilger-Source.zip
2017-12-19 08:12 - 2017-12-19 08:12 - 000051712 _____ C:\Users\zalehman123\Downloads\mybbLogin.dll
2017-12-19 08:11 - 2017-12-19 08:11 - 002224640 _____ (Ezhax) C:\Users\zalehman123\Downloads\Float the Boat Lite.exe
2017-12-18 21:26 - 2017-12-19 09:39 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\NuGet
2017-12-18 21:26 - 2017-12-18 21:28 - 000000000 ____D C:\Users\zalehman123\AppData\Local\SymbolSourceSymbols
2017-12-18 21:26 - 2017-12-18 21:26 - 000000000 ____D C:\Users\zalehman123\AppData\Local\RefSrcSymbols
2017-12-18 21:26 - 2017-12-18 21:26 - 000000000 ____D C:\Users\zalehman123\AppData\Local\NuGet
2017-12-18 21:23 - 2017-12-18 21:23 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
2017-12-18 21:22 - 2017-12-18 21:26 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\JetBrains
2017-12-18 21:21 - 2017-12-18 21:26 - 000000000 ____D C:\Users\zalehman123\AppData\Local\JetBrains
2017-12-18 21:20 - 2017-12-18 21:20 - 000753872 _____ (JetBrains) C:\Users\zalehman123\Downloads\JetBrains.dotPeek.2017.2.2.web.exe
2017-12-18 20:53 - 2017-12-18 20:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wampserver64
2017-12-18 20:50 - 2017-12-18 20:50 - 000000000 ____D C:\wamp64
2017-12-18 20:44 - 2017-12-18 20:49 - 431668514 _____ (Dominique Ottello aka Otomatic ) C:\Users\zalehman123\Downloads\wampserver3.1.0_x64.exe
2017-12-18 20:40 - 2017-12-18 20:40 - 000269824 _____ C:\Users\zalehman123\Downloads\Bilge Assistant.exe
2017-12-17 14:06 - 2017-12-17 14:06 - 000034991 _____ C:\Users\zalehman123\Downloads\Application.pdf
2017-12-15 08:06 - 2017-12-15 08:06 - 000003540 _____ C:\Users\zalehman123\Downloads\3713403.pdf
2017-12-14 15:13 - 2017-10-15 15:13 - 000000032 ____R C:\ProgramData\hash.dat
2017-12-14 15:10 - 2017-12-22 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-14 15:10 - 2017-12-14 15:10 - 000662874 _____ (Three Rings Design, Inc.) C:\Users\zalehman123\Downloads\yohoho-0--en-install(2).exe
2017-12-14 15:10 - 2017-12-14 15:10 - 000002382 _____ C:\Users\zalehman123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Puzzle Pirates.lnk
2017-12-14 15:10 - 2017-12-14 15:10 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\Sun
2017-12-14 15:10 - 2017-12-14 15:10 - 000000000 ____D C:\Users\zalehman123\AppData\LocalLow\Sun
2017-12-14 15:10 - 2017-12-14 15:09 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-12-14 15:09 - 2017-12-14 15:09 - 000662874 _____ (Three Rings Design, Inc.) C:\Users\zalehman123\Downloads\yohoho-0--en-install(1).exe
2017-12-14 15:09 - 2017-12-14 15:09 - 000000000 ____D C:\ProgramData\Oracle
2017-12-14 15:09 - 2017-12-14 15:09 - 000000000 ____D C:\Program Files (x86)\Java
2017-12-14 15:08 - 2017-12-14 15:08 - 001852992 _____ (Oracle Corporation) C:\Users\zalehman123\Downloads\jxpiinstall.exe
2017-12-14 15:08 - 2017-12-14 15:08 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\Three Rings Design
2017-12-14 15:07 - 2017-12-14 15:07 - 000662874 _____ (Three Rings Design, Inc.) C:\Users\zalehman123\Downloads\yohoho-0--en-install.exe
2017-12-14 14:55 - 2017-12-14 14:55 - 000000000 ____D C:\Users\zalehman123\AppData\Local\Jagex
2017-12-14 14:54 - 2017-12-14 14:55 - 000000000 ____D C:\ProgramData\Jagex
2017-12-14 14:51 - 2017-12-14 14:51 - 000000177 _____ C:\Users\Public\Desktop\RuneScape Launcher.url
2017-12-14 14:51 - 2017-12-14 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex
2017-12-14 14:51 - 2017-12-14 14:51 - 000000000 ____D C:\Program Files\Jagex
2017-12-14 14:49 - 2017-12-14 14:49 - 005510248 _____ (Jagex Ltd ) C:\Users\zalehman123\Downloads\RuneScape-Setup.exe
2017-12-07 20:36 - 2017-12-07 20:36 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\Antares
2017-12-07 20:36 - 2017-12-07 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies
2017-12-07 20:36 - 2017-12-07 20:36 - 000000000 ____D C:\Program Files (x86)\Antares Audio Technologies
2017-12-07 20:35 - 2017-12-07 20:35 - 000000000 ____D C:\Users\zalehman123\Downloads\Auto-Tune_Evo_VST_v6.0.9.2
2017-12-07 19:32 - 2017-12-07 19:32 - 000000000 ____D C:\Program Files (x86)\Audacity
2017-12-07 19:30 - 2017-12-07 19:32 - 000342045 _____ ( ) C:\Users\zalehman123\Downloads\vst-bridge-1.1.exe
2017-12-07 19:28 - 2017-12-07 20:23 - 027224934 _____ C:\Users\zalehman123\Downloads\Auto-Tune_Evo_VST_v6.0.9.2.zip
2017-12-07 19:16 - 2017-12-07 19:16 - 000000000 ____D C:\Users\zalehman123\Documents\Audacity
2017-12-07 19:07 - 2017-12-07 19:53 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\audacity
2017-12-07 19:07 - 2017-12-07 19:07 - 000000000 ____D C:\Users\zalehman123\Downloads\audacity-win-2.2.1
2017-12-07 19:07 - 2017-12-07 19:07 - 000000000 ____D C:\Users\zalehman123\AppData\Local\Audacity
2017-12-07 19:02 - 2017-12-07 19:05 - 012128016 _____ C:\Users\zalehman123\Downloads\audacity-win-2.2.1.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-02 21:49 - 2017-11-10 19:19 - 000115738 _____ C:\Windows\ZAM.krnl.trace
2018-01-02 21:49 - 2017-11-10 19:19 - 000019525 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-01-02 21:45 - 2017-07-02 15:23 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-02 21:45 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Inf
2018-01-02 21:43 - 2017-07-02 15:23 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2393918241-2313618224-3958569718-1001
2018-01-02 21:40 - 2017-07-03 12:32 - 000000000 ____D C:\Users\zalehman123\AppData\LocalLow\Mozilla
2018-01-02 21:39 - 2017-07-22 15:58 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-02 21:38 - 2013-08-22 09:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-02 21:36 - 2017-07-05 17:23 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\obs-studio
2018-01-02 21:36 - 2017-07-02 15:35 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-01-02 21:36 - 2013-08-22 08:25 - 011952128 _____ C:\Windows\system32\config\HARDWARE
2018-01-02 20:52 - 2017-07-02 15:17 - 000000000 ____D C:\Users\zalehman123
2018-01-02 20:02 - 2017-07-05 17:09 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-02 19:06 - 2017-07-11 13:07 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\vlc
2017-12-30 12:45 - 2017-08-08 16:00 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-12-29 21:14 - 2013-08-22 08:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-12-29 20:40 - 2017-07-30 15:53 - 000000000 ____D C:\Windows\Minidump
2017-12-29 20:40 - 2017-07-02 18:12 - 000131893 ____N C:\Windows\Minidump\122917-36203-01.dmp
2017-12-29 20:25 - 2017-07-03 12:32 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-29 20:25 - 2017-07-03 12:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-29 20:25 - 2017-07-03 12:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-29 15:21 - 2017-08-09 07:29 - 000000000 ____D C:\Users\zalehman123\AppData\Local\CrashDumps
2017-12-27 17:42 - 2017-07-09 20:57 - 000000000 ____D C:\Games
2017-12-24 22:35 - 2017-10-26 13:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-24 17:27 - 2017-07-06 16:53 - 000000000 ____D C:\Users\zalehman123\AppData\Local\Adobe
2017-12-24 17:26 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-24 17:26 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-21 14:01 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\system32\NDF
2017-12-21 13:50 - 2017-11-17 18:43 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\Visual Studio Setup
2017-12-19 09:36 - 2017-07-02 16:21 - 000000000 ____D C:\Users\zalehman123\Documents\Visual Studio 2017
2017-12-19 09:25 - 2017-07-10 12:25 - 000000000 ____D C:\Users\zalehman123\AppData\Local\Google
2017-12-19 09:12 - 2017-11-17 18:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-12-19 08:48 - 2013-08-22 10:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-19 08:42 - 2017-07-09 10:16 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-12-19 08:26 - 2017-11-17 18:43 - 000001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-12-18 20:04 - 2017-07-23 08:21 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-18 17:45 - 2017-07-23 08:31 - 000000000 ____D C:\Users\zalehman123\AppData\Roaming\ScummVM
2017-12-14 14:46 - 2017-10-26 13:39 - 000000023 _____ C:\Windows\BlendSettings.ini

==================== Files in the root of some directories =======

2017-12-14 15:13 - 2017-10-15 15:13 - 000000032 ____R () C:\ProgramData\hash.dat
2017-07-02 15:43 - 2017-04-27 16:54 - 000004982 _____ () C:\Users\zalehman123\main.min.js
2017-07-10 19:34 - 2017-07-10 19:34 - 000394774 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0710201720340985.zip
2017-07-10 23:34 - 2017-07-10 23:34 - 000489890 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0711201700340987.zip
2017-07-11 18:51 - 2017-07-11 18:51 - 000602784 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0711201719511648.zip
2017-07-11 22:51 - 2017-07-11 22:51 - 000350207 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0711201723511648.zip
2017-07-12 19:26 - 2017-07-12 19:26 - 000452614 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0712201720263515.zip
2017-07-12 23:26 - 2017-07-12 23:26 - 000578342 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0713201700263516.zip
2017-07-13 19:34 - 2017-07-13 19:34 - 000701455 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0713201720344704.zip
2017-07-13 23:34 - 2017-07-13 23:34 - 000452823 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0714201700344704.zip
2017-07-14 19:36 - 2017-07-14 19:36 - 000570807 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0714201720361009.zip
2017-07-14 23:36 - 2017-07-14 23:36 - 000652010 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_071520170036101.zip
2017-07-17 19:33 - 2017-07-17 19:33 - 000535362 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0717201720331939.zip
2017-07-17 23:33 - 2017-07-17 23:33 - 000632679 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_071820170033194.zip
2017-07-18 19:31 - 2017-07-18 19:31 - 000771278 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0718201720311032.zip
2017-07-18 23:31 - 2017-07-18 23:31 - 000852485 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0719201700311033.zip
2017-07-19 19:34 - 2017-07-19 19:34 - 000716392 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0719201720340176.zip
2017-07-19 23:34 - 2017-07-19 23:34 - 000837212 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0720201700340177.zip
2017-07-20 17:33 - 2017-07-20 17:33 - 000971138 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0720201718330282.zip
2017-07-20 21:33 - 2017-07-20 21:33 - 000727626 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0720201722330283.zip
2017-07-21 15:33 - 2017-07-21 15:33 - 000824752 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0721201716331478.zip
2017-07-21 19:33 - 2017-07-21 19:33 - 000958907 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0721201720331478.zip
2017-07-21 23:33 - 2017-07-21 23:33 - 001071868 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0722201700331478.zip
2017-07-24 19:34 - 2017-07-24 19:34 - 001132700 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0724201720344041.zip
2017-07-24 23:34 - 2017-07-24 23:34 - 001221540 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0725201700344041.zip
2017-07-25 19:19 - 2017-07-25 19:19 - 001014291 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0725201720192858.zip
2017-07-25 23:19 - 2017-07-25 23:19 - 001123377 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_072620170019286.zip
2017-07-26 20:32 - 2017-07-26 20:32 - 001267433 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0726201721320168.zip
2017-07-27 00:32 - 2017-07-27 00:32 - 001332723 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0727201701320168.zip
2017-07-27 19:37 - 2017-07-27 19:37 - 001152479 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0727201720372184.zip
2017-07-27 23:37 - 2017-07-27 23:37 - 001248891 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0728201700372185.zip
2017-07-28 20:02 - 2017-07-28 20:02 - 001401511 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0728201721022755.zip
2017-07-29 00:02 - 2017-07-29 00:02 - 001483253 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0729201701022756.zip
2017-07-29 15:33 - 2017-07-29 15:33 - 001212037 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_072920171633076.zip
2017-07-31 20:32 - 2017-07-31 20:32 - 001403639 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0731201721323866.zip
2017-08-01 00:32 - 2017-08-01 00:32 - 001447410 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0801201701323866.zip
2017-08-01 20:37 - 2017-08-01 20:37 - 001579438 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0801201721375628.zip
2017-08-02 00:37 - 2017-08-02 00:37 - 001281895 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_080220170137563.zip
2017-08-02 20:33 - 2017-08-02 20:33 - 001421073 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0802201721333279.zip
2017-08-03 00:33 - 2017-08-03 00:33 - 001481700 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_080320170133328.zip
2017-08-03 11:34 - 2017-08-03 11:34 - 001487433 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0803201712344059.zip
2017-08-03 19:33 - 2017-08-03 19:33 - 001661491 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0803201720335212.zip
2017-08-03 23:33 - 2017-08-03 23:33 - 001723463 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0804201700335212.zip
2017-08-04 18:51 - 2017-08-04 18:51 - 001501280 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0804201719511913.zip
2017-08-04 22:51 - 2017-08-04 22:51 - 001575147 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0804201723511914.zip
2017-08-07 14:51 - 2017-08-07 14:51 - 001932166 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0807201715510631.zip
2017-08-07 15:22 - 2017-08-07 15:22 - 001945869 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0807201716224714.zip
2017-08-07 18:51 - 2017-08-07 18:51 - 002057685 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0807201719510631.zip
2017-08-07 19:22 - 2017-08-07 19:22 - 002069717 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0807201720224715.zip
2017-08-07 22:51 - 2017-08-07 22:51 - 002137554 _____ () C:\Users\zalehman123\AppData\Roaming\logs_zalehman_0807201723510633.zip
2017-12-27 17:44 - 2017-12-27 17:44 - 000000000 ___SH () C:\Users\zalehman123\AppData\Local\LumaEmu

Some files in TEMP:
====================
2017-08-08 16:00 - 2017-08-11 18:58 - 001737600 _____ (Microsoft Corporation) C:\Users\zalehman123\AppData\Local\Temp\dllnt_dump.dll
2017-11-20 23:05 - 2017-11-02 22:11 - 000209064 _____ (Microsoft Corporation) C:\Users\zalehman123\AppData\Local\Temp\ose00000.exe
2017-11-20 23:07 - 2010-03-16 04:12 - 000149352 _____ (Microsoft Corporation) C:\Users\zalehman123\AppData\Local\Temp\ose00001.exe
2017-07-09 10:02 - 2017-08-08 11:38 - 000053248 ____N () C:\Users\zalehman123\AppData\Local\Temp\ShutdownGuardian.dll
2017-07-20 09:34 - 2017-07-20 09:34 - 000053248 ____N () C:\Users\zalehman123\AppData\Local\Temp\ShutdownGuardian3048685740135056124.dll
2017-07-13 15:35 - 2017-07-13 15:35 - 000053248 ____N () C:\Users\zalehman123\AppData\Local\Temp\ShutdownGuardian5776063606384467306.dll
2017-07-28 16:03 - 2017-07-28 16:03 - 000053248 ____N () C:\Users\zalehman123\AppData\Local\Temp\ShutdownGuardian8303395860021692128.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\moubfbwd.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-12-28 18:11

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by zalehman123 (02-01-2018 21:50:31)
Running from C:\Users\zalehman123\Downloads
Windows 8.1 Pro (Update) (X64) (2017-07-02 20:17:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2393918241-2313618224-3958569718-500 - Administrator - Disabled)
Guest (S-1-5-21-2393918241-2313618224-3958569718-501 - Limited - Enabled)
zalehman123 (S-1-5-21-2393918241-2313618224-3958569718-1001 - Administrator - Enabled) => C:\Users\zalehman123

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
ACP Application (HKLM\...\{3D46806D-3191-6702-A45D-6AB974E9551B}) (Version: 2016.1223.1210.58 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Antares Auto-Tune Evo VST (HKLM-x32\...\{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}) (Version: 6.00.0009 - Antares Audio Technologies)
Apache Tomcat 8.0.27 (HKLM-x32\...\nbi-tomcat-8.0.27.0.0) (Version:  - )
Backup and Sync from Google (HKLM-x32\...\{908DB568-E5FA-40C7-A2AA-AB340190858B}) (Version: 3.38.7642.3857 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (HKLM\...\{B3404CFD-64B2-138C-22EC-64EBAF2DF5D7}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{4F374250-3B97-160A-5D2A-452AE7E70ED7}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DBFEE72E-7001-28DC-88FF-777621EA148E}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{AB77F5E4-CDCF-F6FA-4D3E-36A6BB9EEF50}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{8193166C-B615-0D56-70D1-F908F34C4E5B}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{C52624B1-12DB-AA8B-449E-08CA0FD2E50E}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{8EB916C5-A52A-8A98-BDC5-8856A19AAA3A}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{228882CB-19B2-EE92-C820-03D8E2BF101B}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{CB6E1114-058D-D311-FC1A-D98C003328C8}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{AD0AA617-CCDA-8FA5-9A82-1F6FFB8F7660}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{E65DD8F5-F185-362F-5FE7-00627C73ED7C}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{88D3DDCC-8BB4-3228-D407-7A04B9B8A6E6}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{539FE6EE-0BD2-6F1F-A48B-78D2CCAFD9BD}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{C617CA3A-1296-7DFD-990F-F27A00E5FCA1}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{91548629-F93E-5E9A-2F3B-C226488F8805}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{8A112EC0-D20F-1545-5F13-BBA0006FB3BD}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F1E1C881-6A24-CA60-58BF-6005B654CBEC}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{1A4779F8-961C-9FEF-4056-30B9A393F292}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{014A1FFF-4B25-00C0-D744-434AE84E842B}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{BF020F1B-4402-A4FD-2C8D-5B09561E113A}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{24ECF4ED-85F7-F6D1-A82D-567187220178}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Citra Edge (HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\...\citra) (Version: 0.1.441 - Citra Development Team)
CL-Eye Driver (HKLM-x32\...\CL-Eye Driver) (Version: 5.3.0.0341 - Code Laboratories, Inc.)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D1844DC3-B378-47CC-AB40-7FC16C79A2CD}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
DiagnosticsHub_CollectionService (HKLM\...\{A5DD0731-C724-4037-B35B-B80782AACE00}) (Version: 15.0.27128 - Microsoft Corporation) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Driver Booster 4.4 (HKLM-x32\...\Driver Booster_is1) (Version: 4.4.0 - IObit)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.12 - Emsisoft Ltd.)
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Fallout 4 Complete Pack (HKLM-x32\...\Fallout 4 Complete Pack_is1) (Version: 1.7 - Bethesda Softworks)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free FLV to MP4 Converter 1.0.28 (HKLM-x32\...\{B00D1F02-C556-48eb-9DC2-32C778B71CE2}_is1) (Version: 1.0.28 - free-videoconverter)
GlassFish Server Open Source Edition 4.1.1 (HKLM-x32\...\nbi-glassfish-mod-4.1.1.0.1) (Version:  - )
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GPU Caps Viewer 1.34.4.0 (HKLM-x32\...\{F6E04BE8-2FA4-44C4-9BD3-142CE3EB15B4}_is1) (Version:  - Geeks3D.com)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
icecap_collection_neutral (HKLM-x32\...\{9149432D-3BEE-4869-B6F5-7A5CF843A612}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{D0C9796E-CB35-4440-885D-9630A0153D1E}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{B96B62E4-2EE4-45EC-8082-246FFC1B12E3}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{262EE643-72FF-406D-9776-C6B65443DA5B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Icecream Screen Recorder version 4.90 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 4.90 - Icecream Apps)
IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 9.0.1 (64-bit) (HKLM\...\{2590B9D6-4310-52BC-808E-1A585861A836}) (Version: 9.0.1.0 - Oracle Corporation)
Java™ SE Development Kit 9.0.1 (64-bit) (HKLM\...\{4AC8DBB2-1AE5-5156-83F9-D4E2E6DD564B}) (Version: 9.0.1.0 - Oracle Corporation)
JetBrains dotPeek 2017.2.2 (HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\...\{2a11990e-7674-5280-8fe1-0b065b107630}) (Version: 2017.2.2  - JetBrains s.r.o.)
KeePass Password Safe 2.35 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.35 - Dominik Reichl)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Life Is Strange (HKLM-x32\...\Life Is Strange_is1) (Version:  - SQUARE ENIX)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Core SDK - 2.1.2 (x64) (HKLM-x32\...\{9651d4f8-e761-4b9b-ac03-6c2685f1f225}) (Version: 2.1.2 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.14.160.1208 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 57.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.3 (x64 en-US)) (Version: 57.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.3.6569 - Mozilla)
Mozilla Thunderbird 52.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.5.0 (x86 en-US)) (Version: 52.5.0 - Mozilla)
NetBeans IDE 8.2 (HKLM-x32\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Oblivion - Construction Set (HKLM-x32\...\{23D683DD-93C6-48E6-B84E-78B57778F126}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.11.0 - )
Plex Media Server (HKLM-x32\...\{2fb84613-d20f-4778-8955-66178d5dee6f}) (Version: 1.10.1.4602 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{CB3C17B5-1DE6-4D78-9447-38C6F1277A2A}) (Version: 1.10.1602 - Plex, Inc.) Hidden
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
PSMoveService (HKLM\...\{8ACC9EDD-76FA-43D4-A107-5EAB74CBED38}_is1) (Version: 0.9_alpha8.10.0 - PSMoveService)
Puzzle Pirates (HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\...\Puzzle Pirates) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.9.0 - Adlice Software)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Speedtest by Ookla (HKLM\...\{4CB99888-11EE-4B49-BC91-447FF7FCD975}) (Version: 1.0.14.001 - Ookla)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{5E4EA395-F2C2-4A16-A4C7-99897E1859F2}) (Version: 1.10.1602 - Plex, Inc.) Hidden
The Elder Scrolls IV Oblivion version 1.2.0416.00 (HKLM-x32\...\The Elder Scrolls IV Oblivion_is1) (Version: 1.2.0416.00 - Mr DJ)
The Elder Scrolls IV: Oblivion (HKLM-x32\...\1458058109_is1) (Version: 1.2.0416 - GOG.com)
TypeScript SDK (HKLM-x32\...\{B08D05BC-7897-4616-B34C-95B58D07650C}) (Version: 2.5.4.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
UnHackMe 9.50 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Unity (HKLM-x32\...\Unity) (Version: 5.6.0f3 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{0074562E-F896-4994-9086-79F8BC8DE02C}) (Version: 14.12.25830 - Microsoft Corporation) Hidden
Visual Studio Community 2017 (HKLM\...\618f3840) (Version: 15.5.27130.2010 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{8A2BDA07-3417-46C1-9058-CB32BC63E30E}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{F8F52853-A1A7-42C7-A082-5A6D5853BB0B}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{0EE5749D-2DC0-460F-AB1C-06B3EDB42426}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{18640789-304F-40B5-884B-130B4A97D83B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{595F5D63-8773-4182-A1E0-EC9ECF4B6EA4}) (Version: 15.0.27102 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{9414C260-D479-49EB-B0BF-01C1F5076EA0}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{A57BD1C0-42AD-42F8-AFEB-FAC7E6ABB005}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{70F69B4F-7950-4841-8139-5D0C7EDD2FE6}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B11D79C6-332C-47B6-B58C-2F88A4911C7C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{2497054A-0269-4F45-98AE-F469F89CC45F}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{231C8ADB-BF59-458E-A909-CFA825F46388}) (Version: 15.0.27102 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{9CDD69A2-765A-4970-AB6B-595A740C614F}) (Version: 15.0.27019 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
VST Bridge 1.1 (HKLM-x32\...\VST Bridge_is1) (Version:  - )
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wampserver64 3.1.0 (HKLM\...\{wampserver64}_is1) (Version: 3.1.0 - Dominique Ottello aka Otomatic)
WebM Project Directshow Filters (HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Xirrus Wi-Fi Inspector (HKLM-x32\...\{8CED67B5-AB51-4D12-AAA5-395303922641}) (Version: 1.0.0 - Xirrus)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
Zoom (HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2393918241-2313618224-3958569718-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\zalehman123\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-10] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-23] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-10] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BC3A502-9AED-442E-8151-BCCBCBFBB802} - \68857578 -> No File <==== ATTENTION
Task: {0CC6544B-A108-42A6-9290-0412CF1B20A9} - \2487609 -> No File <==== ATTENTION
Task: {131777FA-8340-44FF-9218-D7465B45A8C0} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-27] (Oracle Corporation)
Task: {59BE5B1C-2D5E-4BC9-9BF0-0502B7B19687} - \31571480 -> No File <==== ATTENTION
Task: {62DF2849-A718-44C2-A5F3-D5F475FDD57F} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2017-12-13] (Greatis Software)
Task: {65BB7DF0-3C82-4537-83BD-7CFC2E6D1E97} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2393918241-2313618224-3958569718-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [2017-11-23] (Mega Limited)
Task: {7D4A9F5A-D073-4C71-9F0B-AA988A60BA0D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-24] (Adobe Systems Incorporated)
Task: {8F58FF13-EA96-4A2A-BE0F-6BB30867468D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-19] (Google Inc.)
Task: {A60E3CB4-ADA0-40BC-BA2A-040FAAFA8046} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2016-12-23] (Advanced Micro Devices, Inc.)
Task: {D605D9F9-B80A-4860-A8A0-25FED9D2DDB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-19] (Google Inc.)
Task: {F879692E-2ED1-4867-B724-3BA431587749} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-10-18 16:51 - 2017-10-18 16:51 - 000598528 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-11-10 19:19 - 2017-11-10 19:19 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-08-08 14:17 - 2017-08-08 14:17 - 002768896 ____N () C:\WINDOWS\SYSTEM32\MSWQCNK.EXE
2017-11-20 15:27 - 2017-11-20 15:27 - 041061856 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
2017-12-13 05:18 - 2017-12-13 05:18 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-07-22 16:00 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-07-22 16:00 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-07-22 16:00 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-07-22 16:00 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-07-22 16:00 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-12-21 23:42 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-21 23:42 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-21 23:42 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-21 23:42 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-21 23:42 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-07-22 16:00 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-07-22 16:00 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2017-09-10 15:51 - 2017-09-10 15:51 - 000798208 _____ () C:\ProgramData\MEGAsync\libsodium.dll
2018-01-02 21:38 - 2018-01-02 21:38 - 000088064 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\_ctypes.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000919552 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\_hashlib.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000098816 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\win32api.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000110080 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\pywintypes27.dll
2018-01-02 21:38 - 2018-01-02 21:38 - 000364544 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\pythoncom27.dll
2018-01-02 21:38 - 2018-01-02 21:38 - 000686080 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\unicodedata.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000320512 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\win32com.shell.shell.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 001177088 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\wx._core_.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000806912 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\wx._gdi_.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000816640 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\wx._windows_.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 001067520 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\wx._controls_.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000733696 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\wx._misc_.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000736256 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\pysqlite2._sqlite.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000119808 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\win32file.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000108544 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\win32security.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000007168 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\hashobjs_ext.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000017920 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\thumbnails_ext.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000082432 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\usb_ext.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000013824 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\common.time34.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000018432 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\win32event.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000027648 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\windows.conditional.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000017408 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\windows.winwrap.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000089088 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\windows.volumes.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000167936 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\win32gui.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000046080 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\_socket.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 001311744 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\_ssl.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000129536 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\_elementtree.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000127488 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\pyexpat.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000038912 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\win32inet.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000077824 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\wx._html2.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000036864 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\_psutil_windows.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000524248 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\windows._lib_cacheinvalidation.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000011264 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\win32crypt.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000218624 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\PIL._imaging.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000027648 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\_multiprocessing.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000020480 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\_yappi.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000035840 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\win32process.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000024064 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\win32pipe.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000010240 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\select.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000025600 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\win32pdh.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000059392 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\windows.device_monitor.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000017408 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\win32profile.pyd
2018-01-02 21:38 - 2018-01-02 21:38 - 000022528 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI33682\win32ts.pyd
2017-07-22 16:01 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-07-22 16:01 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-07-22 16:00 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2018-01-02 21:39 - 2018-01-02 21:39 - 000088064 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\_ctypes.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000919552 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\_hashlib.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000098816 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\win32api.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000110080 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\pywintypes27.dll
2018-01-02 21:39 - 2018-01-02 21:39 - 000364544 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\pythoncom27.dll
2018-01-02 21:39 - 2018-01-02 21:39 - 000686080 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\unicodedata.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000320512 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\win32com.shell.shell.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 001177088 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\wx._core_.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000806912 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\wx._gdi_.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000816640 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\wx._windows_.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 001067520 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\wx._controls_.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000733696 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\wx._misc_.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000736256 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\pysqlite2._sqlite.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000119808 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\win32file.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000108544 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\win32security.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000007168 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\hashobjs_ext.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000017920 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\thumbnails_ext.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000082432 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\usb_ext.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000013824 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\common.time34.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000018432 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\win32event.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000027648 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\windows.conditional.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000017408 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\windows.winwrap.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000089088 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\windows.volumes.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000167936 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\win32gui.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000046080 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\_socket.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 001311744 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\_ssl.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000129536 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\_elementtree.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000127488 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\pyexpat.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000038912 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\win32inet.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000077824 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\wx._html2.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000036864 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\_psutil_windows.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000524248 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\windows._lib_cacheinvalidation.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000011264 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\win32crypt.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000218624 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\PIL._imaging.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000027648 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\_multiprocessing.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000020480 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\_yappi.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000035840 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\win32process.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000024064 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\win32pipe.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000010240 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\select.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000025600 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\win32pdh.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000059392 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\windows.device_monitor.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000017408 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\win32profile.pyd
2018-01-02 21:39 - 2018-01-02 21:39 - 000022528 _____ () C:\Users\zalehman123\AppData\Local\Temp\_MEI34922\win32ts.pyd
2017-12-13 05:18 - 2017-12-13 05:18 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-12-13 05:18 - 2017-12-13 05:18 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-12-13 05:18 - 2017-12-13 05:18 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-12-13 05:18 - 2017-12-13 05:18 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-12-13 05:18 - 2017-12-13 05:18 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-12-13 05:18 - 2017-12-13 05:18 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-12-13 05:18 - 2017-12-13 05:18 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-12-13 05:18 - 2017-12-13 05:18 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-12-13 05:18 - 2017-12-13 05:18 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-12-13 05:18 - 2017-12-13 05:18 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2017-12-13 05:18 - 2017-12-13 05:18 - 000064488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2018-01-02 21:45 - 000005397 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    globalinfection.net
127.0.0.1    www.globalinfection.net                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    
0.0.0.0 12finance.com
0.0.0.0 12kotov.ru
0.0.0.0 144.76.201.175
0.0.0.0 1dnscontrol.com
0.0.0.0 adsrvr.org
0.0.0.0 adsymptotic.com
0.0.0.0 advertising.com
0.0.0.0 akisho.ru
0.0.0.0 altocloudmedia.com
0.0.0.0 amtomil.ru
0.0.0.0 appchucklegift.com
0.0.0.0 asedownloadgate.com
0.0.0.0 atwola.com
0.0.0.0 backupcdn.com
0.0.0.0 bestapps4ever161.download
0.0.0.0 bywinners.men
0.0.0.0 cdndepot.com
0.0.0.0 champlaintechnology.com
0.0.0.0 chromesearch.win
0.0.0.0 clapflab.ru
0.0.0.0 click-now-on.me
0.0.0.0 corulu.com
0.0.0.0 coupplayoffgame.com
0.0.0.0 d3jx96othz2l8y.cloudfront.net
0.0.0.0 deloton.com
0.0.0.0 directadvert.ru
0.0.0.0 directdownloader.com
0.0.0.0 downloadscentralbundles.com

There are 166 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\zalehman123\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "NAC Assessment Agent.lnk"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\...\StartupApproved\Run: => "boulton"
HKU\S-1-5-21-2393918241-2313618224-3958569718-1001\...\StartupApproved\Run: => "offensive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9368E367-B98B-4951-A4FA-5D51E85102AA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{9EE0976A-F8C4-4EA2-A349-204A654E7D06}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{F6FC5F90-5B89-4D45-9B0D-23FFEA7569E2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{37E42011-9296-4DB1-A762-62D33A874895}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{2F53E817-65D9-4B79-8DDF-1F96C855DBD1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [{A7C0BC35-63C5-492F-89D9-05AE44A56362}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [{5F7D0726-0AA5-4D7A-BCA2-AD1916CEB37D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C0E41434-3769-48C9-9F30-EE12882D38AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FCFB3326-F6A5-4102-90A3-F6F5653B030A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{71439257-9219-446F-AE1F-28D59C2191E1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7F11E581-B6ED-494B-9271-3F7BEDC9DF94}] => (Allow) C:\Users\zalehman123\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{EA59C7AF-269A-4FAB-B1E6-D1FC27AEE2FE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{635265EB-6415-413A-82BF-07111A2B62F3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{A34B8912-0D97-47A3-88CF-21A992A6680D}C:\program files (x86)\avaya\avaya one-x agent\sparkemulator.exe] => (Allow) C:\program files (x86)\avaya\avaya one-x agent\sparkemulator.exe
FirewallRules: [UDP Query User{822617D9-48E7-4D5E-BD42-62C39EA1536A}C:\program files (x86)\avaya\avaya one-x agent\sparkemulator.exe] => (Allow) C:\program files (x86)\avaya\avaya one-x agent\sparkemulator.exe
FirewallRules: [TCP Query User{E24BEA7F-6765-4A6D-A966-EA2F34F6CB4B}C:\program files (x86)\avaya\avaya one-x agent\onexagentui.exe] => (Allow) C:\program files (x86)\avaya\avaya one-x agent\onexagentui.exe
FirewallRules: [UDP Query User{5A269C2C-749C-47D1-B4B7-BFAFE3DFC244}C:\program files (x86)\avaya\avaya one-x agent\onexagentui.exe] => (Allow) C:\program files (x86)\avaya\avaya one-x agent\onexagentui.exe
FirewallRules: [TCP Query User{8C73ABB7-E9BA-442E-8964-F8E2904FC024}C:\program files (x86)\intranext systems\onecti\onecti.exe] => (Allow) C:\program files (x86)\intranext systems\onecti\onecti.exe
FirewallRules: [UDP Query User{6054D6F7-8C2C-4033-89DD-40BCFDE40EF6}C:\program files (x86)\intranext systems\onecti\onecti.exe] => (Allow) C:\program files (x86)\intranext systems\onecti\onecti.exe
FirewallRules: [{D340FD42-7E26-4BD0-8148-84CDBC86BCFF}] => (Allow) C:\Users\zalehman123\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{0EBA9F91-25EE-4699-AD2D-794FF3A9C966}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{135FF453-2FEA-490D-97D6-26A4D3D570B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EAE08757-FCC5-4C33-BDFE-4F6A87290154}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5DED69E2-2BBA-4815-A410-66C426C581DD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A9028093-1ACE-4AFF-8BE7-DBBD0E215DBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Putt-Putt 3\ScummVM_Windows\scummvm.exe
FirewallRules: [{C757A6B0-C31E-468F-B91A-446151951124}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Putt-Putt 3\ScummVM_Windows\scummvm.exe
FirewallRules: [{40D32768-1553-4970-845F-F2139A499887}] => (Allow) C:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{0EB850DA-A52F-44BC-93FE-5EDF275BFC83}] => (Allow) C:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{F6749071-06CC-496E-857E-0B978D6700EF}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{57A50F47-C9E3-46C7-AA0A-B6FDCB68C2C8}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [TCP Query User{5AE36584-9C96-43E6-AE45-02A021900A26}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{68B7B46D-2742-4CDE-95C8-E38929C4D7C7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{5EE9B3DB-E17A-4A9E-A8C0-5C71C68B813E}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{3210EB2D-553A-41E8-8CF8-84D390B17D40}] => (Allow) C:\Program Files (x86)\Cams\miseries.exe
FirewallRules: [{C2671A75-547D-49BC-BB30-89E4F1A6E0F4}] => (Allow) C:\Program Files (x86)\Longan\miseries.exe
FirewallRules: [{83BB9CBD-25BB-468D-927D-5140B09160BC}] => (Allow) LPort=1688
FirewallRules: [{5616E4BD-0649-423B-B3BD-C2DA8A3A9617}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{8FB81229-1608-4D6F-9BA6-2BB7AFFD0FFA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E85960CC-4EBE-4052-B1FC-BD2FB424AF11}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{E5789B32-F4A3-4C7B-B1B7-1A3F54026853}C:\users\zalehman123\downloads\chrome64_56.0.2924.87\chrome.exe] => (Block) C:\users\zalehman123\downloads\chrome64_56.0.2924.87\chrome.exe
FirewallRules: [UDP Query User{75456E80-4F7E-4E28-A770-92D4E344BE96}C:\users\zalehman123\downloads\chrome64_56.0.2924.87\chrome.exe] => (Block) C:\users\zalehman123\downloads\chrome64_56.0.2924.87\chrome.exe
FirewallRules: [{D3799471-155F-4B84-94A4-C0331BBDEB46}] => (Allow) D:\Office\Office14\GROOVE.EXE
FirewallRules: [{509A499B-72B4-4841-A838-6DEAFB759EBA}] => (Allow) D:\Office\Office14\GROOVE.EXE
FirewallRules: [{D2FE4529-E70E-47C3-B049-F2A4638C004F}] => (Allow) D:\Office\Office14\ONENOTE.EXE
FirewallRules: [{0ACD274E-D2BA-4023-B295-536E9C3863BA}] => (Allow) D:\Office\Office14\ONENOTE.EXE
FirewallRules: [{B39BD5BF-B216-48FA-A80D-6F3C35EF4BC5}] => (Allow) D:\Office\Office14\outlook.exe
FirewallRules: [{564E38F7-D528-46F5-94FD-1E212D42DA7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Puzzle Pirates Dark Seas\java_vm\bin\javaw.exe
FirewallRules: [{007839ED-E0E3-435D-9396-72A7A45FBB99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Puzzle Pirates Dark Seas\java_vm\bin\javaw.exe
FirewallRules: [{C2B5F8CF-7E45-4EDF-9287-91D4FD7571F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spy Fox 1\ScummVM_Windows\scummvm.exe
FirewallRules: [{88B3DC2E-5F44-457A-A7A9-D59C11F82E81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spy Fox 1\ScummVM_Windows\scummvm.exe
FirewallRules: [TCP Query User{5B0D21DC-DCCA-4D9A-9F5B-CD73CFC1AA5D}C:\wamp64\bin\apache\apache2.4.27\bin\httpd.exe] => (Allow) C:\wamp64\bin\apache\apache2.4.27\bin\httpd.exe
FirewallRules: [UDP Query User{A9DC0933-C9B9-49EC-8E8C-ADB24F6CF6AD}C:\wamp64\bin\apache\apache2.4.27\bin\httpd.exe] => (Allow) C:\wamp64\bin\apache\apache2.4.27\bin\httpd.exe
FirewallRules: [TCP Query User{FBE68EEB-AD2C-4EAC-8968-FB646AE4435B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{696CD9F6-9655-457A-A567-38F023ED1156}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{DB13FF98-2CC8-430B-918A-A3882B89266E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{C9010317-6CDC-4AE0-8A69-3327A6BC213F}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{136D51E8-B1F5-4642-825B-C86FB164A455}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{0B60CB64-E160-4BE7-BEC2-37D1D07DEB89}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777935}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA9}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777934}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA8}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{BC30E75A-7BFD-4F5A-821C-579B1DA36E37}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{D8231077-1225-4E5B-B875-ABD19FDEA388}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{07EDCB76-A933-4747-A008-46247FED7A8E}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{E64C43A7-B3E9-4641-8613-7346C25D0AB6}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe

==================== Restore Points =========================

24-12-2017 18:25:02 Installed DirectX
02-01-2018 02:16:34 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2018 09:38:15 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/02/2018 09:36:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/02/2018 09:10:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/02/2018 08:51:54 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/02/2018 08:49:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/02/2018 08:45:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/02/2018 08:05:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/02/2018 06:56:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/02/2018 02:17:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/02/2018 01:56:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/02/2018 09:38:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The msidntfs service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/02/2018 09:38:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
The requested resource is in use.

Error: (01/02/2018 09:38:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Office Click-to-Run Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/02/2018 08:51:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
The requested resource is in use.

Error: (01/02/2018 08:51:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Office Click-to-Run Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/02/2018 08:49:59 PM) (Source: DCOM) (EventID: 10010) (User: zalehman987)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (01/02/2018 03:33:32 AM) (Source: DCOM) (EventID: 10010) (User: zalehman987)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (01/02/2018 03:33:02 AM) (Source: DCOM) (EventID: 10010) (User: zalehman987)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (01/02/2018 02:04:57 AM) (Source: DCOM) (EventID: 10010) (User: zalehman987)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (01/02/2018 02:04:27 AM) (Source: DCOM) (EventID: 10010) (User: zalehman987)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: AMD A8-7600 Radeon R7, 10 Compute Cores 4C+6G
Percentage of memory in use: 36%
Total physical RAM: 11192.22 MB
Available physical RAM: 7097.13 MB
Total Virtual: 11896.22 MB
Available Virtual: 7386 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:521.54 GB) (Free:190.44 GB) NTFS
Drive d: (Storage) (Fixed) (Total:398.7 GB) (Free:207.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 10ACD8B8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=521.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=409.6 GB) - (Type=05)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:38 PM

Posted 02 January 2018 - 11:01 PM

Greetings Thezlehman and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted. Most likely I will have a reply for you tomorrow morning.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:38 PM

Posted 03 January 2018 - 11:11 AM

Greetings and thank you for your patience.

Your computer is quite sick. The first thing we need to do is address this issue.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office Professional Plus 2010 and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan after removal and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:38 PM

Posted 06 January 2018 - 01:06 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:38 PM

Posted 08 January 2018 - 12:05 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users